Skip to content

Detecting Fraud

What is a Business Email Scam?

Business email scams are a type of fraud in which businesses receive email communication from fraudsters pretending to be their suppliers or vendors. In these emails, the fraudsters usually inform a business that the bank account details of the vendor or supplier have changed.

What is the modus operandi of the fraud?

Fraudsters get access to the email ID of a trade partner of the victim through email hacking/password compromise etc. and sometimes create a similar-looking email ID. They then communicate with the victim through this compromised/lookalike email ID.

In order to gain trust and establish credibility, fraudsters use a previous email thread between the trade partners to make the victim feel as if they are dealing with their genuine trade partner.

Once they have established a rapport, they request that pending/fresh payments be made to a different bank account citing reasons like a problem with the existing account, ongoing audit or taxation problem etc.

This scam ultimately results in the fraudsters receiving money from the victim, and trade partners may get into a dispute about who is responsible for the fraudulent payment.

What can be done to avoid falling victim to business email scams?

01

Confirm requests for transfers of funds and changes in vendor payment accounts through alternative means such as a previously used telephone or fax number

02

Keep your computer/mobile phones updated with latest anti-virus/anti-malware to prevent email compromise

03

Be careful when posting financial and personal information on the internet

04

Should you become a victim of a business email scam, notify us immediately. A funds recall message can then be sent to the beneficiary bank by the remitting bank and, if funds are available in the beneficiary account, they may be returned. Victims should also consider filing a police complaint


Note: Note: This is issued in the public interest by FAB India and it bears no responsibility if, even after following the above prevention steps, one becomes a victim of fraud.

What are phishing attacks?

Phishing attacks are deceptive emails created by criminals in an attempt to acquire your personal information.

What is a fraudulent/spoofed website?

A fraudulent website in our case may look like a legitimate FAB website with similar graphics and content. You may come across this if you receive a fraudulent email containing a “Click Here” link leading you to a fake website. If you accidentally visit such a website, you may be asked for some of your personal information such as your password, account number and other sensitive information.

Be on the lookout for:

01

Urgency: A text may ask you for your password and other requested details or your account will be suspended etc.

02

Links: These may direct you to a fraudulent website or a pop-up that asks you for sensitive informatio

How do I know if I am using my bank's site?

01

Do not rely on links provided in the email. Instead, open a new browser window and type in the full address for the site you are trying to visit

02

Fraudulent websites may have spelling errors, lucrative offers, prizes, job offers etc.

03

The best way to find out whether you are on a spoofed site is to verify the certificate. Our Online Banking is over SSL with 128-bit encryption

What is SIM Replacement Fraud?

SIM replacement fraud is done to conduct fund transfer frauds. This allows fraudsters to receive calls/messages on behalf of the victim through which they can complete fraudulent fund transfer transactions.

What is the modus operandi of the fraud?

01

Fraudsters impersonate and obtain a duplicate SIM for the mobile number of the victim; they then place the fund transfer requests with the victim’s bank by forging signatures or using compromised login credentials

02

When the concerned bank contacts the customer to validate the fund transfer transaction, a fraudster answers the call and provides the required details. Alternatively, fraudsters get access to a transaction code sent by the bank to the customer's number and confirm the transaction through electronic channels

03

The victim comes to know about the fraud after checking their bank statement, or when they realise that their mobile phone is not working. It is only upon getting a fresh SIM that they find out about the unauthorised fund transfers that took place

What can be done to avoid falling victim to this fraud?

01

Please keep your contact details updated with your bank. If any of your phone numbers are not working, update the number immediately with the bank

02

As soon as you realise that your phone is not working, call your bank and consider putting a debit freeze on your account

03

Contact your telecom service provider and ask whether any duplicate SIMs/Multi SIM have been issued for your mobile number. If any have been issued without your consent, have them deactivated

04

Keep your laptop/PC/mobile phone updated with the latest anti-virus/malware to prevent data compromise


Should you become a victim of fraud, you should immediately notify the concerned bank and demand details from the telecom service provider about duplicate SIMs issued for your number. A funds recall message can be sent to the beneficiary bank by the remitting bank and, if funds are available in the beneficiary account, they may be returned. Victims should also consider filing a police complaint.

Note: We issue this in the public interest and bear no responsibility if, even after following the above prevention steps, one becomes a victim of fraud.

Fraud trends and how to safeguard against them

There are always bad people looking for victims from whom they can swindle money. In order to ensure that you do not fall victim to such scams/frauds, we will share some quick tips, which can help to safeguard your interests.

01

Any email communication received that is asking for a change in the bank account details of your business partner, supplier, customer, staff, trade partner etc. should be verified through a known phone number. Do not rely on the phone number mentioned in such emails

02

Conduct your payment reconciliation on a regular basis with suppliers and customers. Any payments that were supposedly made but not received by your supplier or by you from your customer should be verified over the phone

03

Always look out for minor changes in the email ID of a recipient/sender. For example, maheknu123@yahoo.com and mahenku123@yahoo.com may look similar, but they are different

04

Invest in a good anti-virus/anti-malware software to protect your office PCs/mobile phones against cybercrimes

05

If you notice a fraud, refer it to your bank immediately and also consider reporting it to law enforcement agencies

06

Beware of any investment offers by prospective investors/intermediaries who ask you for advance payments. Conduct due diligence about such entities

07

Always keep your contact details updated with the bank, including your mobile number, P.O. Box and fax number

08

Please report any disputed transaction immediately in writing by providing complete details to the bank


Note: We issue this in the public interest and bear no responsibility if, even after following the above prevention steps, one becomes a victim of fraud.

Customer grievance link