The Canadian Imperial Bank of Commerce (CIBC) Caribbean’s Trinidad and Tobago operations fell victim to a sophisticated multimillion-dollar scam, police confirmed yesterday. According to authorities, the fraud was uncovered in June after the bank’s managing director reported unauthorized transfers totaling $14.8 million from a suspense processing account—a temporary holding fund used for unclassified or unclear transactions.
Investigations revealed that the managing director had acted on what appeared to be legitimate authorization from the bank’s CEO, received via WhatsApp and email. However, after the transactions were completed, it was discovered that the CEO had no knowledge of the requests. The funds were transferred to 19 different accounts in Hong Kong, Singapore, and Bulgaria. While some of the money was later recovered after several accounts were closed, approximately $9.4 million remains missing.
- Advertisement -
Phishing Scams on the Rise
Police suspect the fraudsters used an advanced phishing scheme to impersonate the CEO and deceive the managing director into approving the transactions. Phishing, a common cybercrime tactic, involves tricking individuals into revealing sensitive information by posing as trusted entities.
Cybersecurity expert Travais Sookoo of Checkpoint Software Technologies explained that such scams have become increasingly prevalent in the Caribbean since 2020, partly due to the rise of artificial intelligence (AI). “Previously, crafting a convincing phishing campaign required extensive research, but AI can now analyze a target’s online presence and generate tailored messages in minutes,” Sookoo said.
He warned that AI not only accelerates the execution of scams like ransomware and phishing but also makes them more precise. “The key to phishing is getting the victim to lower their guard,” he noted, emphasizing that fraudsters often mimic legitimate institutions to lure victims into clicking malicious links.
Strengthening Defenses Against Cybercrime
While AI has empowered cybercriminals, Sookoo pointed out that the same technology can be used to bolster cybersecurity defenses. Companies can deploy AI-driven tools to detect and neutralize threats more efficiently. However, he stressed that employee training remains crucial.
“Human error is often the weakest link,” Sookoo said. “Businesses should conduct regular phishing simulation exercises—random, unannounced tests—to keep staff vigilant.” He also recommended combining awareness programs with advanced security software to detect and respond to threats in real time.
As financial institutions face increasingly sophisticated scams, this incident serves as a stark reminder of the evolving dangers in the digital age—and the urgent need for stronger safeguards.
