SHORTER READ

Banking & financial disputes

Bank Fraud: Safeguards and Solutions (part three)

In the current circumstances, authorities are warning that everyone should be particularly careful of frauds relating to Covid-19. The previous two parts of this series have looked at how banks should protect their customers and the potential courses of action available to victims of fraud. However, the safest way to protect yourself against fraud is to prevent it from taking place in the first place. Helen Ingram recommends steps to take to reduce the risk of fraud.

SHARE

Authors

Given the current circumstances, authorities are warning that everyone should take particular care against frauds relating to Covid-19. In parts one and two of this series we looked at what mechanisms the banks should have in place to protect their customers and potential courses of action available to individuals and businesses which have been victims of fraud. However, the safest way to protect against fraud is to prevent it taking place in the first place, so what steps are recommended to reduce the risk of fraud?

Types of fraud

Fraud comes in all shapes and sizes. Below are several key approaches which you may encounter:

Authorised push payment fraudFraudsters deceive consumers or individuals within a business to send them a payment under false pretences. This can include phishing, whaling, invoice fraud and impersonation as listed below.
PhishingSending emails/text messages purporting to be from a reputable sender in order to trick the recipient into revealing personal information.
WhalingPhishing attacks directed at senior employees, as a result they are usually more targeted e.g. using personalised information relating to the individual in question.
Invoice fraudTricking a business into changing the bank account details for a payee.
ImpersonationFraudsters impersonating someone else in order to trick a victim into making payments to a fraudulent account. This can take many forms, for example, the fraudster may impersonate the victim’s bank to say that the victim needs to transfer their funds in order to prevent an attempted fraud. Another example is the fraudster claiming to represent a charity (currently this is often for causes relating to COVID-19) and persuading the victim to make a donation.
MalwareMalicious code used to target or gain unauthorised access to a network, e.g. viruses, ransomware and spyware.

Preventative measures to take

Given the heightened risk currently, it is advisable to put protective measures in place to minimise the risk to yourself and your business. Some examples of such measures include:

  1. Businesses should have a set procedure for how to handle requests for payment, including a clear understanding of what warning signs to look for and a process for reporting any suspicious requests.
  1. With more remote working, conduct regular risk assessments for your systems. Highlighting any potential risks now can allow you to close them off or to mitigate them before the fraudsters come calling.
  1. Always confirm new payment details (whether for first time payments or for a change in payment details) using a different method from the one used initially to send the account details. For example, call the business using their central number and ask to be put through to the relevant individual rather than using their direct dial or email them in a new email rather than replying to the message containing the account details.
  1. If you have received a potentially suspicious email, double-click on the email address to see if it matches the purported sender. Make sure that you read the email address very carefully as sometimes fraudsters will mimic the correct email address with only a small difference such as a minor change in spelling or changing the email address from ‘.co.uk’ to ‘.com’.
  1. Ensure you have sufficient security measures in place. For consumers, this may mean having suitably strong passwords and firewalls. For businesses, in addition to these measures, consider having a virtual private network (VPN) or other remote desktop connection for your staff to work securely.
  1. Remind staff, family members or anyone with whom you share a bank account of the need for caution in these matters. For businesses, consider asking your staff to undertake training or refresher training in relation to fraud.

Further guidance on how to protect yourself or your business against fraud can be found on the following websites:

For more information or advice on what to do in the event of fraud, please contact a member of our Banking & financial disputes team.

Authors

MoreofHelen'sInsights

You are contacting

Helen Ingram

Associate

helen.ingram@collyerbristow.com