This page is not available in your selected language. Your language preference will not be changed but the contents of this page will be shown in English.
Julius Baer continuously assesses the level of fraud risks and identifies relevant attack vectors and emerging crime threats and trends. Based on our assessment, we continuously adapt our risk framework in order to minimise the risks for our clients, partners, employees, and the bank. In the following, you can find 12 of the most common modi operandi and useful recommendations on how to protect yourself.
Social engineering attacks take advantage of people’s helpfulness, credulity, or lack of self-confidence in order to, for example, gain access to confidential data or to prompt them to perform certain actions.
The word phishing is a contraction of the words ‘Password’, ‘Harvesting’ and ‘Fishing’. Fraudsters phish in order to gain confidential data from unsuspecting internet users. This may, for example, be access to e-mail account data, online sales platforms or internet banking.
Common investment scams may include lucrative investment opportunities such as shares, bonds, cryptocurrencies, rare metals, overseas land investments, or alternative energy. Fraudsters often pretend to be from reputable financial institutions by misusing the brand, setting up fake websites and e-mail accounts, and creating false documents.
Business e-mail compromise (BEC-/CEO-Fraud)
Business e-mail compromise or transfer fraud is a type of scam where fraudsters search for existing electronic invoices in compromised e-mail accounts of individuals or company employees, or accounts of an online collaboration platform, give them a different IBAN and resend them.
So-called “CEO fraud” is an unscrupulous scam tactic. It involves company employees with direct payment authority receiving an e-mail from one of their superiors asking them to initiate a payment to a certain recipient as soon as possible. In reality, though, the sender address is faked, with a fraudster hiding behind it.
Fake news (COVID-19)
‘Fake news’ fraud is nothing new. Dis-information is false information shared with the explicit intention to deliberately mislead its audience. Fake news is distributed to lure us in and encourage us to click on malicious links or even call the fraudster directly. This kind of news has become even more popular during the pandemic due to the increased need for information.
Supply chain & third-party fraud risk
The diversified supply chain that characterises the technology industry today provides new opportunities for threat actors to take advantage of these complex systems and exploit the multiple vulnerabilities introduced by a heterogeneous ecosystem of third-party providers. The idea is that key suppliers or vendors of a company or clients may be more vulnerable to attack than the primary target, making them weak links in the target’s overall network.
SIM swapping is a new trend. This modus operandi has received considerable attention recently, with law enforcement agencies noticing a significant rise in cases in the EU. SIM swapping is a type of account takeover and refers to the circumvention of SMS-based two-factor-authentication to access sensitive user accounts. Criminals fraudulently swap or port the victim’s SIM to one in the criminal’s possession in order to intercept the one-time password (OTP) step of the authentication process.
Similar to SIM swapping, SMishing has seen an increase recently. SMishing is a portmanteau of ‘SMS’ and ‘phishing’, and generally refers to the misuse of SMS, but increasingly also of instant messaging apps like WhatsApp, as an attack vector for stealing sensitive data such as access data, passwords, credit card details, and account information. The fraudulent message will typically ask you to click on a link or call a phone number in order to ‘verify’, ‘update’, or ‘reactivate’ your account. However, the link leads to a bogus website and the phone number leads to a fraudster pretending to be the legitimate company.
Remote/teleworking support scams (vishing)
Many financial institutions have recently been facing a strong increase in ‘teleworking support scams’, whereby the fraudster pretends to be from the IT support team of the bank and asks for remote access to a person’s IT infrastructure at home. The attack is combined with fraudulent e-mails containing malicious links. Fraudsters want the victims to click on their links. Malware is subsequently installed on their computer. The same modus operandi can be used to get the credentials to e-banking accounts (vishing = voice phishing).
Ransomware (also known as encryption trojans or blackmail trojans) is a specific family of malware, which encrypts data on the victim’s computer and on network shares, thereby making the data unusable for the victim. The ransomware subsequently displays a ‘locked screen’ requesting that the victim pay a specific sum in the form of bitcoins (internet currency) to the attackers so that the data can be decrypted.
As the popularity of internet shopping and online auctions grows, so the number of complaints about transactions is increasing. Some of the most common complaints involve:
- buyers receiving goods late, or not at all
- sellers not receiving payment
- rented apartments, holiday homes do not exist
- buyers receiving goods that are either less valuable than those advertised or significantly different from the original description
- failure to disclose relevant information about a product or the terms of sale.
If you are a victim of shopping or auction fraud, the most immediate problem is that you have no real prospect of returning the goods or having your money refunded. After this, there is a risk that your identity details could be compromised. Fraudsters could steal your identity and use it to access your personal finances or obtain goods or finance from alternative sources.
Each year, millions of elderly people fall victim to some type of financial fraud or confidence scheme, including romance, lottery, and sweepstakes scams, to name a few. Criminals will gain their targets’ trust and may communicate with them directly via computer, phone, and the mail; or indirectly through the TV and radio. Once successful, scammers are likely to keep a scheme going because of the prospect of significant financial gain.
It is common knowledge that almost 95% of fraud attacks start with a suspicious call or e-mail or a combination of both. Fraudsters try to lure you in with appealing stories and hope for a human error!
General recommendations to keep in mind
We encourage our clients to keep the following in mind:
- Be critical if you are confronted with unusual e-mails or phone calls.
- Don’t let anyone push or rush you into acting under pressure of any kind.
- Interrupt communication immediately in the case of a suspicion.
- Don’t click on links in suspicious messages – not even out of curiosity (e.g. e-mail, SMS, chats). Otherwise, you risk infecting your device/computer with malware or being diverted to dubious websites.
- In case of doubt, contact the supposed sender using the contact details you already have or those indicated on the sender’s official website, to check with them what exactly the message is about and whether or not it actually comes from them.
- Remain vigilant if you receive suspicious calls/requests that are allegedly from Julius Baer. Keep in mind that we never ask you for identifying data or login credentials via e-mail or phone.
- Conduct call-backs to your vendors, suppliers, or partners (e.g. in the case of suspicious invoices or sudden changes to beneficiary accounts).
- Be aware that even some of the apps available might not be the official ones. Be discerning when choosing your service apps and only download them from the official stores.
- Frequently check your financial statements.
- Carefully check the authenticity of systems, websites, and documentation before
- beginning to interact (including providing sensitive information) and/or
- relying on them. We recommend contacting Julius Baer via its official website www.juliusbaer.com. In case of doubt or before taking any material action, we recommend independently verifying the authenticity of any information relating to Julius Baer.
- If you are concerned that you may have disclosed your personal information or have conducted any financial transactions through e.g. a fraudulent website allegedly linked to Julius Baer, you should immediately contact Julius Baer at firstname.lastname@example.org and the competent authorities.
- Report suspicious calls/e-mails or any other unusual request to your local authorities, regulator and/or national cyber security centres (see a list of selected links below).