Common types of fraud

Card fraud occurs when your card or card details are stolen and used by someone else. Any unauthorized activity with lost, stolen, or misplaced cards is fraud.

Fraudulent individuals might steal the actual physical card or virtual card information. Then, they make purchases without your authorization.

Other names for card fraud include remote purchase fraud and card-not-present (CNP) fraud.

1. Issue single-use virtual cards (SUVs) instead of standard virtual cards. SUVs are more difficult to use fraudulently.
2. Block (cancel) lost or stolen cards immediately.
3. Only enter card details into text fields designed for card numbers and security codes.
4. Make sure your internet connection is secure before entering card details onto a website. If you're using public Wi-Fi, consider using a VPN. To be even safer, use the hotspot from your mobile device instead.

Fraudsters pretend to be legitimate organizations like companies, non-profits, or government agencies. They contact you by email, phone, or text message to steal your identity or convince you to transfer money. Here are some of the most common ways they do this:

• Phishing: email
• Vishing: phone call
• Smishing: text message (SMS)

These emails, phone calls, and text messages can be quite convincing, even linking to fake websites that look identical to the real organization's website. All three are common methods used to commit authorized push payment (APP) fraud.

1. Contact the organization through another established channel. If you received a phone call, for example, try emailing them instead.
2. Don't do anything urgently.
3. Check the email, call, or text message closely. Check for typos, spelling errors, or errors in the organization's name or email address.
4. Look carefully at website URLs. Fraudulent websites use URLs that look almost identical to legitimate ones. Small changes can be hard to spot. Watch for:
   • Missing letters. For example, swn.io instead of swan.io.
   • Lookalike characters, such as a lowercase "l" instead of an uppercase "I", or a "0" instead of an "O". For example, swan.i0 instead of swan.io.
   • Added hyphens or special characters. For example, sw-an.io instead of swan.io.
   • The wrong domain ending, such as .com or .org, instead of .io.
5. Open a new tab and search for the organization's website instead of opening the provided link.

If you receive an email from your company's CEO, president, director, or another top-level executive that seems to require immediate and urgent attention, you might be experiencing CEO fraud.

Fraudulent individuals try to trick you into urgent action outside of the company's normal processes. The emails can be quite convincing.

CEO fraud is also known as business email compromise (BEC), and is a type of authorized push payment (APP) fraud.

Subject: Urgent financial matter (confidential)

Hi Alex,

There's been an urgent development and we need to pay an invoice immediately. I'm in a critical meeting and can't send this transaction myself. Could you please handle it right away?

(includes transfer details)

Let me know when it's done.

Thanks,
Jules
CEO, MyBrand

1. Contact the "sender" (the CEO or other executive) through another established channel. If you received an email, for example, try calling them or sending them a direct message on the company's messaging platform.
2. Even when a request comes from an executive, never skip established security measures.
3. Evaluate the email closely. Check for typos, spelling errors, or errors in the executive's name or email address. Look at another email from the executive to see if the messages sound the same.

Fraudulent individuals send fake invoices to companies. They include their own banking details on the invoice, hoping the company pays without thinking twice.

These invoices often look authentic, complete with logos and other details that make them look real.

1. Always follow established processes to pay invoices.
2. If you're in charge of creating processes, make them rigorous.
3. Double-check supplier information on invoices, especially if the invoice feels out of place.
4. Build strong relationships with your suppliers. Contact them directly if an invoice wasn't expected or looks different.

When someone else tries to get access to your account, it's called account takeover fraud, often referred to as ATO.

Someone trying to trick you might pressure you into providing account or personal details. After they get into your account, they use it to send themselves money, steal additional personal details, and more.

1. Keep your account login information safe.
2. Use strong, unique passwords and passcodes every time.
3. Don't share account details over the phone. Remember, Swan might ask you to confirm your name and phone number, but nothing else.
4. Set up multi-factor authentication (MFA) or two-factor authentication (2FA) for your accounts. Turning on MFA and 2FA is like adding a second lock to your door. The key is often a one-time password texted to you or a code from a secure app. While MFA and 2FA add an extra step to logging in, they increase online safety significantly.
5. Only log into your payment account from secure networks. For example, use your phone's personal hotspot instead of free Wi-Fi at the train station or coffee shop.