Change language:

SEB: Businesses not immune from the clutches of fraudsters

A payroll account fraud scheme is currently making the rounds, targeting companies with the aim of diverting wages paid by employers to fraudsters’ accounts.
 
‘For example, a human resources officer or department manager receives an e-mail, seemingly from an employee, stating that they wish to receive their salary in a new current account, starting from next month. If the e-mail is sent from the employee’s personal e-mail, i.e., the sender’s address is actually correct, then the employee’s e-mail has previously been hacked and the letter sent from there. Often, however, fraudsters generate a new e-mail address, which can be very similar to the real e-mail address, or a completely absurd combination of numbers and letters,’ warns Kätlin Kukk, Head of Security at the SEB Security Centre.
 
In the event that the account number is actually replaced with a new one, the employee’s pay will not reach their account in the next month, instead falling into the hands of the fraudsters.
 
An example of a fraudulent e-mail:
 
-----Original Message-----
From: <mb.it79242@gmail.com>
Sent: Friday, June 10, 2022 4:16 PM
To: Personal
Subject: Re: Change IBAN pay slip
 
Hello,
OK, here are my new IBAN details below:
IBAN: EE0000000000000000
BIC: 00000
Please let me know when you have successfully updated it, and when is the next payment date?
Thank you.
 
How to behave:
•    If you receive an e-mail from an employee with the abovementioned content, make sure to contact the employee and specify the content of the e-mail. By word of mouth, specifically, as we do not know who actually has control over the electronic mailbox. Let the employee verbally confirm their wish.
•    Pay attention to the sender’s address, as to how credible it is. Critically evaluate the text, i.e., its grammar and structure. Since fraudsters use translation programs to generate text, the result of the translation is not always in proper Estonian.
•    It can also be helpful to require key activities in the company to be digitally signed.
•    If there are any indications of becoming a victim or you have become a victim, make sure to run an antivirus scan on your computer, because e-mails can also contain viruses.
•    If you have fallen victim to fraud, contact the police and also inform your bank immediately, using the contacts on the bank’s official website. The sooner you contact your bank, the more likely it is that pathways to further abuse will be closed faster.
 
Additional information:

Katre Kärner
kommunikatsioonijuht
ärikliendi valdkond

Telefon +372 5560 9962  
katre.karner@seb.ee   
 

News and updates

View archive