Fraudsters and cybercriminals are turning their attention to small and medium-sized businesses, taking the view that they may have less rigorous IT security in place than larger companies.
It means that, among other sectors, farm businesses are increasingly subject to attacks via phone, text and email. Typically, criminals may use a technique known as ‘phishing’ whereby – via phone or email – they encourage their victim to disclose personal information, install malware, or make fraudulent payments.
There are tricks used by fraudsters that can catch people out on a personal level. The best way to avoid this is to pay attention to the details: the sender address on emails, the file formats of attachments and the questions that just don’t feel quite right.
Here are our top five rules to really help you reduce your risk.
Never disclose security details
A genuine bank or organisation will never ask you for your PIN or full password in an email, on the phone or in writing.
Always remember to ask yourself: what is being requested, why is it needed, and are you completely sure who you’re talking to?
Don’t assume an email or phone call is authentic
Just because someone knows your name and address, or details like your mother’s maiden name, doesn’t mean that they’re genuine. Criminals can falsify phone numbers and pose convincingly as bank employees or trusted officials. Often, they’ll try to trick you into revealing security details by telling you that you’ve been a victim of fraud.
Don’t be rushed or pressured into making a decision
Under no circumstances would a genuine bank or other trusted organisation force you to make an on-the-spot financial transaction or transfer. Nor would they rush you while you pause to think. Slow down, take your time and consider your actions.
Listen to your instincts
If something feels wrong, question it. Criminals aim to pressure you or to lull you into a false sense of security while your defences are down. Whether you’re busy with other activities or relaxing at home, think carefully about the information you’re giving and pay attention to your gut if something feels wrong.
Stay in control
Have the confidence to refuse unusual requests for personal or financial details. It’s easy to feel embarrassed or panicky when faced with unexpected or complex conversations. If you don’t feel in control of a discussion, it is absolutely okay to end it straight away.
The threat of cybercrime is very real, but taking the right precautions and being wary of any unsolicited approaches can help you keep your business safe – don’t assume, don’t be rushed, and never disclose.
The reality of cybercrime
A farmer was buying new machinery from a dealer and was negotiating a finance agreement with his bank – via phone and email – when halfway through the correspondence, the bank provided ‘revised’ account details.
The email was very convincing because it included the bank’s electronic signature, with the relevant fraud warnings, contact details and logos. The farmer sent the money to the account, believing it was a genuine email and that he had made the right payment.
He subsequently had a call from the dealer asking for payment and when he contacted the bank, they told him they hadn’t been able to complete the transaction because he had stopped replying to emails.
What had happened?
The fraudster had hacked the email account, removed the banker from the conversation and proceeded to mimic emails from the bank.
Please note: Any request to change beneficiary/account details should be treated with extreme caution. If you find yourself in a similar situation, you should verify such a request through a trusted channel – for example, your Relationship Manager.
Top types of cybercrime and fraud
Business email compromise
Targets companies irrespective of size, industry, and who or how they bank. A fraudster impersonates a legitimate person and emails a company’s payments team to convince them to make an urgent payment or change account details. The sender’s email may match or be closely similar to a real one, and it often instructs the recipient not to discuss the matter with anyone else.
Text and phone scams
Phishing phone calls (‘vishing’) and scam texts (‘smishing’) are cheap and easy attacks to commit. Both can result in theft or fraud by tricking you into installing malware or divulging personal information. Vishing calls alarm recipients into making payments or providing important financial information. Smishing texts usually claim to be from a bank, requesting urgent action, convincing you to click on malicious links, download malware or enter personal information.
Describes any type of software that is created with the intention of harming its target. Just some of the threats include viruses, trojan horses, bots, adware and ransomware. Malware can get into your system through infected hardware or phishing scams, staying hidden among your legitimate programs before it’s activated. Costing private and corporate users alike, it can steal information, damage your system and hijack or spy on you.
Emails look real and appear to be from legitimate senders, to entice you to click on malicious links or attachments in order to steal money or data. These can infect your computer with malware in order to view private information, steal money, disrupt business operations or destroy data.
For further information on keeping your business safe from cybercrime and fraud visit: www.business.hsbc.uk/cybercrime
You can find further resources and information on Action Fraud’s Take Five campaign website here: https://takefive-stopfraud.org.ukLearn more about how your business could benefit from specialist support from HSBC UK by visiting our Agriculture pages. To speak to an agriculture specialist, please call 07387 245208 (Lines are open 9am to 5pm Monday to Friday except public holidays).