^ADCB Protect your company from fraud

Banking, online payment and e-commerce websites are usually targeted by fraudsters using Pharming for data and identity theft using several tactics:

DNS Spoofing/Poisoning

• Domain Name System or DNS is responsible for converting the text of domain names into IP addresses that computers can understand. This DNS in a server for a legitimate website can be modified by fraudsters and replaced with their own IP address, which ends up directing you to the fake website instead of the legitimate one.

Malware

• A fraudster may send malicious code in an email, which then installs a virus or Trojan on the computer. This code changes the computer’s hosts file, directing users away from the intended website and to a fake website instead.

Man-in-the-Middle (MITM) attacks

• Using various techniques that infect Local Area Networks, fraudster will intercept user traffic from the victim and redirect it to a fake website to gather data.

• Always use a trusted and verified Internet Service Provider (ISP) and Virtual Private Network (VPN) service.
• Ensure all web connections are secure. Look for the padlock symbol and https:// in the website URL before entering any sensitive information.
• Enable two-factor authentication (2FA) on websites wherever possible. This ensures additional verification steps are required should login credentials become compromised.
• Change the default password on your routers and wireless access points.
• Be cautious of clicking on links and attachments in emails and other messages, especially from unknown senders.
• If there are suspicious or unusual payment instructions, check with the initiator using a different communication channel. Do not reply to the email requesting the payment as you may be responding to the fraudster.
• Use antivirus and anti-malware software on your devices and regularly update the software to protect against threats.
• Carefully check the spelling of each sender’s email address.

• Unusual email requests from company executives
• Payment instructions via email or not following normal company protocol
• Payment requests marked as ‘urgent’
• Requests to keep the payment confidential
• Emails containing spelling mistakes and poor grammar
• Requests to change creditor bank account details

• Ensure that your staff are made aware of how BEC is perpetrated
• Configure your email system to display a notification for all emails originating from outside your organisation
• Verify all suspicious or unusual payment instructions with the initiator using a different communication channel. Don’t simply reply to the email requesting the payment as you may be responding to the fraudster
• Carefully check the spelling of email addresses
• Keep anti-virus, firewall and malware protection up to date
• Contact your suppliers and business partners using known or public directory details to verify all requests to change bank account details
• Enable spam filters, anti-spoofing and block access to suspicious websites
• Don't click on any email attachments or web-links sent to you by unknown entities