Trust & Safety

  1. Home
  2. Trust & Safety

Mandate Fraud

Mandate fraud takes place when you or an employee is deceived into changing a regular payment mandate (such as a direct debit, standing order or bank transfer), by purporting to be an organisation you make regular payments to such as a supplier, membership or subscription organisation.

Your business is contacted by someone claiming to be an existing supplier and told to amend the direct debit, standing order or bank transfer instructions to their new bank account. You will not suspect fraud until you are contacted by your genuine supplier to say that the monthly payment has not been made, or goods or services are not delivered.

You receive an email, letter or phone call from a publishing, information services or other subscription organisation, informing you of revised payment details to a new bank account. You will not suspect fraud until you stop receiving the goods or services subscribed to, including online services such as information resources and news feeds.

Your online bank account is illegally accessed by a fraudster and the payment mandate details altered so that the money is transferred to the fraudster’s account.

Always verify requests for amended payments to an organisation directly using established contact details.

If a call seems suspicious, hang up and call the organisation using established contact details.

Never leave invoices, regular payment mandates or similar information unattended for others to see.

Check bank statements carefully and report anything suspicious to your bank.

Make sure colleagues, particularly those in a finance function, are aware of the risks.

Notify your bank immediately if you notice any unusual activity on your account or suspect that mandate fraud has occurred.

Notify the organisation which has been impersonated.

If fraud has been committed, report it to Action Fraud on +1(518) 444-1101  or online at If you are in Scotland, contact Police Scotland on 101.


Ransomware is a form of malware that provides criminals with the ability to lock a computer from a remote location – then display a pop-up window informing the owner or user that it will not be unlocked until a sum of money is paid. Recent well-publicised examples are CryptoLocker, Cryptowall and WannaCry (and variants of these under different names.

In some cases, the only usable part of the computer is the number keypad to enter a PIN to enable payment to the criminals. An additional twist is that an accusation of illegal activity or a pornographic image may sometimes appear on the locked screen, making it more difficult through embarrassment for some users to seek help from anybody else, and simply resort to paying the ransom.

  • Open a malicious attachment in an email.
  • Click on a malicious link in an email, instant message, social networking site or other website.
  • Visit a corrupt website.
  • Open infected files from web-based digital file delivery websites, for example HighTail (formerly YouSendIt) or Dropbox).
  • Open corrupt macros in application documents (word processing, spreadsheets etc).
  • Connect corrupt USB connected devices (eg memory sticks, external hard drives, MP3 players).
  • Insert corrupt CDs/DVDs into computers.
  • Not being able to access any files or functions on infected computers ever again.
  • Still not being allowed access to your files or functions, even when you have paid the ransom.
  • Do not reply to, or click on links contained in, unsolicited or spam emails from companies or individuals you do not recognise.
  • Visit only websites you know to be reputable.
  • Always install updates to software and apps – including operating systems – as soon as prompted.
  • Ensure you have effective and updated internet security software and firewall running before going online.
  • Perform regular, automatic backups, preferably online to facilities that meet the security needs of your organisation and enable fast, easy access to backed up data.
  • To detect and remove ransomware and other malicious software that may be installed on computers, run a full system scan with an appropriate, up-to-date, security solution.
  • If any computers have been locked by ransomware, seek professional advice from a trustworthy source. Even then, it is possible that you may never be able to access your files again.


The term malware refers to software designed and distributed to gain unauthorised access to computers and other connected devices, disrupt their normal operation, gather sensitive or confidential information or spy on the device’s user(s).

Common types of malware

A virus is a file written with the intention of doing harm, or for criminal activity.  Some are noticeable to the computer user, but many run in the background, unnoticed by the user. There are many types of virus. A worm, for example, can exploit security vulnerabilities to spread itself automatically to other computers through networks. A Trojan horse (or simply ‘Trojan’) is a program that appears harmless but hides malicious functions. Potentially, a virus could arrive on your device in the form of a Trojan, with the ability to replicate itself before moving on to another device (a worm) and also be designed as a piece of spyware.

Spyware is a type of virus that is specifically designed to steal information about your activity on your computer or other device. Spyware writers have a number of different objectives, mainly fraudulent financial gain or identity theft. Spyware can perform a number of illicit functions, from creating pop up advertisements to stealing your bank login details by taking screen shots of the sites you visit and even logging the keys you type (known as a keylogger). Spyware may also be self-replicating. An increasingly common form of spyware is a Remote Access Trojan (RAT), via which a fraudster or other cybercriminal can take over control of infected devices remotely and use it as if he / she were the authorised user. This can include activating webcams and physically spying on users’ actions.

Ransomware is an insidious form of malware which enables cybercriminals to lock down a computer or other device remotely, then charge a ransom to ‘unlock’ it. Ransomware is covered in detail on this site here.

Other types of malware include rootkits, dishonest adware and scareware.

Malware can attack your computers or other devices via the following means:

  • Opening infected email attachments such as .exe files.
  • Opening infected files from web-based digital file delivery companies (for example HighTail (formerly YouSendIt), Dropbox).
  • Visiting corrupt websites, which you may have been directed to via fraudulent links in emails or social media posts.
  • Via the internet, undetected by the user (worms are an example of this).
  • Macros in application documents (word processing files, spreadsheets etc).
  • USB connected devices (such as memory sticks, external hard drives, MP3 players, cameras).
  • CDs/DVDs.
  • Identity theft.
  • Fraud.
  • Invasion of personal privacy.
  • Theft, deletion and / or corruption of data.
  • Non-compliance with data protection rules.
  • A slow or unusable computer.

It is vital to keep your internet security (anti-virus, anti-malware software up to date in order to provide the most complete protection. Millions of new strains of malware are detected every year, to say nothing of the variants of new and existing ones. Each has a set of characteristics or ‘signatures’ that enable internet security software manufacturers to detect them and produce suitable updates.

Most internet security software automatically downloads these updates (sometimes referred to as ‘definitions’) on a regular basis, as long as you are online and have paid your annual subscription (for a paid-for product). This should ensure protection against even the latest malware threats.

The software scans for viruses in a number of different ways:

  • It scans incoming emails for attached viruses.
  • It monitors files as they are opened or created to make sure they are not infected.
  • It performs periodic scans of the files on your computer.

Some internet security software also scans USB connected devices (eg memory sticks, external hard drives, MP3 players), as they are connecting. Some also highlight suspect websites.

Internet security software will not protect you against:

  • Any kind of fraud or other criminal activity online not initiated by malware.
  • A hacker trying to break into your computer over the internet.

Internet security software is not effective if it is switched off or not updated with the latest virus signatures.

Depending on the size of your organisation, there are a number of choices that you can take to decide which internet security software to buy:

  • Package or standalone antivirus/antispyware software

Most internet security software vendors sell straightforward programs that only scan for viruses, as well as full security packages that provide other protection including firewall, spam filtering, anti-spyware controls and internet content filters. Antivirus/antispyware packages alone are available at relatively low cost that any business can afford. A package should include everything you need to protect your computers, mobile devices and infrastructure against online threats, and represents a smaller investment than buying each component separately.

Consider internet security software designed to make installation, updating and management easier across multiple devices.

  • Free internet security software

There are a number of antivirus and antispyware products that are free – including some for commercial use. In most cases, these ‘free’ products are no-frills versions of purchasable products which the manufacturer hopes you will upgrade to in the future. The protection factor is likely to be equivalent to the paid-for version, but there may be limited or no technical support and some reduced functionality, for example in scheduling full scans.

Windows Defender software is included – and enabled by default – in Windows 10, Windows 8, Windows 7 and Windows Vista. The Microsoft product is designed to prevent, remove, and quarantine spyware in Microsoft Windows. It was formerly known as Microsoft AntiSpyware.

Some manufacturers and retailers provide security software bundled with the computer. You do not have to use the security software supplied, but if you decide to keep it, do not forget to subscribe once the free trial period is over so that it stays up to date.

Also note that you should check carefully with vendors’ instructions before using one internet security software product with another – as doing so may render both ineffective.

Internet security software is available from vendors’ websites, specialist business computing retailers, high street stores and online retailers. When purchasing in store, it is normal to load a disk and then download updates over the internet when prompted. When purchasing online, you will automatically download the latest version incorporating all updates.

Free internet security software as described above, is also available from some internet service providers (ISPs) and banks. It is also possible to download free software from the internet, but be sure you are using a trustworthy website.

Apart from installing internet security software and keeping it updated, we recommend a number of other ways in which to keep your computers, mobile devices and network protected against viruses and spyware. After all, prevention is better than cure.

  • Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  • Be careful with USB connected devices (eg memory sticks, external hard drives, MP3 players) as they are very common carriers of viruses.
  • Be careful with CDs/DVDs as they can also contain viruses.
  • Do not open any files from web-based digital file delivery companies such as HighTail (formerly YouSendIt) or Dropbox that have been uploaded from an unknown, suspicious or untrustworthy source.
  • Switch on macro protection in Microsoft Office applications like Word and Excel.
  • Buy only reputable software from reputable companies.
  • When downloading free software, do so with extreme caution.


The term hacktivism is used to describe the hacking of a website or social networking page to cause disruption or make a point on politically, socially or ethically motivated grounds. A hacktivist (hacking activist) is someone who combines strong beliefs with technical know-how to attack a website or company against who he or she is protesting, or holds opposing views. This may take the form of a denial of service (DoS) or distributed denial of service (DDoS) attack to disrupt traffic to one or more websites, or a highly visible, controversial message on the website’s home page.

High-traffic, influential websites and social networking feeds of large corporates or government departments tend to be affected most by hacktivism, but no organisation is immune.  ‘Anonymous’ is the highest profile international group of hacktivists in recent years.

  • Disruption of service of your website.
  • Loss of revenue, reputation or both.
  • Aspects of your organisation – or individuals working in it – which are not widely known, being revealed in a negative context.

If you are hosting your own website rather than using a third party hosting company, ensure that the hardware and software is secure:

  • Use strong, protected passwords throughout the system. Do not leave any password set to its default value.
  • Make sure the server is protected by an effective firewall and internet security software.
  • Monitor log files carefully to spot any attempts at intrusion.
  • Use the latest version of any ecommerce software. Old versions may have flaws that hackers can exploit.
  • Never store customers’ private information and credit card details on a public ecommerce server.
  • Protect your SSL details and keep them secret.
  • If you consider that your website may be vulnerable to a DoS or DDoS attack, locate and consult a DDoS protection specialist who has the relevant knowledge and tools to protect your business
  • Consider using a professional penetration testing firm to test the defences on your ecommerce server.
  • Review its security and availability policy and arrangements.
  • Check that the service level agreement is adequate for your needs.
  • Consider using a professional penetration testing firm to test the defences on your hosting company’s server.

DDoS Attacks

It is becoming increasingly common for organisations to be hit by online attacks which render their website unable to service legitimate requests. Distributed Denial of Service (DDoS) is not a form of hacking, but simply an orchestrated overload of concurrent visitors, swamping your web infrastructure. Such attacks are frequently caused not by many people visiting the site at one time to reduce its efficiency or even ‘crash’ it, but by a botnet (network of infected robot computers) being remotely controlled to do so by cybercriminals. Most victims are high profile organisations such as multinationals, government agencies and banks / other financial services providers. However, no organisation with a website is immune.

  • Blackmail / extortion.
  • Negatively affecting or even destroying your reputation.
  • Unfair competition (exploiting your loss of service to gain your affected customers).
  • A grudge against you or your business.
  • The desire to gain credibility amongst the criminal fraternity.

In technical terms, DDoS attacks can come in many forms, and like many aspects of the internet require in-depth knowledge to fully understand and guard against them.

If you have reason to believe that you are a potential target of a DDoS attack, we recommend that you locate and consult a DDoS protection specialist who is equipped with this knowledge and the accompanying tools to protect your business. He / she should be able to recommend and implement a technical solution to mitigate the threat to your business.

Every organisation with a website should ensure that it is protected as much as possible against unusually high (and unanticipated) volumes of both unlawful and legitimate traffic.

You should conduct a risk assessment, considering all reasonable eventualities, and have in place the web server capacity, bandwidth and processing power to handle large concurrent volumes. Arrange with your hosting provider to facilitate flexible and proactive handling of short- or no-warning loads and consider load-balancing to multiple servers. These arrangements will come at a cost, but you will have to balance this against the risks and consequences to your business and may be able to negotiate.


Social Engineering

Social engineering is the route to many types of crime including fraud and identity theft. It refers to the act of manipulating or deceiving someone into certain actions including divulging personal or financial information … a kind of confidence trickery. It exploits elements of human nature such as fear of loss, being protective, wishing to be helpful, or obliging others. There is seemingly no limit to the elaborate lengths that fraudsters will go to in order to achieve their ends. Social engineering is designed to be highly convincing, with hoax approaches emulating normally trustworthy sources such as your bank, the police or a government department and often made more convincing by the presence of information already held about you or your business by the fraudster.

  • Responding to a fraudulent email claiming to be from your company’s bank or credit card provider, a government department, a membership organisation or a website you buy from, directing you to follow a link to supply confidential details – typically a password, PIN or other information. This is known as phishing.
  • Supplying details to a fraudster who has phoned your company claiming to be from your bank or credit card provider or the police and inventing a problem. They ask for confirmation of confidential information in order to solve the problem. This is known as vishing. They may additionally despatch a ‘courier’ to collect payment cards or other records, known as courier fraud.
  • Receiving a phone call from somebody claiming to be a legitimate support agent for your computers or software, and telling you that you have a technical issue. They sound genuine, so you or a colleague gives them your login details – which can result in fraud or identity theft. Alternatively they are granted remote access to take over your computer or network, resulting in it being infected with malware. People claiming to be from ‘IT support’ in your business may request your or colleagues’ passwords in order to infiltrate company systems and data.
  • Picking up and inserting into computers USB sticks, memory cards, CD-ROM/DVD-ROMs or other storage medium that has been deliberately left lying around and contains malware. This is known as baiting.

Inadvertently granting a criminal physical access to computers, servers or mobile devices.

  • Never reveal confidential or financial company or customer data including usernames, passwords, PINs, or ID numbers.
  • Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or phone call.
  • If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
  • If you are asked by such a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card – but not one given to you by the caller, nor the number you were called from.
  • Never open email attachments from unknown sources.
  • Never readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
  • Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into computers if their source is uncertain.


A botnet is a network of computers that have been intentionally infected with malware by cybercriminals in order to perform automated tasks on the internet without the permission (or often the knowledge) of the devices’ owners. The term is an abbreviation of ‘robot network’. When a bot penetrates a computer, its controller can assume command of the device and others in the botnet through communications channels using standards-based network protocols.

Cybercriminals use botnets to distribute spam email messages, spread viruses – including spyware, commit fraud and identity theft, attack computers and servers, and perpetrate DDoS (distributed denial of service) attacks.

You can sometimes tell if a computer has been infected if it is running slowly. If this is the case, perform scans, or if in doubt consult an IT professional.

Computers can become part of a botnet in the same ways as they are infected by any malware:

  • By opening attachments in emails which contain malware by means of a Trojan horse program. In this case, the Trojan may either delete itself once the computer is infected, or remain to update and maintain the malware modules.
  • By visiting websites which are infected with malware. This could happen by either clicking on malicious links in emails or social networking posts, or simply visiting infected sites proactively.

Peer-to-peer (P2P) – in other words spreading from one computer to another via a network, infected storage devices or on the internet

  • Your network being infected by spyware which could gain access to your data and transactions.
  • Your computers could be used for the mass transmission of spam email.
  • Your computers could be used for infecting others with adware.
  • Your computers could be used for click fraud, whereby it visits nominated websites without your knowledge to create false web traffic.

Your computers could be used in DDoS (distributed denial of service) attacks, where:

  • Multiple systems submit a substantial number of requests to a webserver in order to overload it to prevent it from servicing legitimate requests, or
  • Multiple systems bombard a victim with unwanted phone calls.


  • Choose reputable internet security software that is suitable for your organisation’s needs, ensure it is always updated and switched on.
  • Uninstall one antivirus program before you install another.
  • Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  • Do not click on links in emails or social networking posts from an unknown, suspicious or untrustworthy source.
  • Remember than emails which appear to be sent by friends or colleagues – even with authentic addresses – may be fraudulent owing to their devices having been infected by malware, or their addresses having been spoofed by criminals.
  • Take care when using USB connected devices (eg memory sticks, external hard drives, MP3 players) as they are very common carriers of malware.
  • Take care when using CDs/DVDs as they can also contain viruses.
  • Do not open any files from web-based digital file delivery companies such as Hightail (formerly YouSendIt) and Dropbox that have been uploaded from an unknown, suspicious or untrustworthy source.
  • Switch on macro protection in Microsoft Office applications like Word and Excel.
  • Buy only reputable software from reputable companies and ensure that it is always kept updated.
  • When downloading free software, do so with extreme caution.