Understanding cyber crime

Online fraud threats evolve all the time. Knowing which warning signs to look for can help keep you and your organisation secure. 

Common types of fraud

In the age of online banking and remote working, the threat of fraud has grown. You no longer need to protect just one computer in your office, but multiple accounts accessing cloud services from many different locations. Scammers are using advanced techniques to get past your security.

Don’t worry, you can help protect your organisation by staying in the know. Here are the common types of fraud and how to spot them. 

Social engineering

Fraudsters will use a range of techniques to trick you into sharing banking information or transferring money – usually over the phone, by text message or email. Often criminals use more than one approach to build a level of trust. These tactics are known as social engineering. 

They can be especially effective because people are generally easier to manipulate than technology. The best way to protect yourself against social engineering is to be aware of the kinds of techniques used. Some of them are very subtle, making them hard to spot.

How to defend yourself

1. Resist pressure – a criminal will try to prompt you into action by creating a sense of urgency or making you feel guilty. Would a senior manager really email you to arrange an emergency payment?

2. Beware of emotion – social engineers may act emotionally to try and dissuade you from challenging them.

3. Check who you’re talking to – they can often imitate your colleagues, partners, suppliers or friends. If something seems unusual, contact that person yourself using known contact details.

4. Be suspicious of saviours – a fraudster may create a problem for you, then offer to resolve it in exchange for your information or money.

5. Don’t divulge information – if you don’t know who you’re talking to, don’t answer lots of questions. What might seem innocuous can help them collect sensitive data, so be guarded.

Invoice fraud

With more information being shared online all the time, it’s now possible for fraudsters to find out who your suppliers and clients are, then start sending fake invoices.

These attempts can be convincing and can catch the unwary off guard. It often begins with a simple email request to amend payment details for a transaction, from what appears to be a genuine contact.

Read our banking scams guide for tips on spotting and preventing invoice fraud.

Real customer stories

A customer received an email from an existing supplier asking them to send a payment to the supplier’s new bank account. This came from a known email address, so the customer changed the details and made the payment.

In a similar case, after accepting a quotation, another customer was asked to send a part-payment to a different bank account to pay for materials which their supplier had ordered.

In both examples, the reality was that fraudsters had hacked the suppliers’ email accounts and provided fraudulent bank details. The scams were only uncovered when the genuine suppliers requested payment. Unfortunately, the money was long gone by the time the frauds were noticed.

Malware and spyware

Malware is the common name for malicious software – often installed onto your computer without your knowledge as a way for hackers to access your data. Common symptoms are a slow computer, pop-up messages or being re-directed to malicious web pages.

Spyware is a specific type of malware that monitors and logs your activity to steal personal information without you realising.

Read our guide to discover simple tips for safeguarding your organisation’s systems and operations.

Phishing and scam emails

Phishing is when fraudsters send emails embedded with links to websites where you’re asked to provide confidential personal or financial information. These emails can be designed to look legitimate and the website may even look like one you’re familiar with.

A real customer story

An email from a colleague may not always be what it seems. A charity’s Finance Manager received an urgent request from the Finance Director, asking for a large payment to be made on behalf of the Chief Executive. The Finance Director promised to send the paperwork authorising the payment the next day, as he was taking his daughter to hospital and would be unavailable for the rest of the day.

The Finance Director had responded to a phishing email, which gave fraudsters access to his email account. They then used this to send the fraudulent request to the unsuspecting Finance Manager.

How to protect yourself

If you’re in any doubt, don’t reply. Never click on links in an email that you are not expecting or looks suspicious in any way. The safest action is to get in touch with the company using contact details that you’re sure are genuine.

If you get an email claiming to be from us asking for personal information. or your Online banking log-in details, forward it straight away to us at scamreporting@cafonline.org

Vishing and phone scams

If you receive a phone call from someone asking for your personal information, you’re likely the target of a vishing scam. Normally, the caller will claim to be bank staff, police or someone else in a position of trust.

During the call they will quickly try to convince you to transfer your money to protect it from some other imagined threat. They will typically ask you to withdraw cash and hand it over to the fraudster, or share personal financial information they can use to access your finances.

Another example is the computer takeover scam. A cold caller impersonating a banking, telecoms or internet service provider requests access to your PC or online banking service to help resolve a problem.

You're then asked to visit a website or enter a command on your computer. This gives over control of your computer remotely. From there, the scammer can attempt to capture your bank account details.

How to protect yourself

1. Be wary of unsolicited calls – especially if you’re asked to provide personal information, or to grant access to your computer or software applications.

2. Don’t be afraid to hang up – if you’re suspicious or feel vulnerable, simply end the call. They may stay on the line, so make a call to a colleague to make sure the fraudster isn’t still connected.

3. Watch out for call spoofing – fraudsters can fake the telephone number shown on your caller ID to make it look like a genuine bank telephone number. If you’re suspicious at all, contact us yourself.

4. Never share your details – we will never ask you for your PIN number or full security details over the phone

5. Don’t give out your card – we’ll never send someone to collect your CAF Bank Business card from you.

Always remember that the criminals may already know your name, address, or account sort code – this only means they’ve done their research. If a call sounds suspicious, it probably is.

A real customer story

Our customer received a call from someone claiming to work for their internet provider. The caller claimed there were issues with the customer’s broadband, and asked for some details to fix the issue. This included security details for the customer's online banking accounts. Worried about being disconnected, the customer provided the details over the phone.

After the call, the customer received a text message from CAF Bank to let them know that a new payee had been set up on their account. The customer phoned us to explain the situation and make sure no payment was sent.

Thanks to the customer having text alerts active on their account and contacting us swiftly, this case had a positive outcome.

Seen something suspicious?

Find out the best way to report it to us.

Contact us

CAF Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 204451).

CAF Bank Limited Registered office is 25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4JQ. Registered in England and Wales under number 1837656.


Charities Aid Foundation © | Registered Charity Number 268369
25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4TA
10 St. Bride Street, London EC4A 4AD
Telephone: 03000 123 000