Blog: combating cyber crime
It’s a sad fact that as technology becomes increasingly sophisticated, so do the techniques employed by criminals to commit fraudulent activity. Here, Paul McCluskey, head of professional practices at Bank of Scotland, examines different methods employed by fraudsters, and how best to combat them.
Social engineering is an evolving practice that combines psychological manipulation and hi-tech methods in order to steal vital sensitive information, such as passwords, data or PIN numbers.
It’s a method that takes various guises, including the use of attachments on emails, which enable fraudsters to access your files and track your key strokes should they be opened. There’s also emails which replicate those sent by your bank, including a clone of its website, inviting unsuspecting recipients to enter their username and password details.
Other fraud techniques involve criminals making phone calls purporting to be from your bank, with sophisticated technologies allowing a genuine phone number from the bank to display on your caller ID, adding a sense of legitimacy.
Fraudsters can even manipulate your phone lines. This enables them to intercept any attempt to verify that the email you have received is genuine, impersonating a representative of the bank in the process in order to gain even more sensitive information.
With criminals constantly “upping their game”, it’s imperative to take steps to protect your interests. Whilst it’s important to be cautious in the event of activity that appears to be even slightly suspicious, investing in the necessary anti-fraud measures, and constantly reviewing them to ensure they remain up to date, should also be a priority.
Often, it can seem that purchasing or renewing your anti-virus software is an unnecessary expense, but the truth is that it’s a fundamental means to protecting the interests of your business.
This is imperative, because in a case where a password is fraudulently obtained as a means to steal money, the onus is on the victim to prove that robust measures were in place that should have prevented the crime from taking place. If you find yourself unable to do so, the results can be catastrophic, with no legal recourse to recoup the stolen funds.
As the old saying goes, prevention is better than cure, and it’s advisable for you to take action now to avoid these issues from occurring within your business.
The first step is to ensure your virus checker is up to date, fit for purpose, kept updated, and run without fail each day. This should be software that covers vishing, malware, phishing, Trojan virus, firewalls, anti-key loggers, intrusion detectors and bot herders – and even if you’re not familiar with those terms, any experienced IT technician that you employ or contract should be well-versed.
It’s also worth considering investing in a dedicated terminal for online banking, which is separate from those used for emails, ensuring that any attempted social-engineering scams can be thwarted.
In the event that you receive a suspicious request, it’s also worth double-checking that it’s genuine by calling your bank from a different phone, such as your mobile rather than the office line, and going to a known contact first before trying a public line.
All in all, vigilance is key. Remember, no bank will ever ask for full online log-in details, passwords or card and reader codes on the phone. If in doubt, it’s always advisable not to take any risks, and to protect your business.