How to reduce spoofing fraud risk
Fraudsters are always looking for personal information to - in the end - steal your company's money. This is what we call phishing. One way fraudsters try to win your trust is pretending to be someone or something else, also called spoofing. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address. So be wary of spoofing when someone calls or emails you on behalf of ING.
Most common types of spoofing
One way of spoofing is when fraudsters call you and pretend to be an ING employee. This ‘ING employee’ will try to gain your trust and get your personal details to access InsideBusiness. He might even try to convince you to execute a transaction. Sometimes you will see ING’s telephone number on your screen. The fraudsters use a trick to impersonate the number of ING calling.
Another example of spoofing is email address spoofing. The fraudsters will fabricate an email that looks like it is coming from ING, hoping you will click on a link and install ransomware or give personal information.
How to recognize spoofing
Be aware when someone asks you for personal information. We will never ask you to:
- Give (a copy of) an ID or passport (besides when you open a new bank account).
- Share your credentials (like login code, authorization code, mobile app activation code or PIN code).
- Transfer money to another account because of 'suspicious activities'. If we suspect fraud, we will block (the payment function of) your account.
- Install software to help you remotely.
We will also never send an email, text message or app with a link that goes directly to InsideBusiness login page. If you encounter any of these situations, do not continue and contact us to report this fraud attempt.
Reduce the risk of spoofing
To reduce the risk, be aware that you are a target. Remain suspicious of anyone asking for banking or account information by phone, email, WhatsApp or SMS. And never give your credentials or personal information to others.
Besides that, you can set up the four-eye principle for your payments, also called segregation of duties. This can be done in two ways:
- Implement dual signing for all your users.
- Have a user group that can only initiate a payment and another group that signs them.
This way every payment is validated by a second or third person. It also ensures that payments are not altered and mistakes can be corrected before execution.
Set up the four-eye principle in InsideBusiness
Start right away and set up the four-eye principle in InsideBusiness. This can be done by your corporate admin or by ING if you do not have a corporate admin. You can set up thresholds: above a certain amount of money paid a third person must sign the payment to make it even more secure.
Received a spoofing email?
Did you receive a spoofing email? Please report these fraudulent emails and websites to firstname.lastname@example.org. We will take the appropriate actions.
Know more about fraud prevention
Go to banking safely page.