ECSM Cyber scam flyer

Top cyber financial frauds. Tips for their detection and data protection

If yesterday we celebrated the European Day of Data Protection (held annually on January 28 by all the member states of the Council of Europe), we thought to bring to your attention some of the most common cyber financial frauds - encountered at organizational or personal level - briefly showing you how they work, tips for finding and countering them.

1. “Message from the boss” fraud. In specific emails or phone calls, employees are required to make urgent payments / bank transfers by "superiors" (often managers who normally do not contact them directly). This type of fraud is distinguished by exerting pressure in the context of an alleged emergency, failure to comply with internal procedures, requesting confidentiality, using a persuasive language, etc. In order not to become the victims of such frauds, especially since the perpetrators are in general well informed about the company:

• strictly follow the company’s security procedures for payments and purchases;

• carefully check your email addresses when you receive requests for sensitive information / money transfers;

• never open suspicious links or attachments received by email. Be very careful when checking your personal email on the work computer;

• avoid publishing data about company management, security or procedures.

2. Invoice fraud. Through an approach that can take place on multiple channels (by telephone, e-mail, etc.), the author contacts a company claiming to be the representative of a supplier and requesting the modification of bank data (account number, bank to which it is open) for future payments. To be sure you do not fall into the trap of making payments to a new account owned / controlled by a potential cyber criminal:

• check any such request, especially if bank details change is required;

• use the contact data from the previous correspondence to verify the request;

• for payments over a certain amount, implement an additional verification procedure with the beneficiary;

• establish unique contact points with partner companies to which you make regular payments.

3. Phishing emails. We are talking here about fake messages that mislead the recipients to disclose their personal, financial or security data. Based on an official / identical look to the original, these emails mimic the logo and design of real messages and use a language that suggests urgency, requesting the download of an attachment or the opening of a link. What can you do to prevent fraud by this method?

• permanently update the computer programs, including the operating system;

• be extremely careful if you receive messages "from the bank" asking for sensitive data (account data, passwords, etc.);

• read the messages carefully - compare the sender's address with the one of the previous correspondence and check for possible mistakes of expression;

• do not respond to suspicious messages - possibly, you can forward them to your bank, writing the address;

• do not open links and download attachments from such messages.

4. Phishing phone calls. When a cyber criminal calls you and - using various pretexts - convince you to disclose personal and / or financial data or transfer money, we talk about vishing ("phishing" + "voice").

• pay attention to phone calls received from strangers - ask for the caller's number and tell him / her to come back;

• to verify their identity, call the organization on whose behalf they claim to be calling;

• even if I send you a number to which you can contact them, do not consider this as a way of verifying the exposed reality;

• cyber criminals can find information about you in the online environment, especially on social networks. Do not take any phone for good, just because the caller knows something about you;

• do not transmit by telephone the PIN code or password from the Internet Banking account. The bank will never ask you this way.

• do not transfer money to strangers who request this. If you have any doubts, contact the bank.

These are just a few of the cyber financial frauds you can encounter, the list being supplemented by online shopping frauds, setting up false sentimental relationships to obtain financial data, phishing via SMS, fake banking sites - about which you can find out more in a special material made by Europol in partnership with the Romanian Police (download PDF).