^{Security Tips} Protect your Business

Protect your company from Business Email Compromise fraud

At “ADCB” Islamic Bank” JSC, your financial security is most important to us. We do our best to protect your business against fraud and to ensure the safety of your finance and financial transactions. Therefore, we want to draw your attention to a method of email fraud known as Business Email Compromise, which is gaining popularity and causing substantial losses to commercial enterprises.

What is Business Email Compromise?

• Business Email Compromise (hereinafter – BEC) is when the fraudster infiltrates company communications and manipulate employees into making payments to a bank account under their control.
• The impostors carefully study their targets to gain information about the company’s employees either by way of phishing or by directly hacking the company computer network or email infrastructure.
• The impostor may gain direct access to company email accounts or create an email address that looks very similar to those belonging a company executive such as the CEO or CFO e.g., [email protected] vs [email protected]. The difference in the fake email address will be very subtle and easy to overlook.
• The fraudster then sends an email either originating or appearing to originate from the company executive to the finance department, instructing them to make payment to a specific beneficiary. Employees may be reluctant to approach senior executives to verify these payments and fall prey to the scam.

How do I identify a fraudulent email?

• Unusual email requests from company executives.
• Payment instructions via email or not following normal company protocol.
• Payment requests marked as ‘urgent’.
• Requests to keep the payment confidential.
• Emails containing spelling mistakes and poor grammar.
• Requests to change creditor bank account details.

How do I protect my business?

• Ensure that your staff are made aware of how BEC is perpetrated.
• Configure your email system to display a notification for all emails originating from outside your organisation.
• Verify all suspicious or unusual payment instructions with the initiator using a different communication channel. Don’t simply reply to the email requesting the payment as you may be responding to the fraudster.
• Carefully check the spelling of email addresses.
• Keep anti-virus, firewall and malware protection up to date.
• Contact your suppliers and business partners using known or public directory details to verify all requests to change bank account details.
• Enable spam filters, anti-spoofing and block access to suspicious websites.
• Don't click on any email attachments or web-links sent to you by unknown entities.

General Security Precautions

• Avoid simple passwords or Personal Identification Number (PIN) numbers such as your date of birth and change your passwords periodically.
• Shield your PIN from third party observers when using an ATM or Point of Sale device.
• Ensure that your cheque book is kept in a secure location.
• The Bank will not be held responsible for losses incurred where customers have divulged confidential bank passwords and PIN to third parties.
• Store electronic digital signature (EDS) in a safe place inaccessible to unauthorized persons and do not transfer the EDS to third parties.