At Business On Line, keeping your information secure is one of our top priorities, but there are a number of steps you too can take to protect yourself and your business. Learn more by clicking on one of the tabs below, or visit www.makeitsecure.org
- How to Protect your Online Security
Bank of Ireland Business On Line is continuously working to ensure the security of your online banking. With your help we can reduce the risk posed by online fraudulent activity. Below is a list of some simple steps to take to protect your Business On Line profile.
- Ensure that you have industry standard, up-to-date, supported and licensed anti-virus software in place.
- Always log-out of your browser after you use Business On Line.
- Do not release passwords (power-on, log-on, screensaver, Internet account, Business On Line, etc.) to anyone. Remember that you alone are accountable for actions carried out when your user identification is used.
- Separate PCs into those used for business and those that can be used for personal purposes (e.g. games, personal web surfing etc.). PCs that are used for Business On Line and other business dealings should not be used for personal purposes.
- Ensure that the operating system and other software (especially your browser) are regularly updated with relevant security patches and bug-fixes (available frequently from the vendor sites). Subscribe to your vendor’s security mailing lists and apply updates as appropriate to your operating system.
- Do not allow files to be copied from your workstation without authorisation.
- Consider the use of intrusion detection software and firewalls (personal and/or corporate), especially if your workstation is connected to an internal computer network.
- Do not open unsolicited emails (in particular, any attachments that are associated with this form of communication). Be sure of your sender.
- Do not send confidential information via Internet or email unless appropriately secured.
- Always check the validity of the certificate on a website where you enter personal details (passwords, payments etc.).
- Be wary of the content of unsolicited e-mails appearing to come from a trusted source asking you to validate your logon / payment credentials. Always check with the institution first using their pre-registered / published contact details (not details supplied in the e-mail).
- Use secure Web sites for transactions and shopping. Be sure the Web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your browser window, or the Web address of the page you are viewing will begin with “https://…”. The “s” indicates “secured” and means the Web page uses encryption. Business On Line, for instance, provides 128-bit encryption – the highest level commercially available today.
If in doubt please contact our Contact Centre on 1890 818 265 (ROI), 0345 3098123 (NI), 0345 3098124 (GB) +353 1 4606445 (International Customers). Opening Hours 8am to 6pm, Monday to Friday (excluding Bank / Public Holidays) or email us at firstname.lastname@example.org
- 3 Key Steps to Online Security
- Ensure that you have up-to-date, supported and licensed anti-virus software in place
- Consider using a personal and/or corporate firewall
- Ensure that your operating system and other software (especially your browser) are regularly updated
More detailed security steps are outlined in our “How to protect your online security” section above.
- Fake Emails and Websites
Often called “Phishing” these fake emails or websites will appear to represent a legitimate company and try to obtain confidential account details and personal information (e.g. date of birth) with a view to conducting illegal transactions on your account.
- Bank of Ireland will never send emails which require customers to send personal information via email or pop-up windows.
- Bank of Ireland Business On Line will never ask you for any information.
- Any unsolicited requests for Bank of Ireland account information you receive through pop-up windows, emails, or Web sites should be considered fraudulent and reported immediately.
How do I Identify a Fake email?
Fake emails will often:
- Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the “From” field, as this is easily altered.
- Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has expired, been corrupted or been lost, and that you must immediately resend it.
- Link to counterfeit Web sites. Fake emails may direct you to counterfeit Web sites carefully designed to look real, but which actually collect personal information for illegal use.
- Link to real Web sites. In addition to links to counterfeit Web sites, some fake emails also include links to legitimate Web sites. The fraudsters do this in an attempt to make a fake email appear real.
- Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are linked to the fraudsters. Never call a number featured on an email you suspect is fraudulent, and be sure to double-check any numbers you do call.
- Contain real phone numbers. Some of the telephone numbers listed in fake emails may be legitimate, connecting to actual companies. Just like with links, fraudsters include the real phone numbers in an effort to make the email appear legitimate.
- Fraudulent Invoice Payments
- Irish businesses are increasingly experiencing bogus invoice fraud.
- This involves creditor’s beneficiary details being fraudulently altered.
- The business is misled to believe that a beneficiary’s bank account details have been changed and so the funds are transferred to a fraudulent account.
- A number of fraud attempts have been successful as the change of details is not confirmed directly with the source supplier.
- There are various measures a business can undertake to safeguard itself against such fraud.
- For further details please see below.
There is a growing trend in Payment Fraud involving beneficiary details being fraudulently altered. This bogus invoice fraud usually involves a genuine invoice being intercepted by unknown means and the beneficiary account details are altered so that payment is redirected to an account under the Fraudster’s control. The fraud will usually be discovered when the legitimate company sending the invoice queries “non-payment”.
What Are the Tell Tale Signs?
The counterfeit invoices (and any covering letters) may appear to be printed on company headed paper but are more likely scanned copies from an original document and printed onto paper using a domestic printer so the company logo may appear less sharp and slightly blurred.
Where bank details have been replaced on an original invoice with the fraudster’s bank account details, it may be possible to compare the print against the remainder of the document to identify any alterations. In some cases where no payee account details are shown on the invoice the fraudsters have merely typed an instruction to pay funds to a particular account.
How Can You Reduce the Risks?
Although not exhaustive, some examples of action you can take to protect yourself are:
- Always confirm change of bank account requests with the Company making the change, being mindful not to use the contact details on the letter requesting the change.
- Look out for different contact numbers and e-mail addresses for the Company as these may differ to that recorded on previous correspondence.
- Consider reviewing change of account details already acted upon where payment is due at a future date and confirming the authenticity of the request.
- Consider setting up designated Single Points of Contact with Companies to whom you make regular payments.
- Instruct staff with responsibility for paying invoices to be cognisant of checking invoices for irregularities and checking out their concerns with the Company requiring payment.
- Consider setting up a system whereby when an invoice is paid you also send an email to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
- Fraudsters may have found information regarding contracts and suppliers on the victim organisation’s own web-sites. Consideration should be given as to whether it is necessary to publish information of this type in the public domain as it has been demonstrated that it can be used to facilitate fraud.
- For payments over a certain threshold, consider organising a meeting with the company who are requesting payment, and satisfy yourself that payment will be sent to the correct bank account and recipient.
- Fraudulent Pop-ups
Pop-up windows are the small windows or ads that appear suddenly over or under the window you are currently viewing. Fraudulent pop-up windows are a type of online fraud often used to obtain personal information with a view to conducting illegal transactions on your account.
Please note that Business On Line does not use pop-up windows to request your account information. We will never display a pop-up window on our site that is not user initiated by you clicking on a link.
Any unsolicited requests for Bank of Ireland account information you receive through pop-up windows should be considered fraudulent and reported immediately.
Please see our ‘How to Report Online Fraud’ section below.
‘Spyware’ is software that is downloaded onto your hard disk, without your knowledge. Once there, it can collect information from your computer system and may transmit it elsewhere. It may also gather and transmit information about e-mail addresses, passwords and online banking details.
How to recognise Spyware:
You may have contracted spyware if the following symptoms occur:
- Pop-up ads appear, even offline, often for ‘adult’ sites
- Your homepage/search settings unexpectedly change
- Your browser toolbar changes and is hard to restore
- System performance deteriorates unexpectedly
How to avoid Spyware:
- Install a reliable anti-virus application
- Ensure the application is kept up to date
- Be security conscious when surfing and downloading
- Never click “Agree” or “OK” to an unexpected pop-up or window. Instead, close the window by clicking on the “x” button on the top right hand corner of the window
What to do if you think you have Spyware:
- Install and run anti-virus software to help detect and remove any spyware from your system
- Keep it updated and use it to perform regular checks on your computer system
- How To Report Online Fraud
Call Business On Line immediately
If you receive a fraudulent email, pop-up or web page report it immediately to our Business On Line Help Desk on 0345 3098123 (NI), 0345 3098124 (GB), 1890 818 265 (ROI) or +353 1 4606445 (International Customers), between the hours of 8am and 6pm Monday to Friday. Email us at email@example.com
Do not reply or follow any of the specified instructions, regardless of how genuine they may appear.
Internet communications are not secure unless the data is encrypted. This allows for the transfer of digitally signed certificates for authentication procedures and provides message integrity, so that information cannot be tampered with in transit.