Common types of fraud
The common types of fraud introduced on this page can impact individuals and companies, leading to damaged reputations, financial loss, and wasted time for you, your users, and Swan.
While the potential types of fraud seem endless, this page explains certain types to which Swan users might be more vulnerable. Please review this page thoroughly, including the tips to combat against each type of fraud. Additionally, make sure to read the fraud protection page, covering how Swan protects you and your users and how to prevent, react to, and report fraud.
Visit Swan's Trust Center for live information about Swan's security. Understand security measures in depth, review policies, and find answers to frequent security questions.
Account takeover (ATO)
ATO fraud occurs when fraudulent individuals gain control of a victim's payment account, and then use the account to perform unauthorized actions.
- Keep account login information secure.
- Use strong, unique passwords and passcodes.
- Don't share account details by email, phone call, or text message.
- Set up multi-factor authentication (MFA) or two-factor authentication (2FA) as an extra layer of security in case credentials are compromised.
- Only access the account from trusted and secure networks.
Card
Those committing card fraud steal virtual card details, such as card numbers and card verification values or codes (CVVs or CVCs), or actual physical cards. Then, they use that information to make payments online or by phone, where the purchaser's physical card or presence isn't required.
Types of card fraud include remote purchase fraud, card not present (CNP) fraud, and any activity with lost, stolen, or misplaced cards.
- Only enter card details on websites with a secure connection.
- Only enter card numbers and security codes into fields designed for those numbers. Don't enter card details in free-text fields, which are open for any type of text input.
- Block (cancel) lost or stolen cards immediately. If you use Swan's Web Banking, send your users the Support Center article about blocking cards.
- Prioritize issuing single-use virtual cards for non-recurring online payments because these cards are more difficult to use fraudulently.
Chief Executive Officer (CEO)
CEO fraud is a cybercrime where individuals impersonate a company's CEO or other top executive. It's a type of authorized push payment (APP) fraud and also known as business email compromise (BEC).
These individuals send convincing emails to company employees that seem to require immediate and urgent attention. In the email, they might ask the employee to transfer funds, provide access to secure portals or documents, or otherwise reveal confidential information about the company.
Consider the following example of a CEO phishing attack:
Subject: Urgent financial matter (confidential)
Hi Alex,
There's been an urgent development and we need to pay an invoice immediately. I'm in a critical meeting and can't send this transaction myself. Could you please handle it right away?
includes transfer details
Let me know when it's done.
Thanks,
Jules
CEO, MyBrand
- Confirm the email address. Is there a spelling error or typo in the executive's name? Are there extra characters, letters, or numbers in the domain name?
- If you've received other emails from this executive, does this email look like the others? Are there slight differences in style, spacing, and voice?
- Even when a request comes from an executive, never bypass established security measures.
- Contact the executive using another established channel. If you received an email, for example, try calling them or sending them a direct message on the company's messaging platform.
Invoice and billing
Invoice and billing fraud involves the use of fake invoices to trick companies.
Fraudulent individuals might send companies fake invoices that appear to be from the company's regular suppliers. These invoices often look authentic, complete with logos and other details. However, the bank account details included on the invoice belong to the fraudulent individuals rather than a legitimate supplier.
- Establish and respect rigorous processes, including purchase verification systems, payment validation processes, transaction verification methods, and more.
- Regularly verify supplier credentials.
- Maintain strong, direct lines of communication with suppliers, and contact the supplier directly in case of suspicion.
Phishing, vishing, and smishing
Phishing, vishing, and smishing involve fraudulent individuals impersonating legitimate organizations, such as companies or governmental agencies, contacting you by email, phone, or text message. All three are types of authorized push payment (APP) fraud.
- Phishing → email
- Vishing → phone call
- Smishing → text message
They attempt to steal sensitive information, including user names and passwords, government ID numbers, financial information, and more. These emails, phone calls, and text messages can be quite convincing. For example, email and text messages often link to websites that look almost identical to an organization's real website.
- Don't provide information or funds urgently.
- Contact the organization directly using a different communication channel to ask them about the suspicious message. For example, if they contacted you by phone, send an email. If you received a text message, call them.
- Check links before you open them. Is there a spelling error or typo in the domain name? Are there extra characters, letters, or numbers in the link?
- Open websites directly in your browser instead of clicking links included in an email or text message.
- Set up multi-factor authentication (MFA) or two-factor authentication (2FA) as an extra layer of security in case credentials are compromised by an attack.
Report fraud
If your users are victims of fraud with their Swan payment accounts, they must file a fraud dispute with Swan. You can also alert Swan to suspected fraudulent activity.
Reporting fraud to Swan is urgent and mandatory.
Swan processes fraud disputes based on criticality. All fraud disputes are analyzed, but they're not all accepted. Swan responds as quickly as possible.
Share the dedicated Support Center article to help your users file their fraud dispute: