:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/Y7RKF4TCGRAIBCVLVTXIESXCOU.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/5JHDOB4EJZDBZOI4C2YF4GMXGI.JPG)
Businesses need to be especially vigilant at present in the face of a rising number of online scams, according to AIB’s managing director of capital markets, Cathy Bryce. “At AIB, we are continuously investing to enhance our fraud monitoring systems in response to new and existing fraud trends, and to educate our business customers via online messaging, emails, and targeted social media alerts,” she says. “Fraudulent invoice redirection within companies is a trend that has become particularly prevalent in recent months and for which we want to raise awareness.”
Fraudsters are becoming increasingly sophisticated, says AIB head of financial crime, Carol Lawton. said “Criminals go to great lengths to defraud by compromising people’s emails or computers, sending emails and messages that appear legitimate, and creating high quality online advertisements, brochures and other materials. We also know that they use legitimate names and job titles of people working in companies, including plausible impersonations, in an attempt to appear genuine.”
She urges businesses to be extremely cautious and vigilant at all times. “Verify any requests for payments or changes in account details with legitimate, trusted contacts,” she advises “Be vigilant against malware that tries to gain access to your systems; always double-check before calling a number provided in an email; check that any website you use is authentic; and remember, if an investment opportunity it seems too good to be true, chances are it is.”
Supplier email is one of the main scams targeting businesses at present. Fraudsters intercept emails and pretend to be a supplier or service provider to trick the business into sending the payment to a different bank account. “Always verbally confirm the legitimacy of the email and payment details in person or on a known telephone number,” says Lawton. “And ensure staff are aware of the risks and have robust procedures in place before any payments are made from your account.”
:quality(70):focal(1906x673:1916x683)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/43QUZK6KRVEEPOKMGLGL4S4MTQ.jpg)
:quality(70):focal(2800x699:2810x709)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/ZIH6DLXA5VBP5L6XAYYVAZLMAY.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/GEE74QQ5KFEZBD62RMYWCP63NQ.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/M6IJOGL725GXTAD76ZEO3IKVFQ.JPG)
CEO fraud is where the fraudster hacks a legitimate staff member’s email account and requests a change in bank account details for wage payments, an urgent transfer of funds or the purchase of gift vouchers. “Again, always check with the sender in person on a known and trusted phone number that the request is legitimate, regardless of how senior or busy they are,” Lawton counsels.
Smishing – fraudulent text messages, and vishing – fraudulent phone calls, are texts or phone calls claiming to be from a genuine company such as a utility or courier, with an urgent call to action. The aim is to capture personal and financial information.
Lawton says recipients should never click a link in a text message as this may redirect to a fraudulent website. “Never provide one-time passcodes received via text or from your card reader or digipass, and never give your debit card or PIN to a taxi or courier.”
Vishing fraudsters may ask recipients to download software to share their screen. “They may have already socially engineered your banking details and will be able to confirm recent transactions or they may ask you for your login and financial information, security codes either verbally or keyed in on your device,” Lawton notes. “Never accept an unsolicited call, hang up and verify the caller’s legitimacy by calling the company on a known and trusted number.”
Investment scams are where a person is contacted by a bad actor or through a fake website purporting to offer investment products often from legitimate, well-known names in financial services.
“The scammers can share sophisticated brochures and materials that appear legitimate,” says Lawton. “They may also use legitimate names and job titles from people in financial institutions, along with a fake email address. After the person fills out all the relevant documents, they are asked to transfer their money to an account which they later realise does not belong to the financial services firm, and their money has been stolen. This often happens under a degree of time pressure, for example to get the best rate of return.”
Recipients should always verify the contact details by checking the company’s official website and never call the number provided on the email. “Search and confirm the phone number using the company’s website. You can also cross reference email addresses to ensure they are aligned with the format of the firm’s existing email addresses as shown on their website. You can also ensure any website you use is secure and genuine by checking for the padlock symbol to the left of the web address and if it’s not there, beware. Check the adviser out, look them up to see if their business exists by ensuring their office location and telephone number are genuine – but bear in mind that they could be impersonated by the fraudster.”