How to avoid bank transfer scams
How can you recognize bank transfer scams and protect yourself and your business? Read on to find out.
6 min read
In 2019, 70% of companies experienced at least one attempted bank transfer scam. And this type of financial scam has increased greatly against companies and individuals, especially during the recent global health crisis. How can you recognize bank transfer scams and protect yourself and your business? Read on to find out.
What are bank transfer scams?
Bank transfer scams are a type of financial scam affecting businesses or individuals, where money is deposited into a bank account held by a cybercriminal. In order to trick their target into transferring money to them, fraudsters often impersonate a real person, or use a trademark and/or a trade name without authorization.
There are several types of bank transfer scams:
- Fake supplier fraud, or bank account scams. First, scammers collect information about a company’s suppliers and the contact person who carries out the company’s bank transfers. Then they contact the person in charge of bank transfers and claim that the supplier’s bank details have changed. The victim company then makes bank transfers to the ‘new supplier accounts’ that are really the criminals’ account. Another form of fake supplier fraud is issuing false invoices on behalf of the supplier company.
- ‘Fake president fraud’. In this aptly named scam, fraudsters pose as the CEO of a large company and contact someone in that company’s accounting department. The fake CEO then demands an urgent bank transfer, using social engineering techniques. In 2013, French company Vallourec paid nearly 23 million euros to cybercriminals in just a few weeks because of this scam!
- Phishing. One of the most common online scams, phishing also affects businesses. In this scam, personal data is collected to steal an identity and use it for other scams. Phishing is often the “first step” for scammers—they retrieve information so they can go on to commit a bank account scam or a ‘fake president fraud’ scam.
- Internal fraud. Finally, bank transfer scams can be carried out internally by someone with access to sensitive data who uses it to make fraudulent transfers. Corruption, misappropriation of assets, overbilling, and cash error are examples of internal fraud, which can cost companies 5% of their turnover every year!
Security at N26
What is APP fraud?
APP stands for “authorized push payment”, another avenue for scammers. An APP scam results in money being transferred to a fraudulent account. To achieve this, criminals mostly use identity theft, posing as one of the following:
- A supplier
- An employee
- A manager
APP scams can also affect individuals
Bank transfer scams don’t only affect businesses. Just like with debit card fraud, individuals can also be victims of bank transfer scams.
Fraudsters use this type of scam to take money from individuals by posing as one of their creditors—electricity supplier, landlord, tax authorities, etc. The scenario is always the same. The scammer impersonates a creditor and claims their bank payment details have changed—they may also ask their targets to make an emergency transfer.
APP scammers may reach out via phone, email or text. As always, be careful before giving out personal information or making a bank transfer.
How to recognize attempted bank transfer scams
Fortunately, with a few tips, you can identify and protect yourself against an attempted bank transfer scam. Here are 5 simple tips for companies and individuals to avoid falling into the cybercriminals’ trap:
- When you’re asked to make a bank transfer to a third party—for example, to pay an invoice or pay for services—remember to request their bank account details, especially if the transfer request seems unusual.
- As a general rule, beware of bank details from outside of Europe since scammers often use international accounts.
- Check the credibility of the information received by email or mail. Spelling mistakes, domain names with typos (known as typosquatting), and unusual domain extensions (cybersquatting) are all common characteristics for bank transfer scams.
- Don’t open attachments with an unknown extension—like .scr, or .cab.—or if you have any doubts about the sender.
- For company-targeted fraud, always check with the organization directly—using the usual telephone number for the supplier or creditor—to see if the outreach is legitimate. This is especially important if they’re reaching out about something sensitive, like new bank details. Don’t use the contacts mentioned directly in the outreach, since those are probably fake.
To learn how to recognize all types of fraud, especially financial scams, you can read our dedicated guide.
How to protect yourself against APP scams and bank transfer fraud
Prevention is essential if you want to stay ahead of online fraudsters. Cyber fraud tends to be on the rise especially during turbulent times—such as a global health or financial crisis—since the victims are likely to be more distracted and stressed.
To protect yourself from APP scams at your company, follow these practices to prevent unwanted financial situations and its consequences:
- Set up verification and authentication procedures for bank transfer requests that seem unusual, or when bank details are being updated.
- Invest in strong antivirus software.
- Educate company employees to use unique, strong passwords.
- Set up two-factor authentication for access to emails.
- Entrust the company’s financial management to several clearly identified people, in order to avoid internal fraud.
- Buy domain names that are close to or similar to your company’s name, in order to avoid cybersquatting and typosquatting.
- Protect the contact information of employees who are in charge of bank transfers, especially online or on social media.
What to do in the event of bank transfer fraud
Have you been the victim of an APP scam or bank transfer fraud? Whether you’re a company or individual, take these steps as quickly as possible to limit the damage:
1) Identify the transfers to fraudulent accounts.
2) In the event of email identity theft, change your password immediately.
3) Contact the organization responsible for your company’s financial operations to cancel or prevent transfers. If you’re an individual, contact your bank immediately.
4) If the transaction has already gone through, you can try to request a refund for the bank transfer fraud. Be careful—for transfers abroad, this process can be very complicated, if not impossible!
5) Gather as much information as possible about the scammer—including emails, email addresses, websites, bank transfer orders, letters, and fraudulently sent invoices.
6) File a complaint with the French gendarmerie or national police.
Depending on the exact nature of the scam, bank transfer fraud can be classified as the following:
- A scam, punishable by 5 years in prison and a fine of €375,000
- Identity theft, liable to 1 year in prison and a €15,000 fine
- Fraudulent access to an automated data processing system, liable to 2 years in prison and a €60,000 fine
Keep an eye on your finances with N26
Your bank account is always nearby with the N26 mobile app. You’ll know what’s going on with your account at all times thanks to instant notifications on every transaction. Get more control over your debit card—lock or unlock your card on demand, change your spending limits, activate or deactivate online payments, and more. And there are plenty of innovative features that help you manage your money day-to-day and save money at your own pace. Don’t wait another moment to explore the bank of tomorrow!
Find similar stories
Love your bank
Related articlesThese might also interest you
N26's Complete Guide to Secure Online Banking
The complete N26 guide to banking safely online
Securing the borderline between product design and product usage: Kyle, Lead Trust & Safety
Security is at the core of everything we do at N26. Kyle from our Trust & Safety team shares insights on why we constantly research potential threats and issues that might compromise your money.
What is a Trojan horse virus? (and what to do if your system gets infected)
If undetected, Trojan horse can do quite a bit of damage — they operate in the background, stealing sensitive information and compromising the security of your data.