Fraud in payment traffic: these are the 8 most commonly used techniques

Fraudsters looking to get rich can be very creative in the methods they use. The first step to take in protecting your business is to know exactly what you are dealing with. We list the 8 most common fraud techniques used in payment traffic for you.

1. Phishing – fishing for information

The fraudster contacts you or your staff – usually by e-mail, but sometimes by phone – and tries to extract sensitive information, such as user names, passwords and financial details, to be used later.

Increasing security in your organisation is a question of awareness among your staff. For advice about how best to tackle it, go to “Security awareness – make your employees aware of the risk”.

2. BotNets – caught up before you know it

A BotNet is a network of computers that are controlled by hackers. Your PC can be part of a BotNet without you even knowing it. Using trojans, a specific type of virus, cybercriminals hack your computer and absorb it into their network. Once their BotNet is in place, the hackers then launch their cyber attack, which can take a variety of forms: from a DDoS attack to a large-scale spam campaign.

3. Invoice fraud – they lure you in with fake invoices!

You receive a fake invoice with a modified account number through the post or by e-mail. Invoice fraud normally involves paper documents being intercepted and tampered with. So e-invoicing is one possible solution for this.

4. Malware – deadly for the security of your systems

Using viruses and other ‘malware’, cybercriminals are able to steal your personal information from a remote location, give other people access to your system or even disable your computer. The most common types of malware are:

  • Viruses: tiny programs that disrupt the way your computer works.
  • Spyware: software that gathers details such as passwords and account numbers to sell on the black market. For example, a Keylogger can be used unnoticed to record the keystrokes made on your keyboard.
  • Ransomware: this is where cybercriminals literally hold your computer to ransom. They then demand the payment of a ransom to unlock your device. But even if you pay, there’s no guarantee that you’ll get your data back.

5. Mule accounts – you’ll carry the burden

People are recruited online by fraudsters to transfer money they have stolen to make it more difficult to recover. Often, money mules or ‘smurfers’, don’t even know that their accounts are being used for illegal practices.

6. Stolen identity – the financial ‘Who is it?’ game

By using someone’s online identity, criminals are able to extract financial information and even apply for loans. To do so, they often play on people’s dearest wishes: someone who is considering making a major purchase, such as a house or car will be more quickly inclined to pass on financial information unsuspectingly, so say as part of the sales process.

7. CEO-fraud – from crook to boss and back again

CEO fraud is a form of social engineering. Pretending to be doing it in the name of the CEO, the fraudster sends a confidential e-mail to one of your employees with an urgent request to transfer some money. Given that these payments are legal in the strict sense, it is particularly difficult to get your money back once the deed is done.

8. The silent third party

Most businesses conduct numerous financial transactions. This is where a fraudster tries to hide an illegal payment in between all the others in the hope that it will slip through the net and be authorised. To prevent this from happening, two-factor authentication is essential and we recommend always having payments approved by more than one person. And at Isabel 6, we even go a step further, using an external card-reader with a numeric keypad. That way your payment details are always safe and secure.

Handy prevention tips and easy-to-use measures for keeping the fraudsters at bay! Stay one step ahead of the cybercriminals with the Isabel 6 e-book: ‘Monitoring and protecting your online payment traffic’.

Download e-book