Skip to content

Detecting Fraud

What is Business Email Scam?

Business email scams are a type of fraud in which businesses receive email communication from fraudsters pretending to be their suppliers or vendors. Through these emails, the fraudsters usually inform a business that the bank account details of the vendor or supplier have changed.

According to the latest data, since October 2013, worldwide losses from business email scams have crossed US $1.2 billion. Such incidents have also been reported by various businesses in the UAE.

What is the modus operandi of the fraud?

Fraudsters get access to the email ID of a trade partner of the victim through email hacking/password compromise etc. and sometimes create a similar looking email ID. They then communicate with the victim through this compromised/look alike email ID.

In order to gain trust and establish credibility, fraudsters use a previous email thread between the trade partners making the victim feel as if they are dealing with their genuine trade partner.

Once they have established the rapport, they request that pending/fresh payments be made to a different bank account citing some reasons like problem with the existing account, ongoing audit or taxation problem etc.

This scam ultimately results in the fraudsters receiving money from the victim and trade partners may get into a dispute about who is responsible for the fraudulent payment.

What can be done to avoid falling victim to Business email scams:

01

Confirm requests for transfers of funds and changes in vendor payment accounts through alternate mediums such as a previously used phone number or fax

02

Keep your PC/phones updated with latest anti -virus/anti malware to prevent email compromise

03

Be careful when posting financial and personal info on the internet

04

Should you become a victim of a business email scam, you should immediately notify the us. A funds recall message can then be sent to the beneficiary bank by the remitting bank and if funds are available in the beneficiary account, they may get returned. Victims should also consider filing a police complaint


Note: This is issued in public interest by us and it bears no responsibility if even after following the above prevention steps, one becomes victim of fraud.

What are phishing attacks?

Phishing attacks are deceptive emails created by criminals, in an attempt to acquire your personal information.

What is a fraudulent/spoofed website?

A fraudulent website in our case may look like a legitimate FGB website with similar graphics and content. You may come across this if you receive a fraudulent email containing a ‘Click Here’ link, leading you to a fake website. If you accidentally visit such a website, you may be asked for some of your personal information such as password, account number and other sensitive information.

Be on the lookout for:

01

Urgency: Text asking you to give your password and other requested details, or else your account will be suspended, etc.

02

Links: These may direct you to a fraudulent website or a pop-up that asks you for sensitive information

How do I know if I’m using my bank's site?

Don’t rely on links provided in the email. Rather, open a new browser window and type in the full address for the site you are trying to visit.

Fraudulent websites may contain spelling errors, lucrative offers, prizes, job offers etc.

The best way to find whether you are at a spoofed site is to verify the certificate. Our online banking is over SSL with 128 bit encryption.

What is SIM Replacement Fraud?

SIM replacement fraud is done by fraudsters to conduct fund transfer frauds. This allows them to receive calls/messages on behalf of the victim through which they can complete the fraudulent fund transfer transactions.

What is the modus operandi of the fraud?

Fraudsters impersonate and obtain a duplicate SIM for the mobile number of the victim; they then place the fund transfer requests with victim’s bank by forging signatures or by using compromised login credentials.

When the concerned bank contacts the customer to validate the fund transfer transaction, a fraudster answers the call and provides the required details. Alternatively fraudsters get access to a transaction code sent by the bank to the customer's number and confirm the transaction through electronic channels.

Victim comes to know about the fraud after checking their bank statement, or when they realise that their mobile phone is not working. It's only upon getting a fresh SIM that they find out about unauthorised fund transfers that took place.

What can be done to avoid falling victim to this fraud?

01

Please keep your contact details updated with your bank, if any of your phone numbers are not working update the new number immediately with the bank

02

As soon as you realise that your phone is not working, call your bank and consider putting a debit freeze on your account

03

Contact your telecom service provider and inquire whether any duplicate SIMs/Multi SIM have been issued for your mobile number. If any have been issued without your consent, get them deactivated

04

Keep your laptop/PC/mobile phone updated with latest anti-virus/malware to prevent against data compromise


Should you become a victim of fraud, you should immediately notify the concerned bank and also demand details from the telecom service provider about duplicate SIMs issued for your number. A funds recall message can be sent to the beneficiary bank by the remitting bank and if funds are available in the beneficiary account, they may get returned. Victims should also consider filing a police complaint.

Note: This is issued in public interest by us and it bears no responsibility if even after following the above prevention steps, one becomes victim of fraud.

Fraud trends and how to safeguard against them

There are always bad people looking out for victims from whom they can swindle money. In order to ensure you don’t fall victim to such scams/frauds, we'll share some quick tips, which can help in safeguarding your interests.

01

Any email communication received that's asking for change in the bank account details of your business partner, supplier, customer, staff, trade partner etc., should be verified through a known phone number. Don’t rely on the phone number mentioned in such emails

02

Conduct your payment reconciliation on a regular basis with suppliers and customers. Any payments which were supposedly made but not received by your supplier or by you from your customer should be verified over the phone

03

Always look out for minor changes in the email ID of recipient/sender. For example maheknu123@yahoo.com and mahenku123@yahoo.com may look similar but are different

04

Invest in a good antivirus/anti-malware software to protect your office PCs/mobile phones against cyber crimes

05

If you notice any fraud, immediately refer it to your bank and also consider reporting it to law enforcement agencies

06

Beware of any investment offers by prospective investors/intermediaries who ask you for some advance payments. Conduct due diligence about such entities

07

Always keep your contact details updated with the bank, including mobile number, PO Box, fax number

08

Please immediately report any disputed transaction in writing by providing complete details to the bank


Note: This is issued in public interest by us and it bears no responsibility if even after following the above prevention steps, one becomes victim of fraud.