The Twelve Frauds of Christmas

The Twelve Frauds of Christmas Ulster Bank Ireland Limited. A private company limited by shares, trading as Ulster Bank, Ulster Bank Group and Banc U...
17 downloads 0 Views 123KB Size
The Twelve Frauds of Christmas

Ulster Bank Ireland Limited. A private company limited by shares, trading as Ulster Bank, Ulster Bank Group and Banc Uladh. Registered in Republic of Ireland. Registered No 25766. Registered Office: Ulster Bank Group Centre, George’s Quay, Dublin 2. Member of The Royal Bank of Scotland Group. Ulster Bank Ireland Limited is regulated by the Central Bank of Ireland.

Ulster Bank is committed to educating our customers to help them avoid becoming victims of fraud. We have created the twelve frauds of Christmas that we suspect criminals may use during the festive period. These have been compiled with the aim of highlighting these fraudulent activities and increasing awareness, together with providing advice to help prevent you from becoming a victim of this type of crime. If you are unfortunate enough to become a victim of fraud, it is important that you report it to your bank and local police station.

Topic

Message

Bankline Fraud There has in recent months been an increasing trend in Fraudulent attacks on eBanking Platforms across the Banking Sector, therefore we would like to draw your attention to the following Tips, which we would ask you to share with any member of staff who has access or details of your Business’ Bank details. We will never ask for your full PIN & password online: only 3 random digits from each are needed to log in. We will never ask for your PIN & password or any smartcard codes over the telephone: beware of imposters. We will never ask for smartcard codes to log in: these codes are used to authorise payments. Trusteer Rapport is free security software that we recommend to all customers in order to protect your details while using online banking. It can be downloaded from our website as follows: http://www.ulsterbank.ie/roi/personal/safe-secure/rapport/system-requirements.ashx Plastic Card Fraud

Our customers are the front line against card fraud, which can result in a double theft: against the genuine cardholder and against the company. Remember: Authorisation of a transaction does not guarantee payment. It will only establish that, at the time of the transaction, there are sufficient funds available to cover the payment and that the card has not been reported lost, stolen or compromised in any other way. Cardholder present Chip & PIN transactions: • Follow the prompts on your terminal. • Ask the cardholder to enter their PIN. • I f a Chip & PIN card is not processed correctly, you may be held liable for the transaction in the event it is later confirmed to be fraudulent. Not all cards in circulation have chip technology. If the card is not Chip & PIN enabled, you should take the opportunity to check the security features as you have sight of the card. Virtually all Irish cards are Chip & PIN. Extra vigilance should be taken when accepting cards that are not Chip & PIN. NB. Not all overseas card issuers have yet upgraded to Chip & PIN. Be aware that some fraudsters spend a long time building credibility and are very confident and plausible. Cardholder not present transactions: Cardholder not present transactions by their nature present a higher risk to your business, because there is no opportunity to physically check the card or meet the cardholder. Although the majority of payments will be completely genuine, this type of transaction is appealing to fraudsters because it increases the opportunity for anonymity. Be particularly wary of: • A customer who offers two cards as payment for one order – this is not permitted under card scheme rules. • A customer who provides several cards for payment after the initial and any subsequent authorisation requests have been declined.

Topic

Message

Plastic Card Fraud Continued

For further guidance please refer to your Merchant Operating instructions.

Phishing

Phishing is a fraudulent attempt, usually made through email, to steal your personal information. In order for fraudsters to successfully “phish” your personal / banking details they must get you to go from an email to a fraudulent website or have you open an attachment to install malicious malware / Trojans onto your device.

Additional information is also available at: www.financialfraudaction.org.uk www.streamline.com www.visa.co.uk or www.visa.ie www.mastercard.com www.theukcardsassociation.org.uk

Phishing emails are usually sent in large batches. Watch out for generic salutations such as “Dear Customer”, if you don’t see your name – be suspicious. Internet criminals want you to provide your personal information now. They do this by making you think something has happened and require you to act fast. The faster they get your information, the faster they can move onto another victim. http://www.ulsterbank.ie/roi/personal/safe-secure/stay-safe-online.ashx Cheque Fraud

Fraudsters continue to use cheques as instruments to exploit any opportunity to make money at our customers’ expense. From the simple interception and alteration of cheque payee or amount details to cheque printing and forging of customer signatures, the technology used by the Fraudster can be really effective. It can be astounding how a forged or altered cheque can look. Ulster Bank uses a whole range of anti-fraud prevention and detection processes in the ongoing fight against financial crime. But we also depend upon our customers to be vigilant and follow good practices in order to prevent such criminal activity. The fact is cheque fraud has become more ‘organised’, advances in computer and printing technology, coupled with the relatively low cost of equipment, mean that the fraudster can now target almost any cheque written. So what can be done and what part can you play to ensure that you do not become the target of a well orchestrated or even opportunistic fraud attempt? When writing cheques: • Begin writing/printing at the very left of the cheque. • When paying a cheque to a large organisation such as the Inland Revenue, do not make the cheque payable simply to that organisation. Add further details into the payee line e.g. Inland Revenue re: J Jones reference xxx. Draw a line through unused space on the cheque so unauthorised people cannot add extra details. The same principle would apply when making a cheque payable to a bank or a building society. • Do not leave large spaces between words and rule out the space not used after the words in each line.

Topic

Message

Cheque Fraud Continued

•D  o not leave space between the ‘£/€’ sign and the amount inserted in the figures box and again rule out any space not used after the numbers. • When sending cheques in the post, send securely and avoid using window envelopes. It can make all the difference Cheques are valuable and lack of care or attention in how they are stored and actually written, either by hand or computer printed, can lead to misuse by fraudsters and potentially to customer losses. Remember to: • Always keep cheques in a secure place and never leave cheques lying around unattended in public areas during the day. • Compare underlying paperwork with all cheques written. • Use cheques in serial number order. • Ensure all cheques remain in the book and that none are removed from the middle or towards the back. • Always account for spoiled cheques and destroy if appropriate, by shredding where possible. • Undertake cheque stock audits regularly. • Reconcile bank statements upon receipt and report anything unusual. • Never store cheques with the bank mandate. • Limit your cheque book orders to avoid holding a large stock. • Contact the bank if you have not received cheque books you were expecting. • Avoid labelling the signature area on the cheque with any signing limits or designations such as director or secretary.

Vishing

Vishing is when criminals pretend to be calling from your Bank and attempt to obtain sensitive and personal information, such as user names, passwords and card reader codes over the telephone i.e. acting. A bank will never contact you to ask you to transfer funds to a ‘safe’ account. Remember that it takes two people to terminate a phonecall. If you are suspicious, say no to requests for information and terminate the call. Always use a telephone number that you know to be a genuine one and never use one that has been provided to you by the suspicious caller. If a person approached you on the street and said they were from the bank and requested this information from you, would you give it to them? Chances are you wouldn’t so why give it to someone over the telephone? If you think you have been a victim of this scam, contact the bank immediately. http://www.ulsterbank.ie/roi/personal/safe-secure/stay-safe-online.ashx

Topic

Message

Computer Scam

A computer/IT company will never contact you to tell you that you have a virus on your PC and ask you to allow them to access your PC remotely. This is a known scam, please do not fall victim to it. If you have fallen victim to this scam, you should report it to your bank immediately.

Courier Scam

A bank will never contact you to advise that there is an issue with your debit card and arrange for a courier to collect both your card and pin from you. •U  lster bank or the Police/Garda will NEVER contact you and tell you that they are coming to your home to pick up your card, so never hand it over to anyone who comes to collect it. • Ulster bank will NEVER ask you to authorise anything by entering your PIN into the telephone. • NEVER share your PIN with anyone – the only times you should use your PIN is at a cash machine or when you use a shop’s chip and PIN machine.

Invoice Redirection Fraud

We are aware that customers are continuing to receive fraudulent approaches purporting to be from existing suppliers or creditors. The fraudster advises that the bank details for the settlement of future invoices should be changed. These approaches can be made over the telephone, by letter, fax and by email. The request is not necessarily accompanied by any specific request for payment but if the request is acted on, then the next legitimate payment will be made direct to the fraudsters account. Best practices for customers: • Closely scrutinise all requests for payment. •C  ontact the supplier or creditor to validate requests using contact details that are known or that have been obtained independently from the request itself e.g. Directory Enquiries or existing records within the business. • Do not amend any payment details until entirely satisfied the request is genuine. • Consider sending confirmation letters to the supplier or creditor to ensure the payment has been received by them.

Merchant Engineer Scam

Customers may receive calls from individuals purporting to be from Merchant Services. They will advise customers that they need to carry out maintenance on their Point of Sale terminal. The caller informs the business that their terminal is in need of maintenance and makes an appointment to come to the premises. This appointment is not held but the business customer receives a further call advising that the maintenance can be carried out remotely. They are then asked to enter codes and run a batch. This batch will include refund payments from the terminal to a card account. Under no circumstances should you carry out the request to run the batch.

Topic

Message

Donating to Charity Online

The season of goodwill is traditionally a time when charities actively seek donations. Most collections and appeals are authentic and legitimate, but unfortunately fraudsters can exploit people’s charitable nature and steal money which the donor thinks is going the help the charity. One of the most common ways of doing this is online. Do not stop donating money to the good cause of your choice. Instead, take a few simple precautions to protect yourself, and your chosen charity, against online fraud. How you can protect yourself and donate safely: • Visit the charity’s own website by typing the website address into the browser yourself, rather than clicking on a hyperlink embedded in an email. • I f you receive unsolicited emails from charities you have never heard of or have no association with, do not respond and do not click on links contained in them. • Do not respond to requests to donate through a money transfer company such as Western Union or MoneyGram, as this is a tactic commonly used in scams. • Ensure that the charity is genuine before divulging personal details, or debit/ credit card or online banking information. • When supporting disaster relief abroad, you could consider donating via the Disasters Emergency Committee website. • If you are still in any doubt, a legitimate charity will happily advise you on other ways to give on their website or via a phone call. • If you think you may have given your account details to an impostor or bogus charity, contact your bank immediately.

Corporate Identity Fraud

Fraudsters are constantly looking for new ways to exploit any weaknesses in legitimate and successful businesses and everyone connected with such businesses is a potential target. How safe is your corporate identity? Corporate identity fraud costs businesses millions of pounds per year. Criminals can file false documents with Companies House/Company Registration Office to change details of your company’s directors and registered office and then use its identity for fraudulent purposes. The impact on your company could include correcting public records, repairing credit ratings and rebuilding supplier/ client confidence. To help protect the identity of your company: • Regularly check the registered details of your company and its directors. • Validate information with other independent sources of information such as: ➢ • Trade Associations ➢ • Professional Bodies ➢ • The Internet, you should exercise caution, however, when using this channel to verify information, as fraudsters have been known to create false web sites. For added security, always attempt to corroborate information via a number of different sources. ➢ • Monitor domain name registrations similar to yours. Consider registering common misspellings and variations of your company name. ➢ • Keep up to date on important fraud warnings.

Topic

Message

Overpayment Fraud

Fraudsters will often purchase genuine items online but will ‘overpay’ for the item by way of cheque/draft. You will then be contacted and asked to make an online transfer for the difference. You should never transfer funds without being 100% confident that the cheque/draft will not be returned unpaid. If you think you have been the victim of such a crime then you should report it immediately to your bank and the local police/garda station.