Fraud awareness and digital security
Smart tips to help protect yourself online, keep your personal data safe, avoid fraud and how to contact us if you suspect of misuse on your account.
Fraudsters manipulate victims into providing confidential information or other actions that will compromise their security using social engineering techniques known as phishing, vishing and smishing. There are other types of social engineering that specifically target businesses, such as CEO impersonation.
Phishing is the fraudulent use of emails to manipulate targets into revealing passwords and sensitive information or transferring money into other accounts. Phishing messages often contain links to fake websites that request password and account information or install viruses in your devices.
Business email compromise (BEC) is a more sophisticated type of phishing where criminals gain access to an individual’s email account and use their emails to pose as a trusted individual to try and trick you into sending money or divulging confidential information.
Vishing is the fraudulent use of phone calls or voice messages to impersonate trusted organisations to obtain sensitive information. Smishing is the fraudulent use of SMS text messages to get targets to click malicious links or hand over private information. Bank impersonation is a type of vishing and/or smishing, and both forms of fraud are growing threats.
In CEO fraud, in attempts to persuade staff into making urgent payments or to transfer funds, criminals are posing as CEOs, as well as other members of staff within businesses such as system administrators or financial controllers. The requests are often made via email but can come via a phone call and are sometimes made when the real member of staff is out of the office. They may also ask for financial information such as reports, trade debtor lists and/or customer contact details for chasing payments.
It’s important to remember that even an apparently genuine email address may have been hacked, and that fraudsters may apply pressure by implying urgency as a means of persuading you to bypass controls around payments. Reference to the payment being ‘special’ or ‘secret’ should also ring alarm bells.
Also known as mandate fraud, a fraudster poses as one of your suppliers. They tell you their payment details have changed and provide new account details. They may ask for a payment urgently. The fraud may only come to light when the genuine supplier seeks payment.
A network attack is an attempt by cyber criminals to gain unauthorised access to a company’s network by exploiting security vulnerabilities. These attacks vary in type, but all involve the exploitation of an unsecured network. Where networks are not encrypted a third party can intercept communications and eavesdrop on sensitive conversations.
Fraudsters can pose as sales people or bank employees, offering investment opportunities such as shares, gold, bonds or digital currency with the promise of great returns. They often use hard-selling tactics to persuade you and suggest that the offer is time-limited. Scammers may praise your understanding of risk and say you’ve been selected for an ‘exclusive’ chance. The shares they’re pushing may be listed on an illiquid market so can’t be sold, or may be a small unquoted company that, the fraudster claims, is planning to list. In other cases, the company may not exist or the share certificates are fake.
Smart tips to help protect yourself online, keep your personal data safe, avoid fraud and how to contact us if you suspect of misuse on your account.