Keeping your business free from fraud

There’s one area of business where everyone should be risk averse: fraud.

Digitisation has created huge opportunities for business, but also for criminals. We know you can’t afford even the slightest loss, and that’s why it is important for us all to maintain vigilance against fraud. Know the threats and what you can do to keep your business safe.

Once installed, malware enables criminals to carry out a variety of illegal activities such as:

  • Spy on your online activities.
  • Misuse your personal information, confidential company information or intellectual property.
  • Steal your system credentials to take over your email account.
  • Intercept your emails.
  • Hijack your system for a ransom.
  • Infect other systems and computers in the network.
  • Create or amend payment details.

To prevent malware infection:

  • Install anti-malware software and ensure it is always up-to-date.
  • Connect only to secured or trusted Wi-Fi networks when in public places such as airports.
  • Don’t click on suspicious emails or links from unknown senders. These could be phishing.
  • Hover your mouse over the email address to see the host URL address.
  • Keep your software up-to-date with the latest security patches.

Phishing is a common type of social engineering attack where you receive an email/phone call/sms purportedly from a trusted party such as your regular social websites, IT administrators, local authorities/government or even your bank asking you to divulge sensitive information.

Information acquired through social engineering, including phishing, is used to access your online bank accounts to make unauthorised payments, or to take over email communications to initiate payments to the fraudster’s account. Common scams include:

  • Business email compromise: a type of impersonation scam where the fraudster spoofs the email of a known business contact, such as a supplier, or compromises that account to send instructions for a change of bank account number or to request an urgent payment. Learn more about Business Email Compromise Fraud here.
  • CEO impersonation: a fake email supposedly from your CEO or other senior members of staff, asking for payments to be made to a new beneficiary. The request is often urgent, confidential, and takes place when your CEO or that senior staff member is out of the office.

To guard against these:

  • Always confirm any change in bank account details before making any payment or funds transfer. Validate the request directly with your business contact either by telephone using independently sourced contact details, or in person.
  • Search for clues that the email is authentic e.g. check that the email address is spelt correctly (john.doe@abc.com vs jon.doe@edc.com), or hover your mouse over the email address to confirm the domain URL matches that actual company name.
  • Be careful what you share on social media to avoid unintentionally revealing work information that could be used to deceive you.

Good fraud prevention practices

Apply these tips to strengthen fraud protection on your Corporate Account.

Dual-level payment approval

Avoid compromising your payment data by requiring at least two persons in your organisation to sign-off/approve a payment or changes to payment information.

Two-factor authentication

Protect against misuse of sensitive information with two-factor or multi-factor authentication. This means systems access is enabled using two or more authentication information, in addition to a password.

Staff training

Ensure your staff are fully aware of the risks. A simple awareness step is to encourage your staff to view the information on this page.

Report fraud

If you suspect your account is defrauded, immediately report to the bank. Locate the nearest office here. Promptly reporting the incident, even if you’re unsure, increases your chance of recovery and prevents further damage.

"The bad guys aren't standing still. Neither should we."

Bill Winters | Group Chief Executive

Back to Fighting Fraud