Recently we’ve seen an increase in the number of businesses and organisations being targeted by fraudsters using compromised email.
Fraudsters usually commit Business Email Compromise [BEC] fraud in one of two ways. They send an email which appears to have been sent by a genuine supplier or contractor asking for an invoice payment to be sent to a specific bank account, or they send an email which looks like it’s been sent from a person within your own organisation asking for a payment to be made, or payment account details to be changed. The account numbers within the emails will be fraudulent.
The email will either be sent from a spoofed email account [one almost identical to that of a supplier, contractor or colleague] or if their email account has been hacked, a fraudulent email might even come from the genuine email account. This can enable fraudsters to organise a very convincing attack.
Please be on the look-out for suspicious emails.
Staying Safe Online
Antivirus software – ensure all PCs are protected by high quality Anti-Virus software and update it regularly. Run frequent virus scans.
Think before you click – only download programmes or click on hyperlinks you can trust. Hover the mouse over hyperlinks to see what the true web address is.
Emails – a genuine email from your Bank will always address you by your name and contain the last 4 digits of your account number or 3 digits from your postcode. These emails will never lead you to a screen which asks you for your passwords or card and reader codes.
Protect your data – back up your data regularly to a device or location separate to your business network. Fraudsters can use malware to lock all your data and demand you pay a ransom to retrieve it.
Check your screens – if you see unusual screens or pop-ups or unusual requests to enter card and reader details when using your online banking, log out immediately and call the Bank.
Dual authority – if possible set up your online banking so that two separate people are required to make a payment.
Email us – send any suspicious AMC or Lloyds Bank related emails to firstname.lastname@example.org
On the phone
If you’re not absolutely certain it’s AMC or your Bank telephoning or texting you:
Call back – always call them back and use a number you know is correct for AMC or your Bank, checking that the line is clear beforehand.
Caller display – don’t rely on your phone’s caller display to identify a caller. Fraudsters can make your phone’s incoming display show a genuine Bank number.
Texts – be aware that fraudsters can send a text message which looks like it’s been sent from your Bank’s genuine text number so verify any suspicious text messages by calling them.
- Passwords – NEVER divulge online banking passwords or card and reader codes to anyone on the telephone or via text.
- Finally – AMC or your Bank will NEVER tell you to transfer money out of your account to a “safe” account. This is a common tactic fraudsters use.
If you think your business has been a victim of fraud or has been targeted by fraudsters, call your Bank immediately.
For fraudulent payments made online contact your Bank’s Fraud team.
For other types of fraud, contact your relationship manager as soon as possible. Your relationship manager will be able to offer advice and guidance on minimising the impact of fraud and preventing future attacks.