How to reduce eBanking fraud risk
Every day fraudsters find new ways to target you. By now they realise that emails with broken English are not going to fool you, so they are upping their game. Nowadays fraudsters' emails are really hard to differentiate from ING Wholesale Banking communication. Fortunately, there are a few things you can do to protect yourself.
What do fraudsters do?
eBanking fraud covers all kinds of phishing and malware infections. It can affect both your company and your private life. Whatever the case, cybercriminals will try to steal money by luring you to give up identification codes. Fraudsters target you in various ways, some of which are explained below. Please take your time to inform yourself about the topic to prevent being tricked.
Fake Google Ads
You google for "login InsideBusiness" (or similar queries) and, as the top result, you get a fraudulent Google Ad leading to a fake ING Wholesale Banking or InsideBusiness webpage. These fake pages are almost indistinguishable from the real ones. Fraudsters will try to obtain your login credentials through this fake website.
Trickster 'bank employee'
You receive a call from the fraudster pretending to be a bank employee, and they ask you to perform some sort of security check or 'update', requiring you to generate one or multiple response codes with your smartcard and reader. A real employee will never ask you to do this.
You receive an SMS which seems to come from ING with a link to a fake ING Website. You click on the link and once you land on the fake website you are asked to fill in codes and personal data. While you are doing this you are called by a fake ING agent on your mobile asking credentials needed for fraudulent enrolment of the fraudsters. Once the fraudsters are enrolled they can take over your account and transfer all of your money out of your account.
Malware infections typically occur by opening attachments or links in a malicious email you have received or by visiting compromised websites which exploit vulnerabilities in your browser or operating system to install malware on your PC. Once active, several scenarios are possible, depending on the type of malware. Ultimately, all these scenarios lead to the malware trying to steal your personal data and execute fraudulent payments on your behalf.
What can you do to protect yourself?
- Keep your PIN and generated security codes secret. Never reveal these secret codes to anyone who asks for them. ING staff will never ask you for your codes or PIN. If someone is asking for them, end the conversation and inform your bank about the incident.
- Always check if Google Search results and Google Ads lead you to ING’s safe and secure websites: ingwb.com or new.ingwb.com.
- ING will not send you an SMS with a request to follow a link.
- Check that you go to the correct login page: https://insidebusiness.ingwb.com/.
- Besides the URL also check the padlock in the address bar of your browser. That means that the connection is secure and you can check that the certificate has been granted to ING Group N.V.
- Implement dual signing. The person who adds the second signature has an external look at the transaction and can detect fraud more easily. Never leave both signatures in the hands of the same person and check what you are signing. Also make sure that 1st and 2nd signers use different PCs as this will increase your chance of detecting fraudulent payments created by malware. Even if your account has been taken over by fraudsters they still cannot execute a payment because they also need the second signature.
Other tips to stay secure
- Never generate a security code when not accessing or using online banking yourself.
- Always check the details, i.e. amount, beneficiary name and account numbers of all payments you are about to sign.
- Always close an active web browser session properly by clicking on ‘Log out’ and never leave your computer unattended when you have an active session. Close the session or lock your computer.
- Check your statements and reconcile them regularly. View your debits and credits regularly at least once a week.
- Protect your work environment by reading and applying the information ING has provided with regards to ensuring a safe work environment.
- On a periodical basis, check your registered access means for InsideBusiness, and the access means of your colleagues.
Download our 'Safeguard your business against eBanking fraud' leaflet and distribute it within your company to raise awareness among colleagues.