Cybercrime is an act or an attempt to commit an act or acts, local or transboundary, by the will of committing an offense, carried out by individuals or organized groups, in order to violate bank accounts or financial and personal information through the use of various electronic and technical means. Among these acts are: fraud, theft, embezzlement, extortion, vandalism and electronic espionage.
This guide addresses in particular cybercrimes that are committed through the use of e-mail and that concern banking transactions. These guidelines will assist individuals and non-financial institutions in taking the necessary measures to protect e-mail handling as they cover the following topics:

Indicators of E-mail related crimes

E-mail-related crimes may take many forms, one should be vigilant in noticing these indicators that help detect these criminal acts, a few examples of these indicators are:
  1. Any e-mail that differs from the e-mail of the supplier (i.e., the supplier, importer, merchant or any of the service providers being dealt with).
  2. A difference in the e-mail address attributed to the supplier; it could be a character, number, symbol, or signal, for example replacing the letter “g” with the letter “q” and so on.
  3. Any e-mail addressed to the supplier where the sender (the pirate or the hacker) changes the supplier’s account number for non-convincing reasons and arguments, including, for example, audit procedures managed by the regulatory or tax authorities on the supplier’s accounts or deterioration of relations with the bank (may be a bank, a financial institution or a financial intermediary) because of high commissions.
  4. Any e-mail containing instructions to money transfers to an account opened abroad having a similar or matching name with the supplier’s name but with a new account number different from the supplier’s account number that has been approved according to the documents held by the individual or the company concerned.
  5. Any e-mail addressed to the supplier in which the sender (the hacker) requests not to contact him by phone to confirm any amendment or change in the name of the beneficiary bank or the name of the beneficiary or his account number.
  6. Any e-mail or telephone call attributed to the bank or the supplier or to others, in which the sender requests specific information about bank accounts or other sensitive information.
  7. Any e-mail addressed to the supplier that includes unusual or obscene language errors
  8. Formulation and language different from previous correspondences
  9. The level of professionalism and numbers contained in the invoice attached to the suspicious e-mail are inconsistent in form, size and color.
  10. The transfer request attached to the suspicious email carries a similar (forged) signature to the signature of the supplier.
  11. Any e-mail addressed to the supplier in which the sender addresses the recipient company in general and not the employee who is normally in charge of receiving the instructions from the supplier in order to put them into action.
  12. Any e-mail addressed to the supplier containing instructions that are not similar to the previous instructions.
  13. Any e-mail addressed to the supplier and directed to a third party lacking relevance in the transfer to be executed.
  14. The beneficiary bank address is located in a country different from the one in which the supplier operates
  15. The supplier’s address (alleged, in the payment instructions) is located in a country different from the one in which the supplier operates.
  16. Any e-mail that contains a link to a website.
Preventive Policies and Practices for Cybercrime

1. In carrying out business operations, the following preventive steps are required:

i.Select more than one mean of communication with the supplier to confirm the instructions before executing them (telephone number, fax, e-mail address, contact person name…).

ii. Contact the supplier on the numbers shared by him and not on the numbers mentioned in the e-mail, in order to ensure that the transfer components of the name of the beneficiary bank and the name of the beneficiary, his account number and attached documents are the right ones.

iii. Refrain from providing the supplier or any other party by e-mail with any special financial information (bank name, account number and balance, current transactions…)

iv. In case the supplier cannot be contacted by any means of communication previously agreed upon, it is necessary to refrain from requesting the bank to make the transfer until confirmation of the instructions received or sent by e-mail.

v. Take into account that the bank will refrain from making the transfer or carrying out any other instructions when it cannot contact their customer by any means of communication agreed upon to confirm their request for the transfer stated in the e-mail.

vi. Be careful not to ship goods to companies abroad before confirming the validity of the payment instructions, by telephone, via one of the agreed upon methods of communication.

vii. Ensure that the insurance policies cover the risks associated with performing financial and banking transactions via e-mail.

2. Moreover, it is advisable to adapt the following preventive measures as a routine in the practice of our day-to-day operations:

A. The necessity to use at least two e-mail accounts:

  • The first would be for all correspondences related to financial transfers with the bank, making sure that this e-mail address will be kept private and not mentioned on the Business Card.
  • The second would be strictly used for social networking sites.

B. Refrain from answering all kinds of e-mails by choosing to press on the button Reply or replace it by pressing on the button Forward to select the e-mail address from the Address list or Mailing list, because the name of the sender mentioned in the e-mail does not necessarily mean it is his; it could actually be one of the hackers who created an e-mail with a lot of similarity to the initial one. Additionally, you could also detect any alteration that has been made in the e-mail address by clicking on the button Reply (without actually using it) just to ensure the identity of the e-mail sender.

C. When sending e-mails to several people all at once, one should be careful to put the e-mail addresses in the BCC section so that the third parties will not be able to check them or hack them.

D. Avoid using the same Password for more than one e-mail or website. Moreover, the password should be strong and regularly changed by following the two-step verification procedure. Passwords should not include the following:

Simple models on the keyboard, a series of numbers, letters or repeated letters such as: qwerty, abcdef, 1234, AAAa

  • Reversed words such as: [sdrawkcab = backwards]
  • Small or unfinished words, or wrongly written such as [Helo]
  • Small repetitive words such as [catcat]
  • Words preceded by or followed by a single symbol such as [apple3, %hello]
  • Personal information (date of birth, name, surname)

E. Mind the e-mails with suspicious attachments such as: exe, cox com, dll, scr, pif, shs, dif, vbs, bat, as they can contain bad programs and viruses.

F. Update the browser that is being used on the electronic devices regularly.

G. Use an original Antivirus program and update it regularly.

H. Activate the “Recent Activity” button in your e-mail, and if there is any doubt about this activity, immediately change the password.

I. Do not browse the e-mail address that is being used for correspondences related to the financial transfers with the bank using Public Wifi.

J. Keep information stored on the Mail Server for more than three months if possible.

K. Be aware of the e-mail in which the sender requests an immediate execution of a financial transfer (Real Time Transfer).

Corrective action plan when a piracy operation or an attempt to commit a cybercrime are detected

Upon discovery or notification of the occurrence or the attempted commission of an offense by electronic means, the bank that carried out the transfer shall be informed and promptly provided with all relevant information in order to enable the transfer.
It is also required to do the following:
  1. Contact the supplier on his authorized numbers to inform him of the occurrence or the attempted occurrence of a cybercrime and draw their attention to the need to contact their clients by telephone in order to inform them of the possibility of being subjected to acts of electronic piracy.
  2. Submit a complaint to the competent judicial authorities and maintain all the digital evidence and ongoing correspondences on the e-mail without deleting or modifying any of them for possible use in investigations.
  3. Change password immediately.
  4. Review all transactions with the supplier to ensure that both parties have not been subjected to cybercrimes in previous transactions and inform the concerned bank of the outcome of this review.



©2023 LGB BANK s.a.l. , All rights reserved | List of Banks No. 94 , R.C.B
Online banking services licensed by virtue of BDL letter number 11/138 dated March 30,2012.