Recently we’ve seen an increase in the number of businesses and organisations being targeted by fraudsters via email.
Fraudsters usually commit Business Email Compromise [BEC] fraud in one of two ways. They send an email which appears to have been sent by a genuine supplier or contractor asking for an invoice payment to be sent to a specific bank account, or they send an email which looks like it’s been sent from a person within your own organisation asking for a payment to be made, or payment account details to be changed. The account details provided will be for an account under the control of fraudsters.
The email will either be sent from a spoofed email account (one almost identical to that of a supplier, contractor or colleague) or if their email account has been hacked, a fraudulent email might even come from the genuine email account. This can enable fraudsters to organise a very convincing attack.
Please be on the look-out for suspicious emails.
Tell-tale signs of a fraudulent communication
Stay safe online by asking yourself the following questions when you receive a suspicious email or text:
- Do the sender’s details look right? When you are contacted and asked to change the beneficiary account number of a payment you make, you should independently check that the email or letter they’ve sent you is genuine by calling a known contact in the beneficiary’s business on a telephone number you know is correct.
- Were you expecting this communication? Be cautious about opening any emails that you weren’t expecting (even if you think you recognise the sender). Don’t click on any links or attachments unless you are sure they are genuine.
- Are there any spelling mistakes or instances of strange formatting? If there are any obvious spelling errors or vague sentences that may make you question its authenticity, it could be a scam. Please send any suspicious AMC or Lloyds Bank related emails to firstname.lastname@example.org
- Is it asking you to pay an invoice or change a supplier’s payment details under time pressure? Independently verify any emails which appear to come from someone you know or someone in your business asking for a payment to be made. Their email account might have been hacked or spoofed by a fraudster.
- Is it asking you to click on a link or attachment? Fraudsters may prompt you to click on a link or attachment claiming to be a real business. The link may send you to a website that could look genuine but is under the control of the fraudster. The link may also download malicious software for the fraudster to spy on your device with or lock you out until you provide them with your online banking details.
- Has a new client overpaid and asked for their money back? Be suspicious if a new client sends you a payment for a lot more than you were expecting and then asks you to return the excess funds to them. Check that the funds are cleared and cannot be recalled before returning any funds.
Protecting yourself and your business online
Antivirus software – ensure all PCs are protected by high quality antivirus software and update it regularly. Run frequent virus scans and keep your firewall on at all times.
Think before you click – only download programmes or click on hyperlinks you can trust. Hover the mouse over hyperlinks to see what the true web address is.
Emails – a genuine email from your Bank will always address you by your name and contain the last 4 digits of your account number or 3 digits from your postcode. These emails will never lead you to a screen which asks you for your passwords or card and reader codes.
Please send any suspicious AMC or Lloyds Bank related emails to email@example.com.
Protect your data – back up your data regularly to a device or location separate to your business network. Fraudsters can use malware to encrypt all your data and demand you pay a ransom to retrieve it. Safeguard your data by following the 3-2-1 rule:
- Keep at least three (3) different copies of your data
- Store the data in at least two (2) different formats (such as on disk or the cloud)
- Keep one (1) copy offsite to protect against theft or disaster.
Be wary of unusual activity – if you see unusual screens, pop ups or unusual requests to enter card and reader details when using your online banking, log out immediately and call the Bank.
Dual authority – if possible, set up your online banking so that two separate people are required to make a payment.
If you would like further information on how you can protect your business from the dangers of fraud, please click here to read about the national campaign Take Five To Stop Fraud.
On the phone
If you’re not absolutely certain it’s AMC or your Bank telephoning or texting you:
Call back – always call them back and use a number you know is correct for AMC or your Bank.
Caller display – don’t rely on your phone’s caller display to identify a caller. Fraudsters can make your phone’s incoming display show a genuine Bank number.
Texts – be aware that fraudsters can send a text message which looks like it’s been sent from your Bank’s genuine text number so verify any suspicious text messages by calling a genuine number.
- Passwords – NEVER divulge online banking passwords or card and reader codes to anyone on the telephone or via text.
- Transferring funds – AMC or your Bank will NEVER tell you to transfer money out of your account to a “safe” account. This is a common tactic used by fraudsters.
Keep your devices safe
Keep your browser and Operating System (OS) up to date – If you are using an older OS like Windows 7, XP, Vista or 2000, it won’t get security updates. It also helps to keep it safe from viruses.
Ensure you use the latest software on all of your devices – For example, if your phone uses Android 7.0 or below, Google no longer sends security updates.
Only use genuine and secure Wi-Fi when you’re away from home – Fraudsters can set up Wi-Fi hotspots in public areas to steal personal details.
If you think your business has been a victim of fraud or has been targeted by fraudsters, call your Bank immediately.
For fraudulent payments made online contact your Bank’s Fraud team. If your business loses money to fraudsters, report it to the Police by visiting www.actionfraud.police.uk
For other types of fraud, contact your relationship manager as soon as possible. Your relationship manager will be able to offer advice and guidance on minimising the impact of fraud and preventing future attacks.