Avoid online fraud

As our society digitises and we conduct more and more business online, fraud also increases. Cybercriminals now have more devices, occasions and opportunities to get our data or scam us online. Watch out for these 3 forms of online fraud: invoice fraud, CEO fraud and malvertising.

  • Invoice fraud
  • CEO fraud
  • Malvertising

Watch out for invoice- and CEO fraud 

These 2 forms of fraud are closely related: 

  • With invoice fraud, criminals usually target financial employees of companies, but individuals can also fall victim to it. You are then tricked into depositing money into the fraudster's account. Crooks mail you a fake invoice, with their own account number on it.
  • In CEO or BEC fraud, scammers take a very targeted approach. Using sophisticated methods, they convince you that you are being contacted by an executive, with the intention of making a payment or donating a gift card to the fraudsters.


A well-developed procedure for payments or processing invoices, combined with a healthy dose of distrust, is the best defence against these forms of fraud. We provide tips to protect yourself, both for companies and individuals.

 

Tips to avoid invoice- and CEO fraud 

As a company:

  • Make your employees aware that such frauds exist and how to recognise them.
  • Ask your colleagues to always be careful with payment requests. Always check for irregularities.
  • Work out internal guidelines for payments. For example, you can agree that payment requests received by e-mail will be checked for authenticity. Or that payments above certain amounts require additional consultation.
  • Check the information on your website. Transparency is good, but too much information is dangerous. Third parties should not know who your suppliers are, for example.
  • Urge your employees not to be too chatty on social media about your company.

As an employee:

  • Don't rely on the e-mail address mentioned in the 'From' line. That is very easy to fake! Scammers even perfectly imitate your supplier's layout and logos in the mail!
  • If you're in doubt, consult a colleague. 
  • Work out a guideline to have the correct bank account and payee confirmed for payments above a certain amount.
  • Do you get a request to change payment details? Then ask the company in question for confirmation. For this, do not use the details listed on the letter, fax, or e-mail you received, but the contact details you already had through previous correspondence.
  • It is always useful to have a regular contact at companies you regularly make payments to.
  • Don't share information about your employer, the hierarchy in your company, security or procedures. And be careful with social media!

7 tips to protect yourself against malvertising

Malvertising involves spreading malicious software through fake ads displayed on the websites you visit. Protect yourself with our 7 tips.

  1. Check which plug-ins, add-ons and extensions are active in your browser . For Firefox: click on the hamburger menu at the top right, and choose add-ons.
    Do you have the Flash plug-in? If so, we advise you to turn it off. This technology was often used in the past for animations on websites, but is a very easy target for hackers to package malware . Deactivate Flash in your browser - if you come to a site that doesn't work without Flash, you can still temporarily activate the plug-in, for that site. By the way, you'll notice that Flash is being used less and less.
    Do you also see the Java plug-in there? We recommend removing it. In the past, this technology was often used for corporate sites, e.g. for online banking. But even this technology often has leaks, and is therefore very rarely used on websites anymore. If there is still a website you need that requires Java, we recommend the 2-browser method: visit that particular website with a browser in which you activate Java, and visit all other websites with a different browser.
  2. Remove extensions, add-ons and plug-ins, that are in your browser, but that you don't use. 

  3. Keep your browser itself up-to-date. Install the update as soon as you get the notification that a new version is available. The same goes for all software on your machine and for the operating system (Windows, Chrome, iOS, ...) itself. This way, you avoid zero-day exploits where the hacker immediately exploits a leak in a software, even before a patch is available.

  4. When browsing: close tabs you don't use. That way there are fewer ads running in the background, and you also reduce risk.

  5. Always look at the underlying address of a web link before clicking on it. Move your cursor over the link to see the web address.

  6. Analyse the domain name carefully: banking.kbc.be.xyz is not a web address of kbc.be, but rather of be.xyz!

  7. Are you a domain holder yourself but have discontinued your business? Keep the domain name. This way, you will prevent it from being misused by third parties in a malware campaign. The small sum that registration costs annually can save you from a lot of misery!