Fraud Trends. HSBCnet Online Security Controls PUBLIC



Similar documents
Protecting your business from fraud

Business Current Accounts and Savings Accounts

Phishing Scams Security Update Best Practices for General User

Best Practices Guide to Electronic Banking

Payment Fraud and Risk Management

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

When registering on a jobsite, first ensure that the site is reputable and has a physical address and landline phone number.

Helping you to protect yourself against fraud and financial crime

Secure Frequently Asked Questions

Business Internet Banking / Cash Management Fraud Prevention Best Practices

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

Business ebanking Fraud Prevention Best Practices

Cybersecurity: Is Your Company Prepared?

Protect yourself against fraud

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Business Internet Banking security user guide

Corporate Account Takeover & Information Security Awareness. Customer Training

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

OIG Fraud Alert Phishing

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

Remote Deposit Quick Start Guide

Retail/Consumer Client. Internet Banking Awareness and Education Program

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

How To Use Sterling Bank On A Mobile Device

Two-Factor Authentication: Guide to FEXCO CFX SMS/APP Verification

Your security is our priority

Information Security Awareness

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Cyber Security. Maintaining Your Identity on the Net

Phishing for Fraud: Don't Let your Company Get Hooked!

Online Cash Manager Security Guide

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

Learn to protect yourself from Identity Theft. First National Bank can help.

Fraud Prevention Tips

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Online Cash Management Security: Beyond the User Login

Protect yourself online

Countermeasures against Spyware

Business Internet Banking Application Form

Guide to credit card security

Deter, Detect, Defend

Presented by: Mike Morris and Jim Rumph

Dissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER

Overview of the Penetration Test Implementation and Service. Peter Kanters

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Corporate Account Take Over (CATO) Guide

Guide to Preventing Social Engineering Fraud

Bank of China (UK) Limited Corporate Internet Banking User Manual

Online Banking Risks efraud: Hands off my Account!

Avoid completing forms in messages that ask for personal financial information.

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking

Fighting spam in Australia. A consumer guide

ecommercial SAT ecommercial Security Awareness Training Version 3.0

Welcome to the Protecting Your Identity. Training Module

Getting started on Bankline: administrators guide

MySpam filtering service Protection against spam, viruses and phishing attacks

Countermeasures against Bots

About junk protection

Your guide to the HSBC Digital Security Device. HSBC Bank USA, N.A All rights reserved.

Business Internet Banking

Deception scams drive increase in financial fraud

Identity Theft Protection

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

SEC-GDL-005-Anatomy of a Phishing

THE CHILDREN S HEALTH NETWORK CONTRACTING TOOL TRAINING MANUAL

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

2012 NORTON CYBERCRIME REPORT

Security Bank of California Internet Banking Security Awareness

Mobile Banking App. Summary, Terms and Conditions and Important Information

Don t Fall Victim to Cybercrime:

Malware & Botnets. Botnets

Protecting Yourself from Identity Theft

Top tips for improved network security

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Transcription:

Fraud Trends HSBCnet Online Security Controls العربیة 文 En français En Español 繁 體 中 文 简 体 中

Contents Types of Fraud Malware Attacks Business E-mail Compromise Voice Phishing ( Vishing ) Short Message Service (SMS) Phishing ( Smishing ) How to avoid becoming a victim Additional HSBCnet internet banking safety 2

Malware Attacks Malware is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems Customer s systems are compromised to make fraudulent transactions Customers will experience slow computers, unusual screens with requests to input codes and screens stating that the user will need to wait for a certain time before logging back in Malware can be inadvertently downloaded through clicking on links within phishing e-mails, compromised websites and by downloading pirated software 3

Malware Attacks Examples: During logon customers may receive a Please Wait screen Computer may seem to be very slow Pop-up screens will request the user to input the security code and screens requesting that the customer pushes the yellow button (claims of token validation, security challenge or resynchronisation) Screens requesting that a second user logs onto the same computer for validation 4

A method of defrauding by targeting customers of financial institutions Occurs when fraudsters impersonate contractors, suppliers, creditors or even senior management to ask a company to change their payment Subsequent legitimate payments are then redirected to the fraudster s account 5

Why is this type of attack is difficult to detect? Attacks occur across financial institutions and are not restricted to any one country or region Fraudsters are well prepared before the attack by engaging in some form of reconnaissance (social engineering) to ensure details and names are correctly targeted E-mail addresses used to request changes on the payee account are identical or very similar to the original suppliers or vendors e-mail which makes it difficult to detect the fraud Fraudsters have been known to hack a creditor s e-mail account in order to send the beneficiary change request and thus appears to be a legitimate request Traditional mail services are used to send forged letters which appear to be from the creditor Exploits a human behavior/response which cannot be prevented by technology 6

Examples: E-mails from new or existing vendors who claim that account numbers have changed and request payments now be sent to a new location and account Vendors claiming payments must now be directed to a parent company in a different country Employees receive an e-mail from their CEO/CFO asking them to make payments but it will later turn out that the CEO/CFO's e-mail has been compromised E-mail may come from a domain that looks similar to a legitimate source 7

Voice Phishing ( Vishing ) Vishing is the term used to describe tactics used by fraudsters to fish for personal information (such as online banking security credentials) over the phone. Fraudsters may contact customers pretending to be from HSBC. They may direct you to perform actions which may enable unauthorised payments to be sent to the criminal. This could include providing security codes generated from your token. HSBC will never request information over the phone that could be used to make a payment, such as asking you to provide security device codes or requiring you to divulge any of your security details. 8

SMS Phishing ( Smishing ) Smishing is a variation of Phishing that uses SMS messages instead of e-mail Fraudsters may contact customers using SMS pretending to be from HSBC. They may direct you to perform actions which may enable unauthorized payments to be sent to the criminal. This could include providing security codes generated from your token. HSBC will never request information that could be used to make a payment, such as asking you to provide security device codes or requiring you to divulge any of your security details 9

Be suspicious of requests to change beneficiary information question all changes and validate any change request using additional channels (i.e. call back and not reply directly to the e-mail) Establish internal control procedures for change requests to beneficiary details If unusual screens pop up and/or the computer's response is unusually slow, log out from HSBCnet completely and scan the computer with the most updated version of virus protection software. If in doubt, contact your IT team and/or HSBC Customer Service Manager or team. Engage staff in fraud awareness and education 10

Never disclose security details over the phone when receiving unsolicited calls (ie username, token information, payment details) Whenever you receive an unsolicited call from HSBC, request contact details from the caller and validate the information with your HSBC Customer Service Manager or HSBC Help Desk Do not amend payment information unless you are certain it is legitimate Report attempted fraud to your bank and review e-mail settings (i.e. change password) 11

Additional HSBCnet internet banking safety Never press the yellow button on the security device unless you are signing a transaction you have created HSBC never asks for a yellow button response at logon Use Dual Control - for transactions and entitlements (i.e. a minimum of two individuals are required for all activity) Download Webroot SecureAnywhere software at www.hsbcnet.com at no cost to you Set signature limits Block all logons not coming from an approved list of IP addresses Update software no longer supported by vendors (i.e. Internet Explorer 7) Only access HSBCnet via the website address at the address bar of your browser Never access through hyperlinks embedded in e-mails and do not rely solely on the look and feel of a website when using HSBCnet. HSBC Bank plc 2015. ALL RIGHTS RESERVED. Registered Office: 8 Canada Square, London UK E14 5HQ. Registered in England Number 14259. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. The contents of this document are for your information only. Please refer to the terms and conditions agreed by you with respect to the services you receive from HSBC and any accompanying security procedures. It is important for you to establish, maintain and review your own appropriate security measures for your use and access to your accounts and any online services. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information