You Are Here: Home > About Us > Corporate Disclosures > Online Fraud and Security Notice

Online Fraud and Security Notice

Last updated: May 2022
 

How we protect our clients

ICBC Standard Bank Plc takes great care to ensure the ongoing security of clients’ assets and personal information.

The evolving nature of the cybersecurity landscape means that we are continually reviewing the threats that we face to allow us to take appropriate measures to help anticipate issues before they arise and to respond accordingly when they do. We have multiple layers of security protection and will continue to make investments in cybersecurity and fraud-prevention technologies. We provide our staff with training on cybersecurity awareness and fraud protection policies and procedures.

Clients play a key role in protecting their information and we ask that they remain vigilant to online fraud and scams.  A brief reminder of some of the way’s clients should do this is detailed below.

How clients can protect themselves

Please consider the widely adopted safeguards below which will help to protect you from the most common online fraud and scams.  Please also note the statements about our business practices.

Online security safeguards:

o    Do not open emails or text messages or click links or download files sent by unknown sources;

o    Do not respond to unexpected requests for validation of your security or personal details;

o    Do not respond to requests that threaten to close or suspend your account or access if you do not take immediate action;

o    Avoid being targeted by fraudsters by limiting the amount of detail in social media posts about your professional role or in professional networking sites;

o    Use only software approved by your company and follow your firm’s data security policies;

o    Use a strong password / passphrase for email and other key systems and enable two-factor authentication whenever possible;

o    Install anti-virus software on your personal computer and devices, and sign up for automatic updates to keep your software up-to-date; and

o    Beware of free wi-fi. Make sure no-one can access or install malware on your computer or mobile devices and preferably use a VPN.

Anti-fraud safeguards:

o    Be especially wary of emails containing payment instructions – especially payments to overseas bank accounts or any late changes to expected instructions;

o    Always verify changes to payment details by telephoning us directly using a number you already have on record and not one contained in the payment email; or use our online services (e.g. Phoenix) to verify our payment instructions as these are protected by strong authentication and encryption controls;

o    Check your account balances and transactions for fraudulent activity frequently and if available, enable the alerting facility on your account; and

o    Be particularly vigilant around holiday periods as cyber criminals are known to attack when a victim company may have staffing shortages.

Reminder of our Business Practices:

o    We will only very rarely change our contact or account details (including settlement instructions). If you ever receive a request related to such a change, please reach out to your contact with us to verify the authenticity of such a communication or validate the details by using our online services (e.g. Phoenix);

o    We do not send emails that require you to enter personal security information directly into an email or a website; and

o    We do not send emails threatening to close your account if you do not take the immediate action of providing personal or business information into an email or a website.

You cannot fully trust email communication

Owing to the nature of email communication and its reliance on a wide range of technical and organisation security controls at the sender and receiver ends and at all stages in between, email cannot be regarded as being 100% trustworthy.  Please always verify critical information with your contact at ICBC Standard Bank Plc using a different communication channel.

Below are some common email cyber-attacks and how you should respond to them.  However, it is important that you consider the cyber risks to your organisation independently and take all necessary precautions to protect your firm.

Business Email Compromise

This is an umbrella term for a range of sophisticated fraud schemes used by criminals to trick employees of victim companies into divulging company sensitive information or allowing payments to be made based of fraudulent instructions.  The most common methods used are:

o    Fraudsters may take over or hack an employee’s email account.

o    Fraudsters may send a spoofed or masked email containing a fake header that hides the true origin of the message.

o    Fraudsters may purchase a domain which closely resembles a legitimate company domain then set up email account linked to this to target the victim company.

In order to reduce the likelihood of business email compromise, you can, among other things, train employees to recognise suspicious emails and implement controls to highlight emails sent from outside your organisation.

Social Engineering

This is a method of manipulating employees of a victim company into divulging sensitive information or causing them to take an action which would break with your normal procedures.

Phishing is a common form of social engineering which involves a fraudster emailing a victim company with the intent of manipulating an employee to complete an action or provide sensitive information.

Vishing is a form of social engineering that takes place over the phone with the intention of gaining sensitive personal and/or organizational information. The scammer would usually impersonate a customer, employee or organization in an attempt to gain the trust of the victim.

Smishing is the same as the above but conducted by text messages which are more easily spoofed owing to the relatively poor security of voice and text communication.

In order to reduce the likelihood of social engineering, you can, among other things, ensure that your employees always validate and authenticate who they are talking to and ensure that they never give out passwords or secure information.

Email Spoofing and Brand Impersonation

This is a method of collecting sensitive information from employees of a victim company via email by impersonating a trustworthy source. Fraudsters may impersonate a familiar source in an attempt to gain information about the employee or any known affiliate.

This impersonation often involves the use of a slightly altered email domain name or address that the receiver might not notice.  By adding official-looking logos, banking registration details and company numbers, these well-crafted deceptions give the impression that everything is legitimate

In order to reduce the likelihood of email spoofing, you can, among other things, ensure that your employees keep their email accounts secure by following our online security safeguards and also training them to identify altered email addresses and websites. 

If you receive an email that you are suspicious about then contact the head office switchboard or use contact details that you already have but never use numbers supplied by the person you’re suspicious of or use links they in their email.

Malware

This is software that is hostile or intrusive which aims to steal, manipulate or corrupt a victim company’s data. The fraudster may also use this malware to monitor employees’ habits, collect data and modify or create payments.

Some examples of malware include viruses which self-replicate and spread to other computers to steal information; and a ‘Trojan-Horse’ which is malware that is disguised as a normal file.

In order to reduce the likelihood of malware, your firm can, among other things, block access to suspicious websites, scan email attachments, disable auto-run of macros when opening Microsoft Excel, ensure all software is patched and updated, ensure antivirus is updated and performs regular scans, regularly back up and secure data, flag all external emails and restrict the ability to send and receive external emails.

Reporting an online security concern

Please contact your Account Executive immediately if you notice suspicious activity on any of our services or receive a questionable email or text that appears to come from ICBC Standard Bank Plc.

Additional Third-Party Resources

Get Safe Online.  Guidance on how to protect against fraud, identity theft and other online threats.

Bank Safe Online - UK.  Guidance on how to protect your information from potential fraudsters and learn how to bank safely online.