Your security is a top priority for us but there are also steps that are important for you to take to protect the security of your business assets.
Follow some simple tips to protect your business from fraud:
- Safety for Business
When logging on to Business On Line, we will only ever ask you to enter your username and password. If you see anything unusual when logging on, please contact the Business On Line Helpdesk immediately.
- Never share your Business On Line Administrator or User password.
- Monitor your bank accounts regularly.Check for suspicious activity on your account. If you find anything suspicious, or if something doesn’t feel right, report it.
- Treat any unexpected requests to change payee or supplier’s bank account details with caution.Always check directly with a known contact in the company requesting the change before authenticating the changes and sending payment.
- Ensure you are accessing a legitimate site.Never follow a link that brings you directly to the log in page of 365 online or Business On Line. Always go directly to the site by typing the web address into your browser or access it via a reputable search engine e.g Google.
- Use secure websites(https)When entering login details or personal information be sure that the web page you are viewing offers encryption of your data by checking:
- The web address (URL) has changed from 'http' to 'https'.
- A closed padlock icon is present.
- Your browser address window may be green.
- Email Safety
Business Email Fraud
By posing as senior executives, fraudsters have stolen millions from organisations across the globe through business email fraud. These schemes usually target companies working with foreign suppliers and companies that regularly perform wire transfers.
To avoid spam filters, the emails in these schemes are not mass-emailed. Instead, they are sent to only a few employees—usually employees who regularly perform wire transfers, like financial directors or accountants. These emails are well crafted, often using spoofed email addresses and logos to look more credible. This is known as spear phishing.
The fraudsters conduct extensive research to make their emails more believable. They will try to determine who is involved in wire transfers and wait for the perfect opportunity, like a change in leadership, to send the emails.
The most common type of business email fraud are:
- CEO Fraud/Business Email Compromise: An email from a senior leader, whose account has been compromised, to another employee in the organisation often containing an urgent payment request.
- Bogus Invoice Scheme: An imitated supplier invoice email is sent requesting a change in payment details. See more in Invoice Redirection Fraud.
- Payment Request Emails: An employee’s account is compromised and payment requests are sent by the fraudster to suppliers in their address book.
CEO Fraud/Business Email Compromise
This usually arises following the compromise of a senior (up to and including the CEO) employee’s email.
How to Recognise a CEO Fraud/Business Email Compromise:
- The fake email looks like it has come from an executive’s genuine address.
- Typically, it is addressed to a colleague instructing that a high value payment is made to a supplier or creditor, and usually includes the payee details, including the IBAN.
- Often the payee account is located overseas.
- The sender usually advises in the email that they will not be available for the following number of hours or days.
How to Protect Yourself:
- Don’t issue payment instructions to anyone via email, only by secure encrypted means.
- Don’t accept payment instructions that have been issued to you via email.
- Don’t use a phone number quoted in the suspicious email; verify the contact internally before making any payment.
- Notify the Bank and An Garda Síochána/police immediately if you receive a suspicious email.
Remember to always be cautious of unexpected emails:
- Be skeptical of urgent requests that do not follow typical company procedures and policies.
- Always verify that the email is from the real sender.If the sender is a senior leader in your company, call them directly no matter how senior they are, or one of their colleagues. If the sender is from another organisation, call a known contact in the company making the request before acting on it.
- Look carefully at where links are taking you.Some phishers include links to websites with addresses/domain names that are only slightly different to genuine sites. E.g http://www.bankoireland.com.bank
- Identity Theft
Identity theft occurs when someone steals your personal information and uses it to impersonate you. They can carry out fraudulent activity such as trying to access your bank accounts, opening a credit card account in your name or getting payment from a supplier.
How to reduce your risk of Identity Theft
- Be careful when posting personal information online, including on social media.The more information you post online about yourself the easier it may be for a fraudster to steal your identity.
- Never give your PIN to anyone.
- Cancel lost or stolen credit or debit cards immediately.
- Lock all valuable documents away.Ensure they are in a secure place
- Ensure to clear all information on your device before selling it.
- Shred confidential information.Always shred any confidential information such as bank statements or cheque books before you throw them away.
- Inform all service providers promptly when moving address.Set up a mail forwarding arrangement with An Post.
- Protecting your Business Network
You need to ensure that you properly protect your devices- mobiles, tablets, laptops or PCs. This will help safeguard against your device being infected with malicious software and from potentially serious consequences such as fraud and identity theft.
- Ensure you have up-to-date anti-virus software in place on your devices.Schedule regular checks on your computer systems.
- Keep the software on your device up-to-date.Install the latest software update as soon as possible. You will normally receive a prompt to update.
- Turn on your computer firewall.Or install and enable one if none exists. Check your computer settings and 'help' section.
- If your device is lost or stolen.Most smart phones and tablets have a capability to be wiped remotely. This will prevent any sensitive information falling into the wrong hands.
- Know how to recognise the signs that your computer may have become infected (including but not limited to the following):
- Applications that don’t work properly.
- Date of last login doesn’t match the date you last logged in.
- System slows down, freezes or crashes.
- Unusual error messages.
- Your browser toolbar changes.
- System performance deteriorates unexpectedly.
- An increase in the number of flies on the system when nothing has been added by you.
- Printing does not work correctly.
- Distortion on screen.
- File size changes for no apparent reason.
- If you suspect that your device may be infected Do not log on to any online banking channels until any malicious software has been removed.
Ransomware is one of the biggest cyber threats today. Most commonly, users receive an email claiming to be from a legitimate company, containing malicious content. The ransomware runs when the user opens a malicious attachment or clicks on a link in the email. It then encrypts every file on the user’s device and on any fileshare they are connected to. Once the encryption process is finished, a blocking screen appears ordering the user to pay a ransom in order to regain access to their files. If the user does not pay the ransom on time, all files may be lost.
How to Protect Yourself and your business:
- Do not click suspicious links or download unsolicited email attachments.
- If you receive an email from a known sender, but with an unusual link or attachment, contact them first to confirm the legitimacy of the email.
- If you receive a suspicious email in relation to your Bank of Ireland accounts, forward it as an attachment to email@example.com immediately.
- Be careful when accessing websites; do not click on advertisements, as they could contain malicious software.
- Update your anti-virus software and operating systems regularly.
- Ensure your files are regularly backed up. This is usually done centrally within a company.
- Apply security patches as soon as possible after they become available from your technology providers.
- Ensure you have a firewall enabled, to protect your technology from the internet.
- If you think you have been the victim of a ransomware attack and your data files have become infected, the general advice from law enforcement agencies is not to pay the ransom.
- It is also advised that you disconnect infected computers from your business network immediately to stop the spread of infection to other computers in your network.
- Contact your security service provider if you have one, or seek professional advice from a security service provider.
- Invoice Redirection Fraud
This scam usually involves a genuine invoice being intercepted and the payee account details being altered. As a result, the payment is transferred to a fraudulent account.
How it Works:
- Having researched the target company, and their suppliers, criminals may write to the company’s finance department on forged headed paper, or by email, pretending to be the supplier.
- Typically, they will advise of a change in supplier account details.
- The payee account may be located either in Ireland or overseas.
- The company is asked to either send a payment now to the new account, or alternatively, to ensure that all future payments are sent to the new account.
How to Protect Yourself:
- If a company requests a change of payment details, always confirm the change with them before making payments.Verify the change by contacting a known contact in the company directly if possible, or by using a phone number displayed on the company’s website. Do not follow links or use the same contact details contained in the email requesting the change without verifying them.
- Typically, such requests are made via email. Fraudsters may change an email address to make it look as though it has come from someone you are used to dealing with. Always check email addresses carefully.
- Don’t issue any payments in response to unconfirmed requests.
- Fraudsters sometimes find information regarding contracts and suppliers on the victim organisation's own websites. Consider whether it is necessary to publish information of this type in the public domain.
- Contact the bank immediately if you receive a suspicious email or letter, and contact An Garda Síochána/police.
- Phone Fraud
Telephone fraud is becoming increasingly common. Sometimes fraudsters try to trick you into divulging personal and confidential information, including bank account details, over the phone. This is known as ‘Vishing’. The fraudulent text message equivalent to this is known as ‘Smishing’. Fraudsters may claim to be from a reputable organisation or claim that your account has been compromised and that action is required.
Bank of Ireland will never ask you to transfer money to a new account so ignore such calls or texts.
Fraudsters may call you pretending to be from Bank of Ireland in an attempt to steal your Business On Line banking details.
When in doubt about the legitimacy of a call or text claiming to be from Bank of Ireland, report it and do not act on it unless confirmed to be genuine.
- Criminals who have called your landline can stay on the line for up to 5 minutes, even after you have hung up. Wait at least 10 minutes after hanging up. Then, to ensure that the fraudsters has disconnected, call someone you know before using the phone again or use a different line to report the incident to the Bank.
- Sometimes fraudsters make phone calls, claiming to be from a reputable computer firm, to offer assistance. Never allow a cold caller to take remote access of your computer.
- Never respond to suspicious text messages or click on links contained within. These links may lead to malicious content. Never respond to suspicious text messages or click on links contained within. These links may lead to malicious content. Send a screenshot of the suspicious text to firstname.lastname@example.org and then delete it.
- Remote Access Fraud
Fraudsters will sometimes cold call companies claiming to be from a reputable computer firm.
The caller may offer:
- To fix, upgrade or protect your computer from running slowly.
- To upgrade your service for internet connections, devices or phone lines.
The caller may ask you to log on to your online banking and then they ask you to allow them remote access to your computer to "assist with the issue". Fraudsters may also ask for banking, card, security or other personal details in order to get access to your bank accounts.
How to Protect Yourself:
- Never give control of a computer remotely to a third party who calls unexpectedly.
- Don't disclose full personal or security details to an unsolicited caller.
- Don’t disclose your Visa Debit or credit card details, Fraudsters can spoof caller ID numbers to make it look as though they are calling from somewhere legitimate.
- Never transfer money based on an instruction from a cold caller, no matter what story you are told. Always check the proposed transaction with your bank beforehand.
- Never log on to your online banking while the third party is connected to your device.
- Cheque OverpaymentFraudsters sometimes target legitimate sellers of goods or services by posing as new customers and making an order.
The fraudster typically pays the seller a higher amount than agreed by cheque or bank draft in a bank branch (even if an online payment has been discussed). The fraudster then asks the seller to return all or some of the payment online as quick as possible.
While the seller is pressurised to return the money, the original cheque or bank draft, which is usually forged, counterfeit or fraudulently altered in some way, will be rejected and not paid. However, the money returned will have been paid directly into the fraudster’s account.
How to Protect Yourself:
- Don’t make any refunds until you are satisfied that a genuine payment has been received into your account. If in doubt, refer to your local branch.
- Always carry out appropriate due diligence when dealing with a new customer, particularly those who require an immediate refund due to overpayment being sent to you.
- If you are concerned you have been targeted by an overpayment scam, immediately contact Bank of Ireland and report to An Garda Síochána/Police.
Back to Security Zone Personal