Could your emails have been compromised?

 

If scammers are able to gain access to email accounts they:

  • have access to much of your personal information may have the ability to reset passwords and access services you normally use, potentially including your banking apps, where they can access your funds
  • can send emails pretending to be you, such as amended bank details on invoices, and redirecting payments to their accounts.

Identity theft – If fraudsters are able to access enough personal details they may be able to apply for products, such as loans or credit cards in your name.

 

How can you protect yourself and your business?

Be sure that you:

  • Never accept supplier changes to account details or invoices where sent via email. Use another method alongside email to confirm the change ensuring the person you speak to is authorised to perform the change on behalf of the company you are contracted or have a relationship with.
  • Don’t rely on contact numbers or details provided to you but on public information or contact details you have used in the past.
  • Always use unique passcodes on different websites and apps.
  • Do not share your passwords with anyone, including family members.
  • Do not enter passcodes if you are being watched or there is a possibility that other people may see it.
  • Use biometric features to protect your phone and banking apps, such as face ID or fingerprint recognition.
  • Do not use simple or easy-to-guess passcodes, such as “12345678”, pet’s names, Date of birth, Last name, etc.
  • Never disclose to anyone the one-time verification code sent to your mobile phone. No employees of financial institutions will contact you to request this, this is most probably a scam. The code is strictly private and only sent to you for transaction authorisation/ verification.
  • Always take your time, fraudsters are usually acting quickly to prevent you from thinking critically and questioning their activity or your actions. Do not rush in providing personal details or participating in transactions unless you are 100% sure they are legitimate. Only criminals will try to rush or make you panic.
  • The fact somebody knows your personal details does not mean they are a legal representative of the financial institution or other organisation, take this into account when speaking to them.
  • Don’t trust promotions in social media, as fraudsters may use these or even famous people to promote them or their products, always verify the merchant or website and do some research on the internet.

 

What to do if you suspect you are being scammed or your personal details are compromised?

  1. If you are still in communication with the scammer, hang up immediately. You can always end up a call and reach the organisation again via phone or email.
  2. Go into your online bank account via the website or app, suspend or block the card in-app and change passwords.
  3. Call or message the customer support team to get further guidance on the next steps, and provide them with as many details as possible.

Where funds have been sent to a fraudster’s account they are usually moved on within minutes, making them very hard to trace and recover. Time is of the essence.

 

Money Muling. A person has asked you to receive money on their behalf and send it to another bank account.

This activity is referred to as Money Muling and is likely to be illegal and linked to money laundering. It is a common way for criminals to attempt to “clean” their dirty money, the proceeds of crime, by using you as an accomplice to introduce the money to the financial system, appearing to be from a legitimate and unconnected account.

You could become a money mule as well if someone asked you to hold their funds in your bank account, funding serious and organised crime.

Young people and students are often targeted with the promise of making easy money. However, holding or transferring criminal money is a criminal activity with a maximum 14 year imprisonment and a criminal record if prosecuted.

 

Phishing

This is where fraudsters send you a message, usually by email or text, asking you to follow a link in order to provide information, such as a change of password.

It will appear to come from a business you use and trust, such as telecoms or utility companies, tax authorities or financial institutions. However, the information you provide allows the fraudster to access your account.

What should I look out for, or consider suspicious?

  • Messages encouraging you to follow links, download apps, or provide information
  • Typos, grammatical mistakes or looking unprofessional
  • The email address or website links may be similar but slightly different from the genuine addresses. Telephone numbers may show on your phone with a name, but sophisticated fraudsters can manipulate these names
  • Any offers appearing ‘too good to be true’ – such as lottery wins, unexpected presents, vouchers or cash prizes, very attractive job offers that you did not apply to
  • Requests to update your personal details via email, particularly where it is information the legitimate business should already know – name, date of birth, email, address, card numbers or bank account numbers, passwords and other details
  • No legitimate financial organisations will ask you to install apps or download software to submit a complaint, claim payments, receive a refund or get customer support
  • Calls from official authorities or trusted organisations such as your bank saying that your account has been targeted by fraudsters and that you have to immediately transfer it to a “protected” account
  • Emails or messages offering discounts for electricity and gas bills containing a link, where you can request a discount by entering your personal details which are then used to defraud you

 

Social Engineering

Fraudsters are developing new ways of getting access to, or compromising your personal details, including through information you share on social media which they then use to convince you that they are from a legitimate organisation such as your bank. For example a fraudster may contact you purporting to be from your bank and tell you that they have noticed recent payments made overseas to gain your trust they they are legitimate when in fact they have gathered this information from your, social media accounts.

They may also create fake profiles and initiate conversations that coax information from you. The fraudster might then pass or sell this information on to other fraudsters that will use it to convince you of their legitimacy.

 

Advanced Fee Fraud

This is where a fraudster target victims to make advance or upfront payments for goods, services and/or financial gains that do not materialise. This may be in the form of requesting that you pay up front for postage of goods or an administration fee to release goods. You may never receive the goods or services promised.

 

Investment scams

These come in many forms but are often linked to online financial trading platforms that encourage you to ‘invest’ in Forex, Contracts for Differences (CFDs), Binary Options and Cryptocurrency. They commonly suggest that you can make exceptional returns using their ‘advisors’ and platform.

Be aware that the vast majority of these platforms are not regulated and that you may have no redress should you lose your funds.

If someone wants you to move money for an investment, but asks you to give your bank a different reason to ensure a ‘smoother’ transaction, don’t. Fraudsters know payments for ‘investments’ may attract more scrutiny from your bank and will try to avoid it.

Fraudsters may also ask you to download ‘trading’ software in order to access your devices and move your money without your knowledge.

Fraudsters may impersonate famous people on social media or messaging groups, to make their offer appear genuine and more appealing.

 

Cryptocurrency scams

There are many ways in which crypto currencies are used to facilitate fraud and enable criminals to rapidly move money around the world to disguise its origins. Many of the methods are similar to those used with normal payment and banking, however there are a few additional risks to look out for.

In particular, as cryptocurrencies are essentially unregulated, the level of protection and actions available are lower. Due to the anonymity related to crypto you may inadvertently transfer cryptocurrency directly to a scammer due to impersonation fraud, fraudulent investment or business opportunities or other malicious means.

Crypto-based investments such as initial coin offerings (ICOs) and non-fungible tokens (NFTs) have given even more avenues for scammers to access your money. For example, some scammers create fake websites for ICOs and instruct users to deposit cryptocurrency into a compromised wallet. In other instances, the ICO itself may be at fault.

  • No legitimate business is going to demand you send cryptocurrency in advance – not to buy something and not to protect your money
  • Never allow anyone to set up a cryptocurrency wallet, upload ID documents or manage investments for you. If you do not have sole knowledge of the wallet password or key your wallet is not safe.
  • Never trust people who promise you that you can quickly and easily make money in the crypto markets.
  • Always be aware of romance scams whereby romance scammers may fake a relationship with you and encourage you to send them funds via crypto or to invest in crypto.

 

Friendly fraud – what is it and which can be the consequences?

Friendly fraud is the process when the cardholder or account holder tries to abuse the refund or chargeback process by claiming that he/ she did not authorise or perform the transaction, which in fact was properly authorised.

Every fraud report or report about any unauthorised transaction is verified and validated by the relevant department. Note that the circumstances of the case will be investigated. If the investigation reveals that the transaction was properly authorised then the recallwill not be valid whether made:

  • by the cardholder, or
  • people who got permission from the cardholder, or
  • people who owned information to act using the cardholder’s payment instrument (i.e. cardholder’s family members knew CVV code on the card and had access to cardholder’s mobile phone).

    • Consequences of a fraudulent recall can include termination of the account, additional fees for making a false claim and referral to fraud agencies and law enforcement.