This guidance was provided by Lloyds Banking Group in response to a recent rise in Vishing and Social Engineering frauds.
We’ve seen a rise in the number of fraudsters targeting businesses using telephone scams and using new approaches in an attempt to catch businesses off guard.
They will call and purport to be a member of bank staff, telling you there are suspicious transactions appearing on your business account. They’ll claim to be calling to make sure that any fraudulent transactions don’t go through.
Fraudsters can make the call appear to be coming from a familiar bank telephone number, so it looks genuine on your incoming caller ID. If they have previously obtained debit or credit card details from a business, another tactic used is to submit an online card transaction, for example ordering a takeaway pizza to a different address, knowing the bank will decline it, but also knowing that it will trigger a ‘declined card transaction’ text message from the bank to the business. Fraudsters then claim to be the bank on the phone, following up on the text message about the attempted card fraud.
They might ask you to provide online banking card reader details which they will tell you is to prevent fraudulent payments, or they’ll say you need to transfer funds into what they will say is a new ‘safe account’ set up for your business, one which in reality is fraudulent.
Sometimes they will tell you to visit a specific webpage URL or click on a link they send to you, which downloads remote access software to your PC. This software enables them to control your PC, or view passwords and card reader codes you input on screen, which they can use to steal your business funds.
In some cases, callers can instruct you to make payments to an existing beneficiary which they claim will help ‘protect’ your funds, but the fraudster then contacts that beneficiary to persuade them to send the funds to a different account they control.
Please make sure that you and your colleagues are aware of the continual threat that scam callers pose. Remind them:
- To always independently verify a caller, regardless of how genuine they sound on the phone.
- The Bank will never ask for card reader codes over the phone, via email or text message.
- You should never log on to online banking, visit a website, download anything, or divulge what is on your screen to anyone who calls out of the blue.
- To always log into online banking via the bank’s known website – we will never advise you to visit a different site.
- We will never tell you to make a payment to one of your existing beneficiaries, or a safe account to protect your funds.
If your business receives a scam call, end the call immediately and call your bank.
The Bank of Scotland has a comprehensive Fraud Prevention Training video which you can view here.
Related content
Our devices contain more work, personal and financial data than ever before. Follow the NCSC guidance to protect yourself, your data and digital privacy.
The NCSC has just launched its latest Cyber Aware campaign which provides actionable advice on defending digital assets against the very real threat of online scams and hacking. Securing your most important accounts begins with following two simple steps.
Top tips for spotting tell-tale signs of a phishing attack.