![]() This means you agree to allow money to be transferred through your bank account, often in exchange for payment. Make sure staff are aware to check the email address the payment request is sent from, and have suitable checks in place to verify any new payment request received by way of email.Īlways regularly review your organisations controls to make sure that you have suitable payment controls in place to not fall victim to this type of fraud.Ĭriminals can prey on companies that are experiencing financial difficulties or can commonly target small businesses to act as “money mules”. The fraudster sends a request for a payment from the compromised email account to another, often junior employee to action. It doesn’t require compromising the vendor’s email system, but instead sends the invoice from an email that is so close to the domain of the vendor that most people would miss the change, for example, instead of Email Account - This involves the compromise of an executives email account within the organisation, such as the CFO (Chief Financial Officer). The fraudsters spoofs the vendors email to submit the modified invoice. There are two variations of this fraud type, which are as follows –Įmail spoofing – This involves the manipulation of an email address to make the senders email address appear to have originated from someone or somewhere other than the actual source. Little does the payment processor know that the email is not a genuine company request. The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform payments using an email from a company owner (CEO or CFO) as the authority to carry out the payment. name, address, account details), do not assume a caller is genuine because they have these details or because they claim to represent a legitimate organisation. It is important to keep your account and security details safe.Ĭriminals may already have basic information about your company in their possession (i.e. Never share company security details beyond authorised staff. HSBC will never call you to ask you to generate a Secure Key code by pressing the yellow button or ask for your PIN number. It takes two people to terminate a call, so ensure the caller has also hung up and you have a clear line, you can use a different phone line to test the number.įraudsters can use ‘call spoofing’ to deliberately falsify the telephone number relayed on the caller ID to show as a genuine bank number. If you are suspicious, don’t be afraid to terminate the call and, say no to requests for information. Giving personal financial information, which can then be used to gain access to your company bank accounts?.īe wary of unsolicited approaches by phone, especially if asked to provide any of your company’s restricted information. Withdrawing cash and handing it over to the fraudster for investigation Sending their money to another account often purportedly for ‘safe keeping’ or ‘holding’ The call may be made to coerce a company financial controller into: This involves a fraudster making phone calls to a company, posing as bank staff, the Police, regular supplier / client or other officials in a position of trust.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |