For your 20 min. FX market update listen to our podcast FX Talk here

How to keep your money safe and secure

( 9 min )

  • Go back to blog home
  • All posts
    All posts|Currency Updates
    All posts|Currency Updates|International Trade
    All posts|International Trade
    Charities & NGOs
    Currency Updates
    Currency Updates|In The News
    In The News
    International Trade
    Product Update
    Security & Fraud
    Special FX Reports
    Special Report
  • Latest

28 June 2021

Written by
Sharon Thiart

Fraud Manager at Ebury

We want our clients to stay on top of current Fraud & Security trends to help keep your money safe; that’s why we’d like to share some tips to avoid scams, guide you through the detection, prevention and recovery stages and on how to comply with the Data Protection Regulation.

Cryptocurrency Scams

Investment scams have always been on our radar, from property investment scams to pyramid schemes, but the new scam of choice for 2021 seems to be cryptocurrency schemes. With cryptocurrency being one of the newer concepts when it comes to investment, fraudsters are provided with an opportunity to exploit this knowledge gap in consumers.

These cryptocurrency schemes are convincing, with some even using fake celebrity endorsements. The schemes prompt potential investors to fill in a contact form, which is followed up with a telephone call from the scammer encouraging the investor to set up a cryptocurrency wallet. During this process, the scammer installs remote access software onto the investor’s device. Over time, the victim is encouraged to invest increasingly large amounts, until the scammer finally empties the wallet and flees.

With these particular scams, the warning signs include the unrealistic promise of big profits or ‘get rich quick’ advertising and the corporate names that these scammers masquerade under will not be registered with the FCA. It is also important to note that a legitimate investment in cryptocurrency would always involve a digital wallet that only the account holder can access – if someone else can directly control it, alarm bells should be raised.

Be Aware: Electronic Goods Scam

We have recently become aware of a successful scam doing the rounds internationally. A scam company called ‘Infinity Electronic’, ‘Infinity Element’ or ‘Ocean Components’ claims to sell electronic goods. It takes payments from international customers to bank accounts in a variety of names, located in Hong Kong. The goods promised are never sent and by the time the victims realise, the company’s website is down and can no longer be contacted.

Should you fall victim to a scam of this kind, we recommend reporting it to local law enforcement or your local fraud reporting agency. If the payment has been processed via Ebury, let us know at [email protected]

How to spot APP Fraud

To avoid falling victim to scams, or any form of APP fraud, follow these tips:

New Suppliers

  • Check the web presence of new suppliers – if they have a website, how old is it and is it well maintained?
  • Do a quick google search of the new supplier’s name to check if there is any nefarious information reported online
  • Search for legitimate online reviews of new suppliers before you commit to a purchase
  • Ask yourself – is the deal this new supplier is offering too good to be true?
  • Are the bank details of the new supplier located in the same country as the supplier?

Existing Suppliers

  • When you receive an email from an existing supplier – make sure it is coming from the same email address you
  • usually communicate with
  • Check incoming emails for signs of email spoofing – fraudsters may set up email addresses that mimic your supplier’s email address
  • If an existing supplier expresses undue urgency for payment or changes their bank details last minute – confirm the request on a trusted telephone number
  • If a supplier’s bank details change to a bank account located in a different country – check if this change is genuine on a trusted telephone number
  • Check payment invoices for signs of alteration or discrepancies in spelling or format

Compromised Email Accounts – Detection, Prevention and Recovery

Securing communication via email has become essential for every organization. Here at Ebury, we take email security very seriously and aim to protect our employees from social engineering techniques such as phishing. Attackers are now favouring simpler phishing attacks harvesting user credentials, as opposed to more sophisticated attacks involving malware. User credentials can allow an attacker access to an email account and consequently, to sensitive information that the attacker can use to dupe their victims.

Be suspicious if you receive emails asking you to verify your account or enter login details. These emails may redirect you to spoofed websites that can capture your credentials. Do not get scared by urgent requests – instead, go directly to the correspondent website and access it from there to verify your account status.

We are aware that detection can be challenging. Bigger organisations such as Ebury rely on machine learning engines to detect compromised accounts and quickly activate an incident response plan. For smaller businesses, it is critical to read your emails with care, check the sender, analyse the language used and look out for unusual requests such as a change of bank details for a supplier. To make sure your own account has not been compromised, regularly check for any forwarding rules or email filters in your email settings.

Detection is important but we would also like you to become familiar with some prevention measures that will help to keep your account safe. Always use complex, unique passwords and avoid using the same credentials across different systems as this will leave you vulnerable to attackers. Always configure multi-factor authentication where available and, if possible, utilise security mechanisms to detect phishing attacks or potential compromised accounts.

If you think your email account has been compromised, please follow these email recovery steps:

  • Change the password on your email account and any account that shares this password
  • Check your email filters and forwarding rules to ensure that no suspicious rules have been created that could be diverting your emails
  • Make sure you verify your sent items. Attackers may have sent fraudulent emails to your contacts
  • Change the Security Questions in the email recovery section of your email account
  • If not already active, enable 2 Factor Authentication on your email account
  • If not already active, enable 2 Factor Authentication on your EBO account
  • Clean up your browser cookies and cache
  • Ensure that your device’s operating system is up to date – any outstanding updates will install the latest security fixes
  • Run anti-virus software on your device. Ideally, there should always be anti-virus software installed and up to date on your device
  • Communicate this incident to your contacts

Tips to help sole traders, small and medium sized businesses in understanding and assist in complying with their data protection obligations

Ebury is committed to ensuring the security and protection of the personal information we collect and process in order to provide a consistent and compliant approach to data protection. The key principles we adhere to are;

  • Transparency in the use of personal data;
  • The lawful, fair and necessary processing of personal data ;
  • Ensuring the accuracy of personal data and removing when no longer necessary;
  • Keeping data safe and secure and protecting the integrity and confidentiality

With this in mind, it is important to acknowledge that cybersecurity and in turn implementing good data protection and security practices is everyone’s responsibility. Cyberattacks don’t only happen to large corporations. Small businesses, groups and individuals have to protect their IT systems, too.

Being your own boss is great and there are many rewards, however there are also many responsibilities in ensuring you protect the information that is important to you.

Following these tips is a good starting point in protecting the information you work with;

Tip one: Know what data you have

Even if you don’t think you use or keep a lot of data, you still need to know what personal data you have, so make a quick list of it if you haven’t already.

More Info
Also take into consideration the data you have saved on smartphones, tablets or computers. This could be people’s names and contact details, email addresses or notes that you have made.

Tip two: Keeping personal data? Tell people what you do with it

If you are processing and storing personal information, you need to let people know what you’re doing with their data. The easiest way to do this is to have a privacy notice available, either in a hard copy or on your website (see Ebury’s Privacy Policy (UK))

More Info
People have a right to know what you’re doing with their personal data.

Many small business owners use third-party suppliers to provide them with a ready-made privacy notice. If you choose this route over making your own, be aware that you still need to know what it says. Your privacy notice sets out your commitment to the individuals (e.g. customers/clients) who are trusting you with their personal data.

Tip three: Keep it safe

Where you are processing and storing personal data, you have to protect people’s data from getting lost or falling into the wrong hands.

Data Security doesn’t have to cost the earth, but any business that wants to be trusted has to get it right.
If you are using, storing or processing lots of data, and in particular personal/sensitive data then you need to take some extra steps to keep it safe.

Practical Steps to keep you IT systems safe and secure:

  1. Backup your data. Create a backup copy of your data, and do this regularly. Store it somewhere other than your main workspace, if possible; Consider the use of a cloud service for electronic data.. That way, if there is a break-in, fire or flood, you don’t lose anything.
  2. Use strong passwords. Make sure you, your staff, volunteers, and anyone else involved in your operations uses strong passwords – including smartphones, laptops, tablets, email accounts and computers.
  3. Take care when working remotely. If you, or people you work with do their work remotely, make sure the devices you use are as secure as the equipment you use in the office.
  4. Be wary of suspicious emails. Educate yourself and those working for you on how to spot suspicious emails. Checking for obvious signs such as bad grammar, requests for you to act urgently, and requests for payment will help you avoid being caught out. If it looks suspicious, don’t trust it – and warn your staff not to either.
  5. Install anti-virus and malware protection. And keep it up to date
  6. Don’t leave paperwork or laptops unattended. Data breaches can occur when staff and volunteers leave paperwork or laptops unattended. This could be in the boot of a car, on a train, or at home. Make sure you take steps to protect the personal data you hold by being vigilant and storing it securely away when not in use.
  7. Making sure your Wi-Fi is secure. Using public Wi-Fi or an insecure connection could put your valuable information at risk, so you should make sure you always use a secure connection when connecting to the internet.
  8. Lock your screen when you’re away from your desk. And make sure those working with you do the same. Taking steps to lock your screen when you leave your desk is a simple thing to do, but will prevent someone else from accessing your computer.
  9. Keep on top of who has access to what. You should consider and apply restrictions on who has access to your IT systems and buildings. Think about the principle of ‘need-to-know’, the fewer people with access, the better. Make sure you limit IT access to people who work for you, where possible. If someone leaves your company, or if they’re absent for long periods of time, you may want to consider suspending their access to your systems.
  10. Don’t keep data for longer than you need it. Staying on top of what personal data you hold will save you time and resources. It will also help you with your data protection responsibilities. Only keep what you need, for as long as you need it.
  11. Dispose of old IT equipment and records securely. Before you get rid of them, make sure no personal data or anything sensitive and important to your business is left of personal computers, laptops, smartphones or any other devices. You could consider using deletion software, or hire a specialist to wipe the data.

Some other simple security controls could include:

  • Making sure all potential entry points (doors/windows) have locks and are working;
  • Never leave anything unattended in vehicles;
  • Separating your business email account from your personal email account, rather than using the same one; and
  • Being extra vigilant when sending or receiving emails – to help prevent sophisticated phishing attempts and scams.

Information Commissioner’s Office [Data Protection when it’s just you]

If you detect any suspicious activity or if you have any questions, reach out to [email protected]