The Twelve Frauds of Christmas

advertisement
The Twelve Frauds
of Christmas
Ulster Bank Ireland Limited. A private company limited by shares, trading as Ulster Bank, Ulster Bank Group and Banc Uladh. Registered in Republic of Ireland. Registered No 25766.
Registered Office: Ulster Bank Group Centre, George’s Quay, Dublin 2. Member of The Royal Bank of Scotland Group. Ulster Bank Ireland Limited is regulated by the Central Bank of Ireland.
Ulster Bank is committed
to educating our customers
to help them avoid becoming
victims of fraud.
We have created the twelve frauds of
Christmas that we suspect criminals may
use during the festive period. These have
been compiled with the aim of highlighting
these fraudulent activities and increasing
awareness, together with providing advice
to help prevent you from becoming a victim
of this type of crime. If you are unfortunate
enough to become a victim of fraud, it is
important that you report it to your bank
and local police station.
Topic
Message
Bankline Fraud There has in recent months been an increasing trend in Fraudulent attacks on
eBanking Platforms across the Banking Sector, therefore we would like to draw
your attention to the following Tips, which we would ask you to share with any
member of staff who has access or details of your Business’ Bank details.
We will never ask for your full PIN & password online: only 3 random digits from
each are needed to log in.
We will never ask for your PIN & password or any smartcard codes over the
telephone: beware of imposters.
We will never ask for smartcard codes to log in: these codes are used to
authorise payments.
Trusteer Rapport is free security software that we recommend to all customers in
order to protect your details while using online banking. It can be downloaded
from our website as follows:
http://www.ulsterbank.ie/roi/personal/safe-secure/rapport/system-requirements.ashx
Plastic Card
Fraud
Our customers are the front line against card fraud, which can result in a double
theft: against the genuine cardholder and against the company.
Remember: Authorisation of a transaction does not guarantee payment. It will
only establish that, at the time of the transaction, there are sufficient funds
available to cover the payment and that the card has not been reported lost,
stolen or compromised in any other way.
Cardholder present Chip & PIN transactions:
• Follow the prompts on your terminal.
• Ask the cardholder to enter their PIN.
• I f a Chip & PIN card is not processed correctly, you may be held liable for the
transaction in the event it is later confirmed to be fraudulent. Not all cards
in circulation have chip technology. If the card is not Chip & PIN enabled, you
should take the opportunity to check the security features as you have sight of
the card. Virtually all Irish cards are Chip & PIN. Extra vigilance should be taken
when accepting cards that are not Chip & PIN. NB. Not all overseas card issuers
have yet upgraded to Chip & PIN. Be aware that some fraudsters spend a long
time building credibility and are very confident and plausible.
Cardholder not present transactions:
Cardholder not present transactions by their nature present a higher risk to your
business, because there is no opportunity to physically check the card or meet
the cardholder. Although the majority of payments will be completely genuine,
this type of transaction is appealing to fraudsters because it increases the
opportunity for anonymity.
Be particularly wary of:
• A customer who offers two cards as payment for one order – this is not
permitted under card scheme rules.
• A customer who provides several cards for payment after the initial and any
subsequent authorisation requests have been declined.
Topic
Message
Plastic
Card Fraud
Continued
For further guidance please refer to your Merchant Operating instructions.
Phishing
Phishing is a fraudulent attempt, usually made through email, to steal your
personal information. In order for fraudsters to successfully “phish” your
personal / banking details they must get you to go from an email to a fraudulent
website or have you open an attachment to install malicious malware / Trojans
onto your device.
Additional information is also available at:
www.financialfraudaction.org.uk
www.streamline.com
www.visa.co.uk or www.visa.ie
www.mastercard.com
www.theukcardsassociation.org.uk
Phishing emails are usually sent in large batches. Watch out for generic
salutations such as “Dear Customer”, if you don’t see your name – be suspicious.
Internet criminals want you to provide your personal information now.
They do this by making you think something has happened and require you
to act fast. The faster they get your information, the faster they can move onto
another victim.
http://www.ulsterbank.ie/roi/personal/safe-secure/stay-safe-online.ashx
Cheque Fraud
Fraudsters continue to use cheques as instruments to exploit any opportunity
to make money at our customers’ expense. From the simple interception and
alteration of cheque payee or amount details to cheque printing and forging
of customer signatures, the technology used by the
Fraudster can be really effective. It can be astounding how a forged or altered
cheque can look. Ulster Bank uses a whole range of anti-fraud prevention and
detection processes in the ongoing fight against financial crime. But we also
depend upon our customers to be vigilant and follow good practices in order to
prevent such criminal activity.
The fact is cheque fraud has become more ‘organised’, advances in computer and
printing technology, coupled with the relatively low cost of equipment, mean
that the fraudster can now target almost any cheque written. So what can be
done and what part can you play to ensure that you do not become the target
of a well orchestrated or even opportunistic fraud attempt?
When writing cheques:
• Begin writing/printing at the very left of the cheque.
• When paying a cheque to a large organisation such as the Inland Revenue, do
not make the cheque payable simply to that organisation. Add further details
into the payee line e.g. Inland Revenue re: J Jones reference xxx. Draw a line
through unused space on the cheque so unauthorised people cannot add extra
details. The same principle would apply when making a cheque payable to a
bank or a building society.
• Do not leave large spaces between words and rule out the space not used after
the words in each line.
Topic
Message
Cheque Fraud
Continued
•D
o not leave space between the ‘£/€’ sign and the amount inserted in the
figures box and again rule out any space not used after the numbers.
• When sending cheques in the post, send securely and avoid using window
envelopes.
It can make all the difference
Cheques are valuable and lack of care or attention in how they are stored and
actually written, either by hand or computer printed, can lead to misuse by
fraudsters and potentially to customer losses.
Remember to:
• Always keep cheques in a secure place and never leave cheques lying around
unattended in public areas during the day.
• Compare underlying paperwork with all cheques written.
• Use cheques in serial number order.
• Ensure all cheques remain in the book and that none are removed from the
middle or towards the back.
• Always account for spoiled cheques and destroy if appropriate, by shredding
where possible.
• Undertake cheque stock audits regularly.
• Reconcile bank statements upon receipt and report anything unusual.
• Never store cheques with the bank mandate.
• Limit your cheque book orders to avoid holding a large stock.
• Contact the bank if you have not received cheque books you were expecting.
• Avoid labelling the signature area on the cheque with any signing limits or
designations such as director or secretary.
Vishing
Vishing is when criminals pretend to be calling from your Bank and attempt to
obtain sensitive and personal information, such as user names, passwords and
card reader codes over the telephone i.e. acting.
A bank will never contact you to ask you to transfer funds to a ‘safe’ account.
Remember that it takes two people to terminate a phonecall. If you are
suspicious, say no to requests for information and terminate the call.
Always use a telephone number that you know to be a genuine one and never
use one that has been provided to you by the suspicious caller.
If a person approached you on the street and said they were from the bank and
requested this information from you, would you give it to them? Chances are you
wouldn’t so why give it to someone over the telephone?
If you think you have been a victim of this scam, contact the bank immediately.
http://www.ulsterbank.ie/roi/personal/safe-secure/stay-safe-online.ashx
Topic
Message
Computer
Scam
A computer/IT company will never contact you to tell you that you have a virus
on your PC and ask you to allow them to access your PC remotely.
This is a known scam, please do not fall victim to it.
If you have fallen victim to this scam, you should report it to your bank
immediately.
Courier Scam
A bank will never contact you to advise that there is an issue with your debit card
and arrange for a courier to collect both your card and pin from you.
•U
lster bank or the Police/Garda will NEVER contact you and tell you that they
are coming to your home to pick up your card, so never hand it over to anyone
who comes to collect it.
• Ulster bank will NEVER ask you to authorise anything by entering your PIN into
the telephone.
• NEVER share your PIN with anyone – the only times you should use your PIN is
at a cash machine or when you use a shop’s chip and PIN machine.
Invoice
Redirection
Fraud
We are aware that customers are continuing to receive fraudulent approaches
purporting to be from existing suppliers or creditors. The fraudster advises that
the bank details for the settlement of future invoices should be changed.
These approaches can be made over the telephone, by letter, fax and by email.
The request is not necessarily accompanied by any specific request for payment
but if the request is acted on, then the next legitimate payment will be made
direct to the fraudsters account.
Best practices for customers:
• Closely scrutinise all requests for payment.
•C
ontact the supplier or creditor to validate requests using contact details that
are known or that have been obtained independently from the request itself
e.g. Directory Enquiries or existing records within the business.
• Do not amend any payment details until entirely satisfied the request is
genuine.
• Consider sending confirmation letters to the supplier or creditor to ensure the
payment has been received by them.
Merchant
Engineer Scam
Customers may receive calls from individuals purporting to be from Merchant
Services. They will advise customers that they need to carry out maintenance on
their Point of Sale terminal.
The caller informs the business that their terminal is in need of maintenance and
makes an appointment to come to the premises. This appointment is not held
but the business customer receives a further call advising that the maintenance
can be carried out remotely. They are then asked to enter codes and run a batch.
This batch will include refund payments from the terminal to a card account.
Under no circumstances should you carry out the request to run the batch.
Topic
Message
Donating to
Charity Online
The season of goodwill is traditionally a time when charities actively seek
donations.
Most collections and appeals are authentic and legitimate, but unfortunately
fraudsters can exploit people’s charitable nature and steal money which the
donor thinks is going the help the charity. One of the most common ways of
doing this is online. Do not stop donating money to the good cause of your
choice. Instead, take a few simple precautions to protect yourself, and your
chosen charity, against online fraud.
How you can protect yourself and donate safely:
• Visit the charity’s own website by typing the website address into the browser
yourself, rather than clicking on a hyperlink embedded in an email.
• I f you receive unsolicited emails from charities you have never heard of or have
no association with, do not respond and do not click on links contained in them.
• Do not respond to requests to donate through a money transfer company such
as Western Union or MoneyGram, as this is a tactic commonly used in scams.
• Ensure that the charity is genuine before divulging personal details, or debit/
credit card or online banking information.
• When supporting disaster relief abroad, you could consider donating via the
Disasters Emergency Committee website.
• If you are still in any doubt, a legitimate charity will happily advise you on other
ways to give on their website or via a phone call.
• If you think you may have given your account details to an impostor or bogus
charity, contact your bank immediately.
Corporate
Identity Fraud
Fraudsters are constantly looking for new ways to exploit any weaknesses
in legitimate and successful businesses and everyone connected with such
businesses is a potential target.
How safe is your corporate identity?
Corporate identity fraud costs businesses millions of pounds per year. Criminals
can file false documents with Companies House/Company Registration Office
to change details of your company’s directors and registered office and then
use its identity for fraudulent purposes. The impact on your company could
include correcting public records, repairing credit ratings and rebuilding supplier/
client confidence.
To help protect the identity of your company:
• Regularly check the registered details of your company and its directors.
• Validate information with other independent sources of information such as:
➢
• Trade Associations
➢
• Professional Bodies
➢
• The Internet, you should exercise caution, however, when using this
channel to verify information, as fraudsters have been known to create
false web sites. For added security, always attempt to corroborate
information via a number of different sources.
➢
• Monitor domain name registrations similar to yours. Consider registering
common misspellings and variations of your company name.
➢
• Keep up to date on important fraud warnings.
Topic
Message
Overpayment
Fraud
Fraudsters will often purchase genuine items online but will ‘overpay’ for the
item by way of cheque/draft. You will then be contacted and asked to make an
online transfer for the difference. You should never transfer funds without being
100% confident that the cheque/draft will not be returned unpaid. If you think
you have been the victim of such a crime then you should report it immediately
to your bank and the local police/garda station.
Download