What is a Business Email Scam?
Business email scams are a type of fraud in which businesses receive email communication from fraudsters pretending to be their suppliers or vendors. In these emails, the fraudsters usually inform a business that the bank account details of the vendor or supplier have changed.
What is the modus operandi of the fraud?
Fraudsters get access to the email ID of a trade partner of the victim through email hacking/password compromise etc. and sometimes create a similar-looking email ID. They then communicate with the victim through this compromised/lookalike email ID.
In order to gain trust and establish credibility, fraudsters use a previous email thread between the trade partners to make the victim feel as if they are dealing with their genuine trade partner.
Once they have established a rapport, they request that pending/fresh payments be made to a different bank account citing reasons like a problem with the existing account, ongoing audit or taxation problem etc.
This scam ultimately results in the fraudsters receiving money from the victim, and trade partners may get into a dispute about who is responsible for the fraudulent payment.
What can be done to avoid falling victim to business email scams?Confirm requests for transfers of funds and changes in vendor payment accounts through alternative means such as a previously used telephone or fax number
Keep your computer/mobile phones updated with latest anti-virus/anti-malware to prevent email compromise
Be careful when posting financial and personal information on the internet
Should you become a victim of a business email scam, notify us immediately. A funds recall message can then be sent to the beneficiary bank by the remitting bank and, if funds are available in the beneficiary account, they may be returned. Victims should also consider filing a police complaint
Note: Note: This is issued in the public interest by FAB India and it bears no responsibility if, even after following the above prevention steps, one becomes a victim of fraud.
What are phishing attacks?
Phishing attacks are deceptive emails created by criminals in an attempt to acquire your personal information.
What is a fraudulent/spoofed website?
A fraudulent website in our case may look like a legitimate FAB website with similar graphics and content. You may come across this if you receive a fraudulent email containing a “Click Here” link leading you to a fake website. If you accidentally visit such a website, you may be asked for some of your personal information such as your password, account number and other sensitive information.
Be on the lookout for:
Urgency: A text may ask you for your password and other requested details or your account will be suspended etc.
Links: These may direct you to a fraudulent website or a pop-up that asks you for sensitive informatio
How do I know if I am using my bank's site?
Do not rely on links provided in the email. Instead, open a new browser window and type in the full address for the site you are trying to visit
Fraudulent websites may have spelling errors, lucrative offers, prizes, job offers etc.
The best way to find out whether you are on a spoofed site is to verify the certificate. Our Online Banking is over SSL with 128-bit encryption
What is SIM Replacement Fraud?
SIM replacement fraud is done to conduct fund transfer frauds. This allows fraudsters to receive calls/messages on behalf of the victim through which they can complete fraudulent fund transfer transactions.
What is the modus operandi of the fraud?
Fraudsters impersonate and obtain a duplicate SIM for the mobile number of the victim; they then place the fund transfer requests with the victim’s bank by forging signatures or using compromised login credentials
When the concerned bank contacts the customer to validate the fund transfer transaction, a fraudster answers the call and provides the required details. Alternatively, fraudsters get access to a transaction code sent by the bank to the customer's number and confirm the transaction through electronic channels
The victim comes to know about the fraud after checking their bank statement, or when they realise that their mobile phone is not working. It is only upon getting a fresh SIM that they find out about the unauthorised fund transfers that took place
What can be done to avoid falling victim to this fraud?
Please keep your contact details updated with your bank. If any of your phone numbers are not working, update the number immediately with the bank
As soon as you realise that your phone is not working, call your bank and consider putting a debit freeze on your account
Contact your telecom service provider and ask whether any duplicate SIMs/Multi SIM have been issued for your mobile number. If any have been issued without your consent, have them deactivated
Keep your laptop/PC/mobile phone updated with the latest anti-virus/malware to prevent data compromise
Should you become a victim of fraud, you should immediately notify the concerned bank and demand details from the telecom service provider about duplicate SIMs issued for your number. A funds recall message can be sent to the beneficiary bank by the remitting bank and, if funds are available in the beneficiary account, they may be returned. Victims should also consider filing a police complaint.
Note: We issue this in the public interest and bear no responsibility if, even after following the above prevention steps, one becomes a victim of fraud.
Fraud trends and how to safeguard against them
There are always bad people looking for victims from whom they can swindle money. In order to ensure that you do not fall victim to such scams/frauds, we will share some quick tips, which can help to safeguard your interests.
Any email communication received that is asking for a change in the bank account details of your business partner, supplier, customer, staff, trade partner etc. should be verified through a known phone number. Do not rely on the phone number mentioned in such emails
Conduct your payment reconciliation on a regular basis with suppliers and customers. Any payments that were supposedly made but not received by your supplier or by you from your customer should be verified over the phone
Always look out for minor changes in the email ID of a recipient/sender. For example, maheknu123@yahoo.com and mahenku123@yahoo.com may look similar, but they are different
Invest in a good anti-virus/anti-malware software to protect your office PCs/mobile phones against cybercrimes
If you notice a fraud, refer it to your bank immediately and also consider reporting it to law enforcement agencies
Beware of any investment offers by prospective investors/intermediaries who ask you for advance payments. Conduct due diligence about such entities
Always keep your contact details updated with the bank, including your mobile number, P.O. Box and fax number
Please report any disputed transaction immediately in writing by providing complete details to the bank
Note: We issue this in the public interest and bear no responsibility if, even after following the above prevention steps, one becomes a victim of fraud.