Danske Bank’s Fraud and Cybercrime Manager, Chris Wynne, outlines why everyone in Northern Ireland needs to get tough on the fraudsters who are targeting our bank balances.
It goes without saying, the advantages that online banking brings to businesses and the speed and apparent lack of effort it takes to send funds from one person to another is a powerful business enabler. Regrettably, these same attributes can also act as a potent fraud enabler.
When I leave the office every day, I think I’ve seen and heard it all, sure, financial crime, and specifically cyber enabled financial crime is carried out with the same ultimate goal, but the tactics which fraudsters deploy to achieve their objectives vary.
Many of these cases are driven by social engineering. Its definition “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes”, sums this term up well. As financial institutions build stronger defences to keep cyber criminals out, the fraudsters instead look for the weakest link in the chain to gain access to accounts, and unfortunately, that is usually you and I, the human weakness.
Social engineering cases, like telecoms scams and fake tech support calls, are carried out by ‘companies’ that have been set up somewhere in the world specifically for the purpose of catching people out. The persistence of these callers is not to be underestimated and recent data from international communications enabler BICS reports that in 2018, 25 million fraud calls were aimed at UK phone numbers.
Because the person claims they are trying to help and due to a natural instinct to trust, people buy into it completely. It doesn’t feel unusual that someone saying they are from a reputable company, like BT, is asking for your bank account and online login credentials, when in reality this should be seen as a very unusual request.
Whilst these cases are predominantly targeted at personal customers, we are also seeing them targeted at business customers, where invoice redirection/mandate fraud and CEO fraud are also on the increase. These types of scams aren’t the work of a moment, there is a lot of research done by the fraudsters to make sure they are speaking to the right person, with the appropriate authority to let them do what they want to do. You should always be cautious when receiving payment instructions by email or text. A call back to the source (on a known genuine phone number) to confirm that all the details are correct could prevent funds being paid directly into the hands of the fraudster.
In this digital age, it can be difficult to spot a scam, but it’s easy to ask for advice, here are a few quick tips to consider:
- be wary of unexpected calls from your bank, the police, a telecom provider or the HMRC, an ‘urgent’ call from someone claiming to be from these organisations could be a fraudster trying to hurry you into doing something;
- never divulge personal information such as usernames, passwords or security codes for online banking details to anyone, not even your bank, they never need to know these details; and
- if in doubt about the legitimacy of a call, hang up. If you want to be sure you are speaking to a legitimate company, call them back on a number you know to be correct, it’s better to be safe than sorry. For emails, just because it looks genuine does not mean it is, take those extra few minutes to verify the content independently from the email.
Chris Wynne, Danske Bank Fraud & Cybercrime Manager can be contacted at firstname.lastname@example.org