Shorter Reads

Bank Fraud: Safeguards and Solutions (part three)

In the current circumstances, authorities are warning that everyone should be particularly careful of frauds relating to Covid-19. The previous two parts of this series have looked at how banks should protect their customers and the potential courses of action available to victims of fraud. However, the safest way to protect yourself against fraud is to prevent it from taking place in the first place. Helen Ingram recommends steps to take to reduce the risk of fraud.

2 minute read

Published 7 May 2020

Authors

Share

Key information

Given the current circumstances, authorities are warning that everyone should take particular care against frauds relating to Covid-19. In parts one and two of this series we looked at what mechanisms the banks should have in place to protect their customers and potential courses of action available to individuals and businesses which have been victims of fraud. However, the safest way to protect against fraud is to prevent it taking place in the first place, so what steps are recommended to reduce the risk of fraud?

Types of fraud

Bank fraud comes in all shapes and sizes. Below are several key approaches which you may encounter:

Authorised push payment fraud Fraudsters deceive consumers or individuals within a business to send them a payment under false pretences. This can include phishing, whaling, invoice fraud and impersonation as listed below.
Phishing Sending emails/text messages purporting to be from a reputable sender in order to trick the recipient into revealing personal information.
Whaling Phishing attacks directed at senior employees, as a result they are usually more targeted e.g. using personalised information relating to the individual in question.
Invoice fraud Tricking a business into changing the bank account details for a payee.
Impersonation Fraudsters impersonating someone else in order to trick a victim into making payments to a fraudulent account. This can take many forms, for example, the fraudster may impersonate the victim’s bank to say that the victim needs to transfer their funds in order to prevent an attempted fraud. Another example is the fraudster claiming to represent a charity (currently this is often for causes relating to COVID-19) and persuading the victim to make a donation.
Malware Malicious code used to target or gain unauthorised access to a network, e.g. viruses, ransomware and spyware.

Preventative measures to take

Given the heightened risk currently, it is advisable to put protective measures in place to minimise the risk to yourself and your business. Some examples of such measures include:

  1. Businesses should have a set procedure for how to handle requests for payment, including a clear understanding of what warning signs to look for and a process for reporting any suspicious requests.
  1. With more remote working, conduct regular risk assessments for your systems. Highlighting any potential risks now can allow you to close them off or to mitigate them before the fraudsters come calling.
  1. Always confirm new payment details (whether for first time payments or for a change in payment details) using a different method from the one used initially to send the account details. For example, call the business using their central number and ask to be put through to the relevant individual rather than using their direct dial or email them in a new email rather than replying to the message containing the account details.
  1. If you have received a potentially suspicious email, double-click on the email address to see if it matches the purported sender. Make sure that you read the email address very carefully as sometimes fraudsters will mimic the correct email address with only a small difference such as a minor change in spelling or changing the email address from ‘.co.uk’ to ‘.com’.
  1. Ensure you have sufficient security measures in place. For consumers, this may mean having suitably strong passwords and firewalls. For businesses, in addition to these measures, consider having a virtual private network (VPN) or other remote desktop connection for your staff to work securely.
  1. Remind staff, family members or anyone with whom you share a bank account of the need for caution in these matters. For businesses, consider asking your staff to undertake training or refresher training in relation to fraud.

Further guidance on how to protect yourself or your business against fraud can be found on the following websites:

For more information or advice on what to do in the event of fraud, please contact a member of our Banking & financial disputes team.

Message us with any questions

Related latest updates
PREV NEXT

Related content

Arrow Back to Insights

Shorter Reads

Bank Fraud: Safeguards and Solutions (part three)

In the current circumstances, authorities are warning that everyone should be particularly careful of frauds relating to Covid-19. The previous two parts of this series have looked at how banks should protect their customers and the potential courses of action available to victims of fraud. However, the safest way to protect yourself against fraud is to prevent it from taking place in the first place. Helen Ingram recommends steps to take to reduce the risk of fraud.

Published 7 May 2020

Associated sectors / services

Authors

Given the current circumstances, authorities are warning that everyone should take particular care against frauds relating to Covid-19. In parts one and two of this series we looked at what mechanisms the banks should have in place to protect their customers and potential courses of action available to individuals and businesses which have been victims of fraud. However, the safest way to protect against fraud is to prevent it taking place in the first place, so what steps are recommended to reduce the risk of fraud?

Types of fraud

Bank fraud comes in all shapes and sizes. Below are several key approaches which you may encounter:

Authorised push payment fraud Fraudsters deceive consumers or individuals within a business to send them a payment under false pretences. This can include phishing, whaling, invoice fraud and impersonation as listed below.
Phishing Sending emails/text messages purporting to be from a reputable sender in order to trick the recipient into revealing personal information.
Whaling Phishing attacks directed at senior employees, as a result they are usually more targeted e.g. using personalised information relating to the individual in question.
Invoice fraud Tricking a business into changing the bank account details for a payee.
Impersonation Fraudsters impersonating someone else in order to trick a victim into making payments to a fraudulent account. This can take many forms, for example, the fraudster may impersonate the victim’s bank to say that the victim needs to transfer their funds in order to prevent an attempted fraud. Another example is the fraudster claiming to represent a charity (currently this is often for causes relating to COVID-19) and persuading the victim to make a donation.
Malware Malicious code used to target or gain unauthorised access to a network, e.g. viruses, ransomware and spyware.

Preventative measures to take

Given the heightened risk currently, it is advisable to put protective measures in place to minimise the risk to yourself and your business. Some examples of such measures include:

  1. Businesses should have a set procedure for how to handle requests for payment, including a clear understanding of what warning signs to look for and a process for reporting any suspicious requests.
  1. With more remote working, conduct regular risk assessments for your systems. Highlighting any potential risks now can allow you to close them off or to mitigate them before the fraudsters come calling.
  1. Always confirm new payment details (whether for first time payments or for a change in payment details) using a different method from the one used initially to send the account details. For example, call the business using their central number and ask to be put through to the relevant individual rather than using their direct dial or email them in a new email rather than replying to the message containing the account details.
  1. If you have received a potentially suspicious email, double-click on the email address to see if it matches the purported sender. Make sure that you read the email address very carefully as sometimes fraudsters will mimic the correct email address with only a small difference such as a minor change in spelling or changing the email address from ‘.co.uk’ to ‘.com’.
  1. Ensure you have sufficient security measures in place. For consumers, this may mean having suitably strong passwords and firewalls. For businesses, in addition to these measures, consider having a virtual private network (VPN) or other remote desktop connection for your staff to work securely.
  1. Remind staff, family members or anyone with whom you share a bank account of the need for caution in these matters. For businesses, consider asking your staff to undertake training or refresher training in relation to fraud.

Further guidance on how to protect yourself or your business against fraud can be found on the following websites:

For more information or advice on what to do in the event of fraud, please contact a member of our Banking & financial disputes team.

Associated sectors / services

Authors

Need some more information? Make an enquiry below.

    Subscribe

    Please add your details and your areas of interest below

    Specialist sectors:

    Legal services:

    Other information:

    Jurisdictions of interest to you (other than UK):

    Article contributor

    Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?

    Subscribe to our articles

    Message us on WhatsApp (calling not available)

    Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

    I accept Close

    Close
    Scroll up
    ExpandNeed some help?Toggle

    Get in touch

    Get in touch using our form below.