Security Zone - Corporate
Keep your Finances Secure
Stay up to date and informed, and become a master of protecting your business
Cybercriminals are getting increasingly sophisticated in how they execute their attacks and are constantly developing new techniques to compromise our networks; even with the most advanced tools and techniques implemented to protect your organization, you need to be aware that you and your staff are now part of your ‘attack surface’ and are being used by bad actors to launch their attacks.
Managing and running a business can be time consuming without also having to manage the outcome of fraud or data security concerns. Our fraud prevention page contains helpful advice, hints and tips to allow you and your business to become digitally safe when online – this advice is designed to help you, keep your company’s money and information safe.
Moneycorp do not take fraud lightly and we are here to help you in protecting your finances. We have resilient processes and procedures in place to aid in the detection and prevention of fraud. However as the gate keeper of your business’ information there are a number of ways you can help protect yourself and your business from becoming a victim.
Moneycorp will never
Please note that we will never ask you for the following –
- Your PIN number – whether this is the PIN for your online portal or your prepaid card, this information should always be kept to yourself and never divulged.
- Request for remote access to your device – Moneycorp staff will never request remote access to your device. Our staff will offer to help you by talking you through the steps on how you carry out a transaction or a process. Should someone purporting to be from moneycorp (either by email or phone) ask to take control of your device this indicates that the person is not legitimate and we would request you contact Moneycorp customer services as soon as possible.
- Request a full copy of your bank card number (UK Only) – Moneycorp staff may from time to time request a copy of your bank card in order to validate payments. However we do not require, and will never ask for the full card number and will instruct you to mask a specific number of digits of the card. So, should you be requested for a copy of the front and/or back of your card WITHOUT being masking please treat this request with suspicion and contact Moneycorp customer services as soon as possible.
How Moneycorp protects you
Moneycorp want you to have the best possible experience and, at the same time, protect of your funds. As part of our protection here are some of the of the actions we may carry out –
- Validation of new Beneficiaries – When setting up a new beneficiary we may occasionally carry out a call back to verify the new instruction. In addition, for your protection, Moneycorp may also send you an SMS and/or email notification (if you have signed up to receive these) when a new recipient is set up on your account. If you receive one of these messages and do not recognise the new banking details, please contact us immediately.
- Telephone Identification – We carry out identity verification on calls to protect you and your account.
- Fraud Prevention Tools – As trustworthy and reliable foreign exchange specialist we always have your account security in mind, and to aid in the combat of fraud and cybercrime we have a number of systems working in the background helping to protect your money and data.
How to protect your Business
- Please ensure you keep your company’s contact details (telephone number, email address, address) up to date, to allow us to validate and verify you quickly. Please contact customer services or your account manager to request information on how you can update these details.
- Keep all passwords, PINs and security information safe, and do not write them down or leave them in an area that is accessible to others.
- Always enter our web address (www.moneycorp.com) straight into your browser. Do not use links from emails or any other sites that you do not trust. Always make sure that the padlock symbol is displayed alongside our web address.
- Always verbally check bank details with payees – if an email account has been compromised (yours or theirs), you could be sending your money to a fraudster.
- Never accept third party banking details or changes to payment instructions from suppliers or business partners by email only. Always re-confirm the information by phone using a known telephone number for that company or individual or in person.
- Treat any “urgent” payment requests by email from the CEO or a senior manager in your company with caution. To be absolutely sure, verbal contact should always be made with the person sending the email to confirm the payment, using a known contact number from your internal records.
How to protect your business online
Taking a few extra security precautions can help secure your business, and help embed a security culture to aid in the protection of your business. Your employees are an important line of defence for your business’ finances and information, so education and awareness of fraud and cybercrime prevention for all involved with your company is very important in protecting it.
Here are some helpful hints and tips on how to stay cyber safe –
- Back up all company data so it can be restored in an emergency.
- Use more complex passwords – setting a more complex password means a fraudster will have less of a chance in guessing it.
- Do not repeat passwords /PINs – use different passwords and PINS for each account /website.
- If you notice any transactions on your account that do not appear to be genuine please report them immediately.
- Open Wi-Fi – Please try not to conduct financial transactions while using an open Wi-Fi network or from public computers (i.e. Internet Café or Coffee shop Wi-Fi) as these internet connections may not be secure.
- Install internet security or anti-virus software and ensure that you have an active firewall
How do I know my money is safe with Moneycorp?
Entrusting your money to somebody else is always a daunting prospect, and moneycorp understands how important it is to repay the faith that has been placed in us. Having operated for 40 years, we have developed a reputation as a trustworthy and reliable foreign exchange specialist.
As an Authorised Payment Institution, we are required to safeguard customer funds held overnight (or longer) into segregated client accounts provided such funds are held in respect of a payment service.
We know that security is one of the most important aspects to consider when choosing a payments company, and so if you have any questions about our business practices, please call us on +44 (0) 207 823 7800 where we will be happy to address any concerns.
Watch out: these fraud types are about
Investment Fraud /Scam
There are many investment opportunities out there and it can sometimes feel like navigating a minefield. Below are some helpful hints and tips on how you can protect yourself and your business from becoming a victim of investment fraud / scam:
- Un-solicited contact – Should you be contacted out of the blue with no initiation of contact on your part, always remain on guard regarding the validity of this approach.
- Application of pressure to complete – Should you feel like you are under pressure to invest immediately (i.e. invest now as this offer is only available for you for the next hour) make sure you step back from the situation and carry out all the checks you need to validate the offer prior to sending any money. Make sure you feel comfortable and not rushed before agreeing to anything.
- Advice and verification – Always seek independent advice before signing up to anything.
Business Email Compromise / Invoice fraud
A Business Email Compromise is when a fraudster sends an email message that appears to come from a known source making a legitimate request. Here are some examples of suspicious requests or emails and how to approach them –
- A supplier or vendor your business regularly deals with sends an invoice with different bank account details than normal. If you’re asked to update the bank details you have for a supplier – or if you get sent new bank details to pay an invoice – always call a contact you know at the supplier or vendor to check the request is real. Don’t reply to the email address or use the details they send you, but get in touch directly with someone you already know and trust.
- Spoofed emails address – Your supplier/ vendor email address is @ExampleCompany.com, but the email received has come from @ExampleC0mpany.com. Paying attention to small details such as this may save your business big money in the long run.
- Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Be especially wary if the requestor is pressing you to act quickly or asking you questions that are not in line with previous communications or the nature of the business.
Should you feel any of the above scenarios have occurred please carry out the following –
- Check whether the email compromise has come from within your company or has it originated from your supplier?
- Should it have come from within your company please make sure to –
- Run antiviral checks on all company devices
- Re set passwords for all systems used on your company devices
- Check all account activities and check statements/ transactions to make sure all are correct. Should you identify any transaction that is not genuine please notify us as soon as possible.
- Should it be confirmed as coming from a supplier / vendor please make sure to act with caution when communicating with this company and double check with them that they have carried out the required IT security checks to make sure their systems are safe. In the interim period it is best practice to not communicate via the compromised channel until you are reassured it is safe.
Make sure all of the staff who work with payments know about this type of scam.
With the ever increasing flow of emails identifying a fraudulent one can be hard. Fraudsters use fake emails as bait to get you to either follow a link, send a payment or divulge confidential data. Always check an email’s validity, especially if this is un-solicited contact which you were not expecting. The type of request a fraudster may send will vary, however they may:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account and/or payment information
- say you must confirm some personal or business information
- include a fake invoice
- want you to click on a link to make a payment
Tips on how to spot a non-genuine email –
- Check the email domain from where the email has come from – this should align with the organisation/entity where the email is supposed to have originated.
- Check spelling and how the email addresses you – Genuine emails will nearly always be addressed to you personally and should not contain spelling/grammar errors.
Should the email contain a link always check the URL. From a desktop device this is done by holding your curser over the link. On a Mobile device press and hold on the URL. In both cases the associated URL will appear indicating where the link will take you to. Genuine links should contain information directly relating to the sender.
CEO / CFO Fraud
Due to the level of trust put into company email communications today we all get requests to carry out actions via email and we do not question them. It is this lack of questioning of email requests that the fraudsters use to try and get staff to carry out transactions or payments.
CEO or CFO fraud, also referred to as Spear-phishing relates to a specifically targeted email attack in which the attacker impersonates your CEO, CFO or other Senior Manager. The aim of the email is to get you to either carry out transactions/ payments or share sensitive information. Below are the two most common ways a CEO / CFO fraud is carried out -
- Name Spoofing – This is when the fraudster uses the real name of your CEO or CFO, but uses a different email address. Frequently (but not always) the email address the fraudster uses is similar to the company domain with a slight variation e.g. A8C.com instead of ABC.com. With this type of fraud the hope is that the slight variation of the email address will not be noticed and the email will be actioned.
- Name and email spoofing – This is where the attacker uses both the CEO’s or CFO’s real name and their correct domain. In this form of the attack, the attacker typically uses a reply-to address that is different than the sender address, so that your response to the email will go to them.