** Warning – Ebury Impersonation Scam **

In January we saw reports of fraudsters impersonating Ebury in an attempt to gain sensitive information from our clients.

One scam saw clients receive a code or one-time password (OTP), followed by a call from a fraudster spoofing Ebury’s UK office number. The fraudster then requested the OTP received via text.

If you receive a text or call of this nature, please hang up and block the sender. Ebury will never request sensitive information such as a one-time password from you via telephone.

Authorised Push Payment Fraud

In 2021, it was widely recognised that APP fraud was the fraud of choice, with APP fraud losses in the UK increasing by a staggering 71% in the first half of 2021. At Ebury, this is also the most common fraud typology we see and there are 3 main causes:

• Email Hacks
  A supplier’s email address is hacked without our client’s knowledge. Our client is provided with new bank details to pay, leading them to pay the fraudster’s account.
• Email Spoofs
  The fraudster creates a spoofed version of the genuine supplier’s email address and emails our client with new bank details when a payment is due. Our client does not notice that the email address has changed and makes the payment.
• Scams
  A client falls victim to a purchase scam, transferring money for goods that never arrive. The scammer may have created a legitimate looking website to facilitate the fraud.

APP Fraud Red Flags

• An existing supplier unexpectedly changes their payment details just before an invoice is due:
  – Especially if the new bank account is located in a different country to the supplier
  – Especially if the new bank account is held in a different name or is a personal account
  – Especially if the supplier gives a strange reason why the bank details are changing, such as “our usual bank account is under audit”
• An existing supplier expresses undue urgency to send a payment or you notice spelling mistakes or a change of tone in their emails
• An existing supplier starts emailing you from a different email address, or one that is slightly different (i.e. @supplier.com vs @suppplier.com)
• A new supplier has a recently created website, which may be poorly maintained or under construction, or has very little web presence at all when searched online
• A new supplier has negative media when searched online, such as ‘scam’ reviews

Fraud Trends 2022: What To Expect

For most people, a new year represents new opportunities and a chance to start over. However, fraudsters are expected to recycle old scams and techniques. This includes everything from get-rich-quick schemes, to crypto scams and payment diversion fraud.

1. A Rise in Account Takeover Fraud & Authorised Push Payment Fraud via Social Engineering
   Individuals and businesses are unlikely to switch back to their pre-pandemic bank practises. The result is a rise in digital interactions and more targets for fraudsters to pursue.
2. Fraudsters Study Victims and Pose as Vendors
   More effective online security measures aren’t deterring fraudsters. Fraudsters are adapting their schemes that involve breaching an account and quickly transferring money, to stalking their victim’s online transactions looking for patterns.
3. IoT (Smart Internet of Things) Opens New Fraud Avenues
   Most consumers have multiple traditional accounts, and a host of digital accounts like PayPal, Venmo, or even WhatsApp in some regions. Many connected smart internet of things (IoT) devices like Amazon’s Alexa or Google Home can send money using voice commands.
4. Cryptocurrency Investment Scams
   Watch out for adverts on social media as this is a very common tactic that scammers use. They will often use a photo of a well known celebrity or social media influencer with fake testimonials making it look like they endorse the investment firm or product. They will also promise high returns in a short space of time.
5. Payment Diversion Fraud
   Payment Diversion Fraud involves scammers intercepting payments or creating /amending invoices in order to divert money to bank accounts under their control. For businesses, scammers may pose as a genuine supplier and send you an email letting you know that their bank details have changed for future invoices and payments.

If you notice suspicious activity on your account or if you have been a victim of fraud, please email [email protected]