Invoice Redirection Fraud
One of the most common fraud scenarios is for a criminal to pose as your regular supplier/partner, tricking you into sending an outstanding payment to their account instead of your supplier’s. The criminals do that by getting access to your supplier’s email. They then change a pending invoice’s account number for their own, and forward it to you for payment.
To protect yourself:
- Always double-check the payee details before submitting a payment. Do not rely only on the details found in an email. If you’ve done business with this supplier before, check past invoices on file, to verify that the payment details match those you’ve successfully used in the past.
- Enable “Two-step verification” for your email. This will prevent a fraudster from accessing your email if they guess your password (or trick you into revealing it to them, e.g. via Phishing). They will need additional information, such as a code (that changes every time you access your email) sent to you via SMS or to a specialized mobile app. This will help prevent fraudsters from sending on your behalf altered payment orders.
Social engineering and Phishing
Social engineering is a fraudster's attempt to trick you into taking an action you should not (e.g. reveal your personal or account information, click on a link or open an attachment, send money to win an award) by pretending to be someone you know or a reputable organization. Its most common form is Phishing, where a fraudster will contact you by email and urge you to click on a link or download an attachment so that they can take control of your device (computer, smartphone, tablet) to then, possibly, blackmail you for money or use your personal information and security codes to impersonate you and act on your behalf. Besides email, fraudsters may also attempt to trick you via SMS, a phone call, or by using social networking sites.
Blackmail is usually done via the technique of Ransomware, where the fraudster locks all your files and asks for money in order to give your files back. If you experience a Ransomware attack, contact the police.
You may also wish to visit https://www.nomoreransom.org/ (external site) for more information on Ransomware attacks.
Always be suspicious. Emails, phone numbers, or SMS messages can easily be faked. Do not always trust the name and number you see. Take some time to check the sender's details (email address or phone number). Instead of taking an action or replying in a hurry, call on official numbers to verify the identity of the sender/caller.
How to spot a phishing attack
Always check the sender’s email address – not just the name – and place your mouse over the link, before clicking it, to see the website you will be directed to. Be extra cautious when the website does not start from “https,” where “s” stands for secure, and when the website name is irrelevant to the name of the entity you wish to visit.
Common phishing attacks
If it sounds too good to be true... it is probably a scam! If it sounds very important and urgent… it is probably a scam! Fraudsters will try to lure you by offering unrealistic proposals and gifts, or by spreading fear and creating panic. Receiving an email with a subject, “You are the lucky winner!” or “Your account is restricted - Take action now” should always alert you. PayPal and DHL are very often used by fraudsters since they both provide their services worldwide and, thus, there is a good chance that you will know and use them. Fraudsters impersonate PayPal and DHL and send phishing emails in an attempt to trick you into clicking on a link or opening an infected attachment so that they will steal your passwords or infect your computer with a virus to be able to control it (e.g., take screenshots or transfer files). Ask yourselves: “Did I use PayPal for this transaction?” Am I waiting for a DHL parcel?” Always choose to visit the official website to login and check for any messages, and never follow links received in emails.
Be careful of OTP fraud
Digital authorizations and online payment transactions use One-Time Passwords (OTP) as a stronger security control, which are usually valid for a specific event executed at a specific time. Fraudsters may use a range of techniques to social engineer you and steal your OTP, such as contacting you via phone and claiming that they are a representative of your Bank, calling you to confirm or update your information in the Bank’s systems.
- NEVER share any of your security codes, including OTPs, with anyone.
- ALWAYS ask to call back and use their website to call to the official telephone number, prior sharing any personal data. The official website of Hellenic Bank is https://www.hellenicbank.com/ and the official telephone number is 8000 9999 (or +357 22 500 500 if calling from outside Cyprus).
Identity theft is a method used by fraudsters where they collect your personal details, e.g. name, id number, address, etc., to impersonate you and apply for credit cards and loans, buy expensive goods, withdraw money, or commit a crime in your name.
How to identify and prevent Identity Theft:
- Be careful of the information you share on social media sites.
- Be suspicious about any phone calls, texts, or emails asking for personal information. Ask to call back and use their website to call to the official telephone number, prior sharing any personal data.
- Check your balance and account statements frequently.
Fraud experts often choose romance scam to extract large sums of money as "loans" using charm and persuasion. Once they finally achieve their goal, they disappear and never return the money.
How Romance Scams Work:
• Scammers contact you via a dating online platform, where they show interest about you and they constantly compliment you.
• They state that they want to get to know you better and ask many personal questions in order to understand your personality and soft spots.
• Once a feeling of trust has been established, they will pretend they are in trouble, and ask for your help, i.e. to "borrow" money.
How to spot a romance scam:
• The scammer asks you for a lot of personal information, but they share very little about themselves.
• They claim to be in love in a very short time.
•They are compassionate and kind and at the same time tormented by many problems.
•They intend to visit you but something unexpected happens at the last minute and they cancel it.
Common reasons a scammer will use to ask for money:
1) They desperately want to travel to see you or to get married, but they have no money to cover the travelling cost.
2) A relative is very sick and needs urgent surgery but they cannot afford to pay for it.
3) A rich relative died leaving them a large heritage, but in order to access the money, they must first pay a sum.