Commonwealth Bank executives revealed yesterday that some of the bank’s customers were affected by a phishing scheme that resulted in the removal of funds from a number of bank accounts.
“In late May 2020, the bank would [have] received notifications from several of its customers indicating that persons would have removed funds from their accounts without authorization,” Davine Dawkins-Rolle, the bank’s vice president of internal audit and credit inspection, told reporters during a media briefing at Commonwealth Bank’s Prince Charles location.
“The bank sought to investigate the complaints and noted that these customers appeared to have become the victims of a phishing scheme. A phishing scheme involves where a perpetrator would send out a communication, normally electronically, to unsuspecting victims and they in turn, when engaging with that communication, would end up releasing sensitive information.
“In our specific case, we noted that the customers would’ve gotten emails. A lot of the emails would’ve been in the form of an alert and it would’ve indicated that a transaction would’ve failed and it would have had a link in it indicating that you could get help here.”
She said customers were directed to a page that “looked and felt” like the bank’s web page.
The customers entered their banking information on that page, according to Dawkins-Rolle.
“That information was sent to the fraudster,” she said.
“The fraudster then used that information to access the customer’s online banking account and make transfers to other customers of the bank. As part of the investigation, we also spoke to customers that received transfers. In speaking to the customers, a lot of them indicated that they would’ve seen advertisements either on WhatsApp or Facebook. The advertisements would’ve been related to mystery shopping.
“Mystery shopping is a legitimate transaction where companies, legitimate companies, would send persons in to test their customer service quality. Fraudsters, however, also use mystery shopping to conduct fraud. In this instance, the customer would have been contacted by the fraudster and asked to perform services for money. So, when they receive the money in their account, they would’ve already registered with the fraudster, giving them their bank information.
“The fraudster would have put the money on their bank account and then they would have withdrawn it and gone. In this case, we saw purchases of Apple gift cards and send wires to Turkey.”
Dawkins-Rolle said customers have been advised of the “fraud that is going on”.
Omar Henfield, the bank’s manager of physical security, said the hacking affected “numerous customers”.
Neither the bank nor police disclosed the number of accounts affected.
Questions from the press were not taken during the briefing.
Chief Superintendent Matthew Edgecombe, who heads the police’s financial crime investigative branch, said there has been an increase in such incidents across institutions in The Bahamas.
He said the Royal Bahamas Police Force is diligently investigating the incidents at Commonwealth Bank.
“We are having good results,” Edgecombe said.
“If you had watched the news last night, persons went to court yesterday on some type of fraud matter involving a bank. So, we are here. We have questioned a number of persons. We have spoken to a number of our international partners in law enforcement, tracing various funds.”
He warned the public.
“Do not become a victim or participate in something that will hurt you in the end because during our investigation, as we find out that you might have assisted somebody, you might be charged with money laundering, [or] a number of fraud offenses that may land you in jail,” Edgecombe said.
Jermaine Williams, the bank’s assistant vice president of enterprise risk and chief risk officers, said Commonwealth Bank’s online banking suite and corporate network system remains “secure with no indication of compromise”.