Business Email Compromise Schemes

The Cayman Islands Monetary Authority (the “Authority”) wishes to alert Financial Service Providers to an increasing trend in cybercrime activity, in particular BEC Schemes in its endeavour to reduce the possibility of financial services businesses being used for such crimes.

BEC Schemes comprise of strategically composed phishing emails that intentionally impersonate business executives. Cybercriminals can use these types of attack to bear resemblance to a legitimate source requesting funds; however, in turn the funds are remitted to fraudulent accounts. Financial Service Providers should also be vigilant in other areas, such as email instructions regarding a change of contact details and other transactional instructions, such as redemptions requests.

Financial Service Providers should be alert to these types of attacks and carefully scrutinize all emails. If you suspect that you have been the victim of a BEC attack or any other cyberattack, an incident report should be filed immediately with the Financial Crime Unit of the Royal Cayman Islands Police Service and the Financial Reporting Authority. In cases where the Financial Service Provider is regulated by the Authority; the Authority should also be notified.

In addition, if someone receives a suspicious email, the email can be sent as an attachment to the Cayman Islands - Cybersecurity Incident Response Team (CIRT) at Cirt-ky@icta.ky.