LogoRegulatory Alerts
2025-01-01

Lending-2025 Circular No. 26 Criminal Method – Phishing via Email

The Palestine Monetary Authority issued Circular No. 26 (2025) to mandate specialized lending institutions in Palestine adopt specific precautionary and supervisory measures against a rising criminal phishing method that exploits breached or cloned email addresses to issue fraudulent payment remittances. The circular requires institutions to verify email authenticity, implement dual control and hold periods on transfers, conduct video verifications for foreign account payments, and deploy anti-phishing network tools. Furthermore, it obligates immediate internal reporting to the AML/CTF department and external notification to remitting banks, alongside filing formal complaints with electronic crimes prosecutors to ensure swift fund recovery and legal enforcement.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

[Palestine Monetary Authority Logo]

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

Circular No. (26/2025) To all specialized lending institutions in Palestine Date: Wednesday, November 05, 2025

Subject: Criminal Method – Phishing via Email Messages

The Palestine Monetary Authority urges specialized lending institutions to take precautionary measures to avoid a criminal method used in electronic/phishing fraud, which relies on fraudsters breaching email addresses and intercepting correspondence conducted through them, followed by sending postal/mail communications that deceive the recipient into believing they originate from a familiar and known email address.

This criminal method used in phishing fraud involves the following actions by fraudsters:

  1. Breaching the email addresses of lending institutions or contracted entities (the victim) and intercepting outgoing and incoming correspondence conducted through them, with a focus on correspondence related to contractual agreements or financial claims.
  2. Creating a cloned email address highly similar to the original email address or using the same breached email address of the victim, after which fraudsters copy previous correspondence or forward communications that occurred between the victim and its contracted entities.
  3. Sending postal/mail communications to specialized lending institutions, requesting the recipient of the communication to pay outstanding loan installments due to the institution, or to settle contractual service invoices, or to make payments related to completing an agreed-upon service supply, by issuing a financial remittance in favor of a foreign entity located outside Palestine.

In the PMA's commitment to combating electronic fraud methods and limiting the risks of this crime, we emphasize the necessity of taking the following measures:

  1. Raising awareness and warning employees and contracted entities about the criminal method and clarifying its risks.
  2. Establishing and adopting operational measures, procedures, and supervisory controls that ensure, at a minimum, the following:

1

[Palestine Monetary Authority Logo]

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

  • Verifying the validity of orders and requests received via email before execution, including: a. Matching the email address with the institution's approved address for the contracted entity. b. Verifying that the timing and value of financial claims are consistent with contractual terms. c. Ensuring that the name and Unified Bank Account Number (IBAN) of the payee match the name and number specified in the contractual agreement.
  • Implementing dual control on remittance issuance and disbursement operations, with approved financial authorities for disbursements.
  • Requesting a hold period for remittances of two to three days, facilitating the recovery process in case of electronic fraud.
  • Taking stringent verification measures when email communications or financial claims require payments to a foreign bank account, contrary to the account specified in the contractual agreement, including conducting video calls with contracted entities.
  1. Enhancing security and protection measures on internet networks and using protective tools such as Anti-Phishing Tools, enabling the prevention and detection of any attempts to breach the institution's email addresses.
  2. Notifying the remitting bank immediately upon learning of the fraud, and requesting it to contact the correspondent banks and the beneficiary bank to recover the remittance.
  3. Taking legal action to combat electronic fraud crimes in accordance with prevailing legislation, including filing a complaint with the Electronic Crimes Public Prosecution, requesting the opening of an investigative file, and notifying the remitting bank to recover the remittance.
  4. Notifying the PMA's Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) Department immediately upon encountering fraud, with a requirement to provide its details and incident particulars within three working days, along with the administrative and legal measures taken or to be taken regarding the matter.

Supervision Group Palestine Monetary Authority

2

[Palestine Monetary Authority Logo]

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

Ramallah and Al-Bireh Governorate - Palestine P.O. Box 452 | Tel: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps | Postal code: P6160675

Share