Security Zone - Corporate

Moneycorp Bank will never ask you for the following:

• Your PIN number – whether this is the PIN for your online portal or your prepaid card, this information should always be kept to yourself and never divulged to anyone.
• Request for remote access to your device – Moneycorp staff will never request remote access to your device. Our staff will offer to help you by talking you through the steps on how you carry out a transaction or a process. Should someone purporting to be representing Moneycorp Bank (either by email or phone) ask to take control of your device this indicates that the person is not a legitimate employee and we would request you contact Moneycorp Bank customer services as soon as possible.

Moneycorp bank expects you to have the best possible banking experience and, at the same time, protect of your funds. As part of our protection here are some of the actions we may carry out:

• Validation of new Beneficiaries – When setting up a new Beneficiary we may occasionally carry out a call back to verify the new instruction. In addition, for your protection, Moneycorp Bank may also send you an SMS and/or email notification (if you have signed up to receive these) when a new recipient is set up on your account. If you receive one of these messages and do not recognise the new banking details, please contact us immediately.
• Telephone Identification – We carry out identity verification on calls to protect you and your account.
• Fraud Prevention Tools – As trustworthy and reliable banking institution we have your account security in mind, and to aid in the combat of fraud and cybercrime we have a number of systems working in the background helping to protect your money and data.

• Please ensure you keep your company’s contact details (e.g. telephone number, emails address, address) up to date, to allow us to validate and verify you quickly. Please contact customer services or your account manager to request information on how you can update these details.
• Keep all passwords, PINs and security information safe, and do not write them down or leave them in an area that is accessible to others.
• Always type in our web address (www.moneycorpbank.com) directly into your browser. Do not use links from emails or any other sites that you do not trust. Always make sure that the padlock symbol is displayed alongside our web address.
• Always verbally check bank details with payees – if an email account has been compromised (yours or theirs), you could be sending your money to a fraudster.

Taking a few extra security precautions can help secure your business, and help embed a security culture to aid in the protection of your business. Your employees are an important line of defence for your business’ finances and information, so training and awareness of fraud and cybercrime prevention for all involved with your company is very important in protecting it.

Here are some helpful hints and tips on how to stay “cyber-safe”:

• Back up all company data so it can be restored in an emergency.
• Use complex passwords – setting a more complex passwords means a fraudster will have less chance of guessing it.
• Do not repeat passwords /PINs – use different passwords and PINS for each account /website.
• If you notice any transactions on your account that do not appear to be genuine please report them immediately.
• Open Wi-Fi – Please try not to conduct financial transactions while using an open Wi-Fi network or from public computers (i.e. Internet Café's or Coffee shop’s Wi-Fi) as these internet connections may not be secure.
• Install internet security or anti-virus software and ensure that you have an active firewall.

Entrusting your money to somebody else is always a daunting prospect, and Moneycorp Bank understands how important it is to maintain the reliance that has been placed on us. Having support of Moneycorp Group, in operation for almost 40 years, we have developed a reputation as a trustworthy and reliable foreign exchange and payments specialist.

We know that security is one of the most important aspects to consider when choosing a Bank, and so if you have any questions about our business practices, please call us on +350 222 55 600 where we will be happy to address any concerns.

There are many investment opportunities out there and it can sometimes feel like navigating a minefield. Below are some helpful hints and tips on how you can protect yourself and your business from becoming a victim of investment fraud / scam:

• Un-solicited contact – Should you be contacted out of the blue with no initiation of contact on your part, always remain on guard regarding the validity of this approach.
• Application of pressure to complete – Should you feel like you are under pressure to invest immediately (i.e. invest now as this offer is only available for you for the next hour) make sure you step back from the situation and carry out all the checks you need to validate the offer prior to sending any money. Make sure you feel comfortable and not rushed before agreeing to anything.
• Advice and verification – Always seek independent advice before signing up to anything.

A Business Email Compromise is when a fraudster sends an email message that appears to come from a known source making a legitimate request. Here are some examples of suspicious requests or emails and how to approach these:  

• A supplier or vendor your business regularly deals with sends an invoice with different bank account details than normal. If you’re asked to update the bank details you have for a supplier – or if you get sent new bank details to pay an invoice – always call a contact you know at the supplier or vendor to check the request is real. Don’t reply to the email address or use the details they send you, but get in touch directly with someone you already know and trust.
• Spoofed emails address – Your supplier/ vendor email address is @ExampleCompany.com, but the email received has come from @ExampleC0mpany.com. Paying attention to small details such as this may save your business big money in the long run.
• Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
• Be especially wary if the requestor is pressing you to act quickly or asking you questions that are not in line with previous communications or the nature of the business.

Should you feel any of the above scenarios have occurred please carry out the following:

• Check whether the email compromise has come from within your company or has it originated from your supplier?
• Should it have come from within your company please make sure to –
  • Run antiviral checks on all company devices
  • Re set passwords for all systems used on your company devices
  • Check all account activities and check statements/ transactions to make sure all are correct. Should you identify any transaction that is not genuine please notify us as soon as possible.
• Should it be confirmed as coming from a supplier / vendor please make sure to act with caution when communicating with this company and double check with them that they have carried out the required IT security checks to make sure their systems are safe. In the interim period it is best practice to not communicate via the compromised channel until you are reassured it is safe.

Make sure all of the staff working with payments are aware of this type of scam.  

With the ever increasing flow of emails identifying a fraudulent one can be hard. Fraudsters use fake emails as bait to get you to either follow a link, send a payment or divulge confidential data. Always check email’s validity, especially if this is un-solicited contact which you were not expecting. The type of request a fraudster may send will vary, however they may:

• say they’ve noticed some suspicious activity or log-in attempts
• claim there’s a problem with your account and/or payment information
• say you must confirm some personal or business information
• include a fake invoice
• want you to click on a link to make a payment
• entice you to open attached files (especially *.zip or *.exe)

Tips on how to spot a non-genuine email –

• Check the email domain (part of the e-mail address after “@” sign) the email belongs to – this should align with the organisation/entity where the email is supposed to have originated.
• Check spelling and how the email addresses you – Genuine emails will nearly always be addressed to you personally and should not contain spelling/grammar errors.
• Should the email contain a link always check the URL. From a desktop device this is done by holding your curser over the link. On a Mobile device press and hold on the URL. In both cases the associated URL will appear indicating where the link will take you to. Genuine links should contain information directly relating to the sender / domain.
• Hover over the e-mail address as the actual address may be hidden behind the header / name given (no “@” visible).

Due to the level of trust put into company email communications today we all get requests to carry out actions via email without questioning them. It is this lack of questioning of email requests that the fraudsters use to try and get staff to carry out transactions or payments.

CEO or CFO fraud, also referred to as “Spear-phishing” relates to a specifically targeted email attack in which the attacker impersonates company CEO, CFO or other Senior Manager. The aim of the email is to get you to either carry out transactions/ payments or share sensitive information. Below are the two most common ways a CEO / CFO fraud is carried out:  

• Name Spoofing – This is when the fraudster uses the real name of your CEO or CFO, but uses a different email address. Frequently (but not always) the email address the fraudster uses is similar to the company domain with a slight variation e.g. A8C.com instead of ABC.com. With this type of fraud the hope is that the slight variation of the email address will not be noticed and the email will be actioned.
• Name and email spoofing – This is where the attacker uses both the CEO’s or CFO’s real name and their correct domain. In this form of the attack, the attacker typically uses a reply-to address that is different than the sender address, so that your response to the email will go to them.