Types of IT fraud

Below you can read more about the most common types of IT fraud to which your business should pay particular attention.

  • Phishing

    Phishing

    Phishing is the term for fraudulent e-mails used by criminals to try to get recipients to disclose user names, passwords or other personal information. A fraudulent e-mail comes from a seemingly reliable sender such as Danske Bank, SKAT (the Danish tax authorities) or Nets. The message often encourages the recipient to click a link or open an attached file.

    Never click links or open files in an unsolicited e-mail without reading the e-mail carefully first. Many fraudulent e-mails use awkward and impersonal phrasing and may contain small deviations in the sender’s domain name (e.g. danskkebank.dk instead of danskebank.dk). Skilled fraudsters may, however, send a fraudulent e-mail or text message in which the name of the sender appears to be correct. Always call the sender on a main phone number if you are not sure about the authenticity of an e-mail.

  • Changes in bank details

    Changes in bank details

    This simple type of fraud may be difficult to spot because it does not set alarm bells ringing right away. The fraudster claims to be a supplier sending a seemingly harmless notification of a change in your account details.

    If you receive an e-mail concerning changes in your bank details, you should contact the supplier to get confirmation from your usual contact.

  • CEO fraud

    CEO fraud

    In the case of CEO fraud, a fraudster tricks an account assistant into transferring a large amount of money by pretending to be the CEO of the business. The assistant is asked to make the transfer quickly and discretely, and it may concern an acquisition, for example.

    The account assistant receives an e-mail in the CEO’s name, usually at a time when the CEO is away. In many cases, the e-mail is followed by a phone call from a credible person asking the assistant to speed up the payment process.

    In the most skilled instances of CEO fraud, fraudsters hack into the CEO’s e-mail account. As a result, they are familiar with the CEO’s language and know what is going on in the business. In other cases, fraudsters purchase a domain name that is very similar to that of the business.

    You can prevent CEO fraud by introducing procedures for money transfers when the CEO or other senior staff members are away. We also recommend that you always call the sender of the e-mail on the phone number that you normally use.

  • Invoice scams

    Invoice scams

    Many businesses receive invoices for goods or services they never purchased in the first place. These are typically invoices for small amounts, and it allows them to slip through the system more easily without anyone questioning their authenticity.

    You can reduce the problem of invoice scams by having clear guidelines on how to handle manual payments. We also recommend using an automated payment system and thus keeping the number of manual payments to a minimum.

  • Malware

    Malware

    Malware is a term that refers to small, concealed, self-installing programs. The programs are typically distributed through files that are downloaded or copied from websites or infected devices such as USB sticks and external drives. A fraudster can gain full control of a computer, mobile phone or tablet that has been infected by malware. This enables the fraudster to copy logon details for the business’s online banking solution and all other data on the device in question.

  • Ransomware

    Ransomware

    Ransomware is a new type of malware that is becoming increasingly common. Ransomware blocks the access to selected files or entire hard disks until the business pays a ransom to the fraudster.

    It may have serious consequences for a business to be without access to vital business data, so it is important to regularly back up data and to store backup copies offline and under secure conditions. We also recommend limiting the number of employees authorised to install programs.