Fighting against fraud & cyber risk

Payment fraud and cyber security are closely linked. If the Cyber is a risk by itself, it is often a prerequisite for fraud attempts by providing the data needed to make these attacks credible.
Find out more and educate your staff on those topics thanks to BNP Paribas : 

An effective fight against fraud must rely on a combination of factors – The multi-layer approach:

  • Confidence in your IT systems, and strong Cyber Hygiene
  • knowledge of the most common patterns and evolutions in fraud scenarios and techniques
  • secured procedures, correctly applied;
  • dedicated tools (analysis, verification, filtering …).
  • Active contribution of your bank

At every step, BNP Paribas is committed to provide you with solutions:

  • materials to raise internal awareness on fraud & cyber risks 
  • existing solutions to secure flows, especially our new offer with fintech Sis ID which is specialized in supplier fraud prevention & account validation.
  • tools to detect and stop fraud. 

 

Enhancing cyber security – becoming familiar with risks and good reflexes  

With the digital transformation and hyperconnectivity of companies, cyber-attacks are on the rise. Every company is responsible for its data and that of its customers and must protect them. Being vigilant and recognizing cyber threats is necessary to better understand risks. Employees are the first shield.

                54% of companies report at least one attack in 2021*                   + 255% reports of ransomware attacks in 2020**

 

 

1. Discover the different cyber threats
  • E-mail spoofing: the act of deliberately using another person’s e-mail address (identity theft).
  • Malware: a malicious software program designed to infect a user’s computer.
  • Phishing: a technique used to lure internet users and obtain information by posing as a trusted agency or individual.
  • Ransomware: a program which purpose is to prevent the user from accessing his data by encrypting it and then to force him to pay a ransom in order to decrypt the data and make it available again.
  • Spyware: a program that transmits the user’s personal data and actions discreetly.
  • Social engineering: psychological manipulation that involves obtaining a good or an information by exploiting the confidence of those who have direct access to it.

 

2. Adopt the right reflexes against cyber threats
  1. Beware of e-mails: pay particular attention to messages containing attachments or links to websites. If you have any doubt, don't open the file.
  2. Identify your correspondent and decipher his or her behavior: if a message asks for unusual actions, ask the sender for confirmation by another appropriate means to avoid phishing attempts.
  3. Protect your access with secure passwords: use a password of at least 15 characters, without any meaning, and change it every 3 months. This password is personal and should not be released.
  4. Perform regular back-ups of your data on external media. In case of ransomware, you can retrieve your information more easily.
  5. Secure your equipment with an anti-virus and make security updates.
  6. Do not download software or files that you are not sure where they come from.
  7. Limit the information you provide on social networks, as it can be reused for social engineering.
  8. When travelling or remote working, use your personal Internet and separate your professional and personal uses.

2 out of 3 companies experienced at least one attempted fraud in 2021*

 

The following are the main types of fraud that your company must protect itself against.

Apprehend the different fraud type by impersonation

1. CEO fraud

A crook steals the identity of a senior manager in order to carry out an exceptional, urgent and confidential operation, usually linked to an investment or a takeover.

  • The purpose: having you perform an operation outside the control process, which is not immediately detectable by your usual procedures.
  • Indicators of suspicion: confidentiality and urgency of the transaction; use of exceptional procedures; e-mail theft.

 

2. Fake supplier fraud

The fraudster intercepts communications or invoices and modifies or makes changes to bank payment details for his own benefit.

This intrusion is usually the result of a successful cyber-attack within your company or one of your suppliers’, resulting in data leaks.

  • The purpose: fitting into your usual payment processes to have you conduct fraudulent transactions.
  • Indicators of suspicion: change of bank and third-party’s country of payment; possible pretext (audit, technical problem, etc.); e-mail theft.

 

3. Fake bank technician fraud

The crook pretends to be a technician from a bank, claiming a technical malfunction to contact you.

Through sophisticated psychological influence mechanisms that make him win your trust, he manages to retrieve the passwords to your access and transaction validation from your online banking sites.

  • The purpose: by taking control of your tools, he is free to issue and validate payments for his own benefit.
  • Indicators of suspicion seeks to obtain information (codes, identifiers) or to have you carry out transactions.

 

4. Fake salary fraud

Consists in paying your employees, external service providers or expenses claims, replacing the usual bank details with new fraudulent ones, pretexting a simple change in bank details.

  • The purpose: having you carry out a normal transaction of a reasonable amount
  • (therefore generally not subject to dedicated controls) with incorrect contact details.
  • Indicators of suspicion: change in payment country; inconsistency between the BIC mentioned and the name of the receiving bank.

And much more… This is unfortunately not an exhaustive list as many different fraud technics exist and new scams are created on a regular basis.

 

Stay Alert to any unusual transactions!

 

Find out more