LogoRegulatory Alerts
2025-01-01

Payments-2025- Circular No. 26 Criminal Technique – Phishing via Email

The Palestine Monetary Authority issued Circular No. 26/2025 to require payment service companies in Palestine to implement specific preventive and supervisory measures against a targeted email phishing technique that exploits breached corporate accounts. The directive mandates strict verification of sender addresses, IBANs, and financial claim timing, alongside dual-control transfer approvals, mandatory holding periods, video-call confirmations for foreign payments, and immediate internal and regulatory reporting upon fraud detection. Furthermore, it establishes clear legal pathways for fund recovery through correspondent banks and the Cybercrime Public Prosecution while requiring prompt notification to the AML/CTF Department with full incident details within three working days.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

Circular No. (26 / 2025) To all payment service companies in Palestine Date: Wednesday, 05 November, 2025

Subject: Criminal Technique – Phishing via Email

The Palestine Monetary Authority calls upon payment service companies to take precautionary measures to avoid a criminal technique used in electronic/fraudulent phishing, which relies on fraudsters breaching email addresses and monitoring correspondence conducted through them, and subsequently sending postal/email communications that deceive the recipient into believing they originate from a familiar and known email address.

This criminal technique used in phishing manifests through the following actions by fraudsters:

  1. Breaching email addresses of institutions or granting/contracting parties (the victim) and monitoring outgoing and incoming correspondence conducted through them, with a focus on correspondence related to contractual agreements or financial claims.
  2. Creating a cloned email address highly similar to the original email address or using the same breached email address of the victim, after which fraudsters copy previous correspondence or forward communications that occurred between the victim and its counterparties.
  3. Sending postal/email communications to payment service companies requesting the recipient to settle contractual service invoices or make payments related to completing the delivery of an agreed-upon service, by issuing an urgent financial transfer to a foreign entity located outside Palestine.

With the aim of combating electronic fraud methods and mitigating the risks of this crime, we emphasize the necessity of taking the following measures:

  1. Raising awareness and warning employees and contracted parties about the criminal technique and clarifying its risks.
  2. Establishing and adopting operational measures, procedures, and supervisory controls to ensure, at a minimum, the following:
  • Verifying the validity of orders and requests received via email before execution, including:

1 a. Matching the email address with the company-approved address of the contracted party. b. Verifying that the timing and value of financial claims are consistent with contractual terms. c. Ensuring that the name and Unified Bank Account Number (IBAN) of the payee match the name and number specified in the contractual agreement.

  • Applying dual control on transfer issuance and disbursement operations, with approved financial authorities for disbursements.
  • Requesting a holding period of two to three days for transfers, facilitating transfer recovery procedures in case of electronic fraud.
  • Taking stringent verification measures when email communications or financial claims require payments to a foreign bank account, contrary to the account specified in the contractual agreement, including conducting video calls with contracted parties.
  1. Enhancing security and protection means on internet networks and using protective tools such as Anti-Phishing Tools, enabling the prevention and detection of any attempts to breach the company's email addresses.
  2. Notifying the remitting bank immediately upon learning of the fraud, and requesting it to contact the correspondent banks and beneficiary bank to recover the transfer.
  3. Taking necessary legal measures to combat electronic fraud crimes in accordance with prevailing legislation, including filing a complaint with the Cybercrime Public Prosecution, requesting an investigative file to be opened, and contacting the remitting bank of the transfer to recover it.
  4. Notifying the Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) Department at the Palestine Monetary Authority immediately upon encountering fraud, with a requirement to provide it within three working days with the details and particulars of the incident, as well as administrative and legal measures taken or to be taken regarding it.

Supervision Group Palestine Monetary Authority

2

www.pma.ps Ramallah and Al-Bireh Governorate - Palestine P.O. Box 452 | Tel: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps | Postal code: P6160675

Share