Online banking fraud - one easy step to reduce the risk to your organisation
2nd November 2015 by Fiona Hotston Moore
There has been an alarming increase in online banking fraud. The total reported in 2014 was £24m and in the first six months of 2015 the reported figure is more than double.
Online banking fraud is actually, largely, remarkably simple and falls into two categories:
- Fraudsters who phone claiming to be from the customer’s bank or head office and who tell the customer that there has been a security breach requiring their money to be moved to a "safe" account. The duped customer then assists the fraudster in emptying their bank account. This scam is remarkably simple and recently cost a local company £1m.
- Scam emails, which appear to be legitimate from someone known by the customer, request monies to be transferred to a new account. For example, a solicitor who operates a client account receives an email purporting to come from their client requesting a funds transfer; or an email appearing to be from the managing director of a company to that firm’s book-keeper instructing them to make a payment.
These are not complex cyber crimes. The success of these online frauds relies entirely on the gullibility of individuals. The simple key to ensuring neither you nor your organisation becomes another victim is to ensure everyone in your finance team understands the issue and are alert to the likelihood of an attempt.
A few points to remember:
- Banks do not call and ask for your account details, passwords etc. If you get a call claiming to be from your bank or head office hang up and call a known individual from another phone line. Do not call back on the same phone line as the line may still be open and you are going back to the fraudster again.
- Verify email transfer requests by phoning the known contact using a pre existing number held on your database.
- If something doesn't feel right don't be bounced into authorising a transfer however plausible the caller or email appears. Go and speak to a colleague or manager.
- Keep passwords securely and ensure you have appropriate segregation of duties.
If you are the victim of a fraud you may find your bank will not reimburse you. Banks are not obliged to recompense you for your own negligence. Furthermore, your normal business insurance may not cover you either. For businesses with significant cash deposits or client monies you should consider getting specific insurance cover for banking fraud.
For further information or to arrange a review of your internal controls and checks please call Fiona Hotston Moore or your usual Ensors contact.
« Back to blog