Please remember it’s OK to hang up or cut contact if you’re uncomfortable, no matter who you think you’re speaking to. Don’t worry about being rude – if it’s really us we won’t mind. In fact we’re happy for you to do this.
Stop. Think. Talk to someone you know.
As a Handelsbanken customer, you’re able to pick up the phone and hear a familiar voice. If something’s actually wrong with your accounts, we can let you know what to do.
Entire company-wide IT systems can be hacked, often by something as simple as an employee clicking on a link in a scam email. This could be where emails from your finance department are intercepted with the criminal’s bank details so your customers end up paying them and not you.
How to stay safe
Make sure you have robust, up to date anti-virus software. Install updates and run full scans regularly.
Watch out for unusual online screens/messages: call your account manager if anyone in the business notices unusual screens, dialogue boxes, security messages or other pop-ups when using Handelsbanken Corporate Online Banking
Check that all devices that carry your business data are protected by strong passwords.
Make sure any staff with access to Handelsbanken Corporate Online Banking are aware of the latest scams, including those asking for online banking security information.
And if the worst happens and your company is successfully targeted, make sure you have a step-by-step playbook setting out roles and responsibilities, contingency plans, disaster recovery, and so on.
in 2019 a ransomware attack seriously compromised the computer systems of aluminium firm Hydro. They lost an estimated £25 million while productivity was affected, but the company was praised by industry experts for its robust recovery efforts and response to the attack.
They communicated the issue to employees, who didn’t connect to the compromised network.
Because they had their data backed up, they were better prepared to return to normal operations after the issue was sorted.
A fraudster waits until you have a genuine invoice due for payment. They then intercept it, then send you a fake invoice. This looks like the one you’re expecting, but has the criminal’s account details.
They might hack into a genuine email chain to make it look even more legitimate. The email will usually tell you that they’ve changed banks and ask for you to make any future payments to this new account.
The fraud is often not spotted until the actual supplier asks you why you haven’t paid their invoice, even though you think you have.
Although this type of fraud usually happens through fake or ’spoofed’ emails, it can also happen through the post, or telephone calls.
How to stay safe
If you’re given new or updated account details for a client or supplier, always double check them with someone you can trust, ideally face to face or on the phone using a number you know is right. Don’t use any contact details in emails as you have no way of knowing they’re genuine.
Make sure everyone’s email accounts have a unique and complex password.
Avoid using public Wi-Fi where possible as it’s difficult to tell whether it’s secure.
Make sure your anti-virus software is up to date and run regular scans.
A member of staff gets an email from someone important in the business. We’ll call them the CEO although they could be a director or partner.
This email may be sent to staff members within accounts, finance or administration.
The email asks for an urgent payment to be made to a certain account, with details included.
The CEO might say it’s for a new client and needs to be kept quiet, so that the member of staff feels unable to query it.
This looks genuine, but the email has been sent by a fraudster who has either hacked into or imitated the senior colleague’s email account.
The staff member trusts the email and makes the payment without checking with anyone else. The money goes straight to the fraudster’s account.
The fraudsters will often have done their homework to help build a back story. If, for example, they know that the CEO has gone away on business, they’ll say this in the fake email.
How to stay safe
Set up dual authority on any online banking – in other words make sure every payment must be checked by someone else in the business.
Check that staff members’ online banking access is appropriate.
Train your staff and have clear internal procedures within your business to specify how payment instructions are carried out.
Also known as accounting fraud, this is when an employee, usually involved in the financial side of your business, is stealing money from it. This could be, for example, by creating fake employees and paying their salary into a bank account they control, or by sending invoices from phantom companies.
They can be working alone or in league with other criminals.
How to stay safe
Make sure you have controls in place to spot suspicious behaviour.
Set up dual authority on any online banking – in other words make sure every payment must be checked by someone else in the business.
Check that staff members’ online banking access is appropriate.
Train your staff and have clear internal procedures within your business to specify how payment instructions are carried out.
This is where criminals get hold of a business’s bank account details and make unauthorised money transfers. They may send you a text message, email or call you posing as your bank to warn you about ‘suspicious activity’ on your account. They ask you to respond to the message with some account/security details to verify your identity. This will then give them access to your bank account.
How to stay safe
Protect sensitive commercial information. If you wouldn’t send it on a postcard, don’t send it by email unless you encrypt it.
Someone phones you, claiming to work for your bank, broadband provider or even the police.
They say that fraudsters have hacked your account. They’ll ask for security information to stop any money leaving. This could include your log-on card number or card reader response codes.
They may suggest moving your money to a safe account, ask you to pay a fee, or to send a test payment to an account.
Of course, the caller is a fraudster. If they have enough information, they’ll be able to access and empty your accounts.
Because they may know your personal details, they can sound very convincing and may put you under pressure to act quickly.
Remember that these scammers can ‘spoof’ genuine phone numbers, such as ours. This is when they change their caller ID to make you think someone familiar is calling you.
But we’ll never phone you and ask you for personal information.
If you’re on a call and feel uncomfortable, hang up immediately. Don’t worry about being rude.
Contact Customer Connect on 0800 470 8000 or call your account manager.
A new customer buys something, but sends a cheque for more than the agreed amount. They tell you they’ve paid too much, and ask you to send the difference back to them (usually electronically). When their cheque bounces, you lose whatever you’ve sent them. In some cases you may lose any goods you’ve sent them too.
How to stay safe
If you have any suspicions when receiving a phone call or when using your online banking, please speak to your account manager.