We use cookies on our website to show you content we think is relevant to you, to manage the technical operations of our website, and analyse our traffic to further improve our website. We may share information about your use of our site with our social media, advertising and analytics partners. By clicking "Accept", you agree to the use of all cookies as described in our Cookie statement or "Do not accept" to only use cookies strictly necessary for the functioning of the site.

Wholesale Banking

How to reduce spoofing fraud risk

Fraudsters are always looking for personal information to - in the end - steal your company's money. This is what we call phishing. One way fraudsters try to win your trust is pretending to be someone or something else, also called spoofing. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address. So be wary of spoofing when someone calls or emails you on behalf of ING.

Most common types of spoofing

One way of spoofing is when fraudsters call you and pretend to be an ING employee. This ‘ING employee’ will try to gain your trust and get your personal details to access InsideBusiness. He might even try to convince you to execute a transaction. Sometimes you will see ING’s telephone number on your screen. The fraudsters use a trick to impersonate the number of ING calling. 

Another example of spoofing is email address spoofing. The fraudsters will fabricate an email that looks like it is coming from ING, hoping you will click on a link and install ransomware or give personal information. 

How to recognize spoofing

Be aware when someone asks you for personal information. We will never ask you to: 

  • Give (a copy of) an ID or passport (besides when you open a new bank account). 
  • Share your credentials (like login code, authorization code, mobile app activation code or PIN code). 
  • Transfer money to another account because of 'suspicious activities'. If we suspect fraud, we will block (the payment function of) your account.
  • Install software to help you remotely. 

We will also never send an email, text message or app with a link that goes directly to InsideBusiness login page. If you encounter any of these situations, do not continue and contact us to report this fraud attempt.

Reduce the risk of spoofing

To reduce the risk, be aware that you are a target. Remain suspicious of anyone asking for banking or account information by phone, email, WhatsApp or SMS. And never give your credentials or personal information to others. 

Besides that, you can set up the four-eye principle for your payments, also called segregation of duties. This can be done in two ways:  

  • Implement dual signing for all your users. 
  • Have a user group that can only initiate a payment and another group that signs them.  

This way every payment is validated by a second or third person. It also ensures that payments are not altered and mistakes can be corrected before execution.  

Set up the four-eye principle in InsideBusiness

Start right away and set up the four-eye principle in InsideBusiness. This can be done by your corporate admin or by ING if you do not have a corporate admin. You can set up thresholds: above a certain amount of money paid a third person must sign the payment to make it even more secure. 

Received a spoofing email?

Did you receive a spoofing email? Please report these fraudulent emails and websites to valse-email@ing.nl. We will take the appropriate actions.

 

Find out more