Social engineering and Phishing
Social engineering is a fraudster's attempt to trick you into taking an action you should not (e.g. reveal your personal or account information, click on a link or open an attachment, send money to win an award) by pretending to be a trusted entity. Its most common form is Phishing, where a fraudster will contact you by email, SMS, phone, or social networking sites. They will usually urge you to click on a link or download an attachment so that they can take control of your device (computer, smartphone, tablet) to then blackmail you for money.
Blackmail is usually done via the technique of Ransomware, where the fraudster locks all your files and asks for money in order to give your files back. If you experience a Ransomware attack, contact the police.
You may also wish to visit https://www.nomoreransom.org/ (external site) for more information on Ransomware attacks.
Always be suspicious. Emails, phone numbers, or SMS messages can easily be faked. Do not always trust the name and number you see. Take some time to check the sender's details (email address or phone number). Instead of taking an action or replying in a hurry, call on official numbers to verify the identity of the sender/caller.
Invoice Redirection Fraud
One of the most common fraud scenarios is for a criminal to pose as your regular supplier/partner, tricking you into sending an outstanding payment to their account instead of your supplier’s. The criminals do that by getting access to your supplier’s email. They then change a pending invoice’s account number for their own, and forward it to you for payment.
To protect yourself:
- Always double-check the payee details before submitting a payment. Do not rely only on the details found in an email. If you’ve done business with this supplier before, check past invoices on file, to verify that the payment details match those you’ve successfully used in the past.
- Enable “Two-step verification” for your email. This will prevent a fraudster from accessing your email if they guess your password (or trick you into revealing it to them, e.g. via Phishing). They will need additional information, such as a code (that changes every time you access your email) sent to you via SMS or to a specialized mobile app. This will help prevent fraudsters from sending on your behalf altered payment orders.