How to reduce eBanking fraud risk?
eBanking fraud covers phishing and malware infections. It may affect your company or your private life. Whatever the case, cyber criminals will try to steal money by recovering identification codes and electronic signatures of their victim. With these codes, they transfer funds to their accounts by emptying your bank accounts.
- You receive an e-mail supposedly from your bank claiming to be a security check, that an account will be blocked or that a change will be made to the services offered by the bank. Other motives are possible. Each time the aim is to get you to click on a link within the e-mail that diverts you to a false identification page that looks similar to your online banking.
- On that page, you enter your access codes which the criminals retrieve as you are on their site and not your bank's site. With your codes, these criminals can access your online banking and execute transactions.
Variants of such fraud
- You receive a call from the fraudster pretending to be a bank employee, and they ask you to perform some sort of security check or 'update', requiring you to generate one or multiple response codes with your smartcard and reader. The fraudster will use these to login to the bank’s eBanking website and enter and sign transactions on your behalf.
- Your computer is infected with malware. Such infections typically occur by opening attachments or links in a malicious e-mail you have received, or by visiting compromised websites which exploit vulnerabilities in your web browser or operating system to install malware on your PC.
Once active several scenarios are possible, depending on the type of malware, ultimately all these scenarios lead to the malware trying to create and execute fraudulent payments on your behalf.
- You Google for "login InsideBusiness" (or similar queries) and, as the top result, you get a fraudulent Google Ad leading to a fake ING Wholesale Banking or InsideBusiness website. These fake pages are almost indistinguishable from the real ones. Fraudsters will try to obtain your login credentials through this fake website and use the information you give them to login to the bank’s eBanking website and enter and sign transactions on your behalf.
What safeguards can you take?
- Protect your work environment by reading and applying the information ING has provided with regards to ensuring a safe work environment.
- Keep your PIN and generated security codes secret. Never reveal these secret codes to anyone who asks for them, i.e. by phone, in an e-mail, via text message (SMS), WhatsApp message, chat program or face-to-face. ING staff will never ask you for your codes or PIN. If someone is asking for them, end the conversation and inform your bank about the incident.
- Always check if Google Search results and Google Ads lead you to ING’s safe and secure websites: ingwb.com or new.ingwb.com.
- Check that you login on the correct login page: https://insidebusiness.ingwb.com/.
- Check the internet address and the padlock in the address bar of your browser. That means that the connection is secure and you can check that the certificate has been granted to ING Group N.V.
- Never generate a security code when not accessing or using online banking yourself.
- Always check the details, i.e. amount, beneficiary name and account numbers of all payments you are about to sign.
- Always close an active web browser session properly by clicking on ‘Log out’. Never leave your computer unattended when you have an active session: Close the session or lock your computer.
- Implement dual signing: The person who must add the second signature has an external look at the transaction and can detect fraud more easily. Never leave both signatures in the hands of the same person and check what you are signing. Always make sure that 1st and 2nd signers use different PCs as this will increase your chance of detecting fraudulent payments created by malware.
- On a periodical basis, check your registered access means for InsideBusiness, and the access means of your colleagues.
- Check your statements and reconcile them regularly. Conscious banking is safe banking. And that's how you do it. View your debits and credits regularly at least once a week.
- Report fraudulent e-mails and websites to firstname.lastname@example.org.
Download our 'Safeguard your business against eBanking fraud' leaflet and distribute it within your company to raise awareness among employees.
The information on this page is provided to you solely for informational purposes in order to make you aware of the most frequent cases of fraud and provide you with recommendations to protect yourself against it. This information does not ensure that your company, acting upon these recommendations is or will be protected against any occurrence of fraud detailed on this website. No rights can be derived from the use of and reliance on the safeguards you take by following up these recommendations. ING does not accept any responsibility or liability with respect to your reliance on and the actions you take as a result of these recommendations. This disclaimer is governed by Dutch law.