Latest fraud announcements

Attention – Vishing attacks targeting UK Banks

A number of Impersonation Scams are being reported whereby customers are being contacted by fraudsters purporting to be a member of Barclays staff.

The fraudsters are advising that a Barclays member of staff is being investigated for amending payment details once they have been submitted on Barclays.Net. Customers are being asked to submit payments so that Barclays can monitor for any amendments. 

The fraudsters are using certain names of Barclays staff and are spoofing a Barclays telephone number advising customers to check the number they are calling from on the Barclays phone checker online. 

Remember:

• Barclays will never instruct you to move money from your account, or provide bank details for you to send payments to
• Do not assume a caller is genuine because they have some basic information about your account
• Don’t always trust caller ID it can be spoofed
• Always confirm verbally with a known contact before changing any payee bank details.

If you receive a suspicious call, please ensure no payments are made and inform the Barclays Fraud Team on 0330 0582920, lines are open 24 hours a day, 7 days a week.

Published (17 January 2020 12:00)

Attention: Threat to Client Email Accounts

In recent years, the adoption of cloud based email services has rapidly expanded due to the inherent benefits of cloud infrastructure. This in turn has been recognised by cyber criminals as an opportunity to facilitate fraud by compromising the email accounts of legitimate businesses and using existing email conversations (Thread Hijacking) to perform CEO Fraud, also known as Business Email Compromise fraud (BEC).

Cybercriminals use a number of methods to compromise cloud based email accounts:

• Compromised credentials and personal information is either purchased on criminal and underground forums, or obtained via well-crafted phishing emails sent to victims. 
• The information is then leveraged to obtain access to a cloud based account.
• Compromised email conversations are used to further exploit the trust in communications, and distribute phishing and Malware.

The attackers will observe email communication to build insight on how a business operates and identify opportunities to exploit the current business process, in order to re-direct funds to accounts that they control (BEC). 

The methods adopted by criminals vary but commonly include:

• Change of beneficiary accounts on invoices.
• Purchase of goods and change of delivery addresses or interception of deliveries.
• Bank transfers.

Compromised accounts that do not have the potential for financial gain, or the opportunities for such have been exhausted, are utilised to further distribute phishing and Malware.

What can clients do to help protect themselves?

• Enable two-factor authentication on cloud based services – some companies such as Microsoft offer a built-in option.
• Do not use the same passwords on multiple services.
• Do not use easy-to-guess password patterns.
• Be alert to cloud-themed phishing emails especially when they require unexpected password re-sets or log-ins - even in cases where two-factor authentication is enabled.
• When using web-mail portal make sure the genuine company/service URL is used to login.
• Use alternative means to verify requests to change sensitive data via email regardless of its source.
• Use endpoint security to protect against malicious email attachments. 

Published (02 December 2019 10:00)

Attention all Users of Barclays.Net – Vishing attack targeting UK Banks

Vishing is where a fraudster calls a client pretending to be from their Bank, asking them to make payments or to move funds to protect them from a Malware attack. Highly organised criminals have been contacting clients purporting to be from Barclays. They explain that they need to submit some payments as a result of the client being infected with a virus or Malware.

The fraudsters can manipulate the caller ID system to show a legitimate Barclays number (or any other bank). You should never rely on caller display to verify the identity of a caller.

Always remember! Barclays will never ask you to allow remote control of your PC, or instruct you to make any kind of payments verbally over the phone. Please also watch our Vishing Fraud Awareness Video (opens in anew window) for further information on best practice.

Published (02 July 2019 10:00)

Attention: Update on Trickbot malware attack method using Ryuk ransomware

Recent Trickbot campaigns involved mass distribution of emails purporting to be from HMRC, Companies House, Financial Institutions and accounting firms and contained attachments which when opened downloaded and infected computers with malware. Once the infection is completed, the malware uses a Windows network protocol called Server Message Block (SMB) to search for other computers on the local network and attempts to spread and infect these additional computers.

The malware also has the capability to steal information from victim browsers, email accounts and to provide an attacker with remote access to the infected machine.

There are now reported cases of Trickbot being used to deliver a highly targeted ransomware known as Ryuk. This encrypts all files, backups and shadow copies on the network, and is accompanied by a ransom note demanding payment in Bitcoin for the files to be decrypted, or risk the files being deleted.

Due to the fact that both Emotet and Trickbot are able to propagate and infect other computers, or even domain controllers, within a Windows domain, the attackers behind Trickbot are then able to distribute the Ryuk ransomware to many/all systems within a targeted Windows domain.

Customers can help protect themselves by ensuring that all their computers are regularly updated with the latest Windows security updates, by installing Anti-Virus software on all computers in their network. Using complex, non-repeated passwords and ensuring that users are aware of the dangers of opening unsolicited emails/attachments is also strongly advised.

Customers should also be vigilant and report any issues, unusual screens or messages at the point of login to the Corporate Fraud team.

In the case that a ransomware does infect your system(s) do not pay the ransom. It only encourages and funds the attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files. It is most important to have a recovery system in place so a ransomware infection can’t destroy your data permanently should it get through.

It’s best to create two back-up copies of your files: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, stand-alone PC/laptop etc.). Disconnect these from your network when you are done. Restoration of your files from a backup is the fastest way to regain access to your data. Please report any cases of Ransomware to the Corporate Fraud team and to ActionFraud.

Published (19 December 2018 15:00)

Attention – Known phishing attack targeting UK banks

Phishing is where a fraudster emails a client pretending to be from Barclays or another trusted source. We are aware that highly organised criminals have been emailing clients purporting to be from Barclays requesting attachments to be opened. By doing this they are able to download malicious software and gain access to your PC to steal information, download a virus or attempt to make payments.

Remember – Be aware of unsolicited emails - Do not click on links or open attachments from senders you are unsure of. Also ensure you have Anti-virus protection installed on your computer/mobile.

If you’ve received a suspicious email that claims to be from us, please forward it to internetsecurity@barclays.co.uk and then delete the email immediately.

For further information of fraud types, please see our series of short videos (opens in a new wndow).

Published (16 April 2018 12:00)

Attention all Users of Barclays.Net – Vishing attack targeting UK Banks

Vishing is where a fraudster calls a client pretending to be from their Bank, asking them to make test payments or to move funds to protect them from a Malware attack. Highly organised criminals have been contacting clients purporting to be from Barclays. They explain that they need to submit some test payments as a result of the client being infected with a virus or Malware.

The fraudsters can manipulate the caller ID system to show a legitimate Barclays number (or any other bank). You should never rely on caller display to verify the identity of a caller.

Always remember! Barclays will never ask you to allow remote control of your PC, or instruct you to make any kind of payments verbally over the phone. Please also watch our Vishing fraud awareness video (opens in a new window) for further information on best practice.

Published (09 May 2017 14:45)

Are you the weakest link? New malware attack targeting UK businesses

A new threat is emerging where fraudsters are using malware to remotely access accounts packages to edit stored beneficiary details. By editing the beneficiary account details, fraudsters are able to redirect regular payments. The attack works as follows;

Step 1: Fraudsters use malware to remotely access your accounts package and edit existing beneficiaries. They then wait for you to complete the following steps;

Step 2: A supplier or salary run is then initiated in the accounts package by a genuine user to pay legitimate invoices or salaries

Step 3: The payment file is created by the accounts package, now using the amended account details of known beneficiaries

Step 4: A genuine user then imports the file and authorises the payments, only checking the file total rather than checking the beneficiary account information.

Please ensure you verify the details of the payment before importing the file and approving in Barclays.Net – preferably by at least 2 people. Please also take extra care when opening unexpected emails and do not download any attachments unless you are confident they are safe.

Barclays.Net can also offer protection against this type of attack by validating imported payment files against a pre-authorised library of beneficiaries. That way if beneficiary account details have been amended, Barclays.Net will reject the file on import. Beneficiary validation of imported files is enabled within the Admin menu under Service Management. Please refer to Page 2 of Importing Payments User Guide, found within the help section of Barclays.Net, or contact us.

Published (07 Mar 2017 15:30)

Attention: Beware of known malware threat

A known malware threat is targeting users of Smart Cards by offering an update to the eSigner software.

Fraudsters are trying to trick users into approving fraudulent transactions, by using known malware. The malware tries to trick users by offering an update to the e-Signer software using a pop-up window currently entitled ‘Install Shield Wizard Update’. On selecting ‘Next’, the user is prompted to enter their Smart Card and PIN to begin the download. On doing so, the user is unwittingly approving fraudulent transactions.

Please be aware that Barclays or the eSigner software will never offer automatic updates in this way and any such pop-up window is fraudulent. If you are prompted to update eSigner software in this manner, remove your Smart Card immediately, disconnect the infected machine from the network and contact us immediately for additional support.

Always remember, you will only ever be prompted to enter your Smart Card and PIN when logging in, authorising a payment or approving an administrative change. If you see any other unusual or blank screens, please contact us.

Published (07 Mar 2017 15:30)

Important Update - Beware of invoice & impersonation fraud

If a supplier sends you a notice saying its bank account details have changed, or you get an email purporting to be from your business’ senior management requesting a payment be made to a new beneficiary, we strongly recommend you confirm these details face-to-face or verbally via a phone number you know and trust before making the payment.

In line with industry practice and the Payment Service Regulations, payments are made on the basis of the account number and sort code you quote in an instruction only, and not the account name. Account names frequently change and it is your responsibility to confirm the account number and sort code are correct.

To help protect you and your company against the latest scams, Barclays has produced a new short video to raise awareness on these latest trends. This is the latest release in our series of videos to help keep you safe from fraud which can be viewed below and should be viewed again periodically.

View fraud prevention videos (opens in a new window)

Published (07 Mar 2017 15:30)

Important Update – Beware of Cheque Fraud

We have recently seen cases of cheque fraud, whereby the fraudster pays for goods and services with a cheque that has subsequently been returned unpaid. Always check the status of your payments and never make a payment, issue refunds, or release products against uncleared funds. Do not be fooled by the notes in the payment narrative box – fraudsters are entering references such as BACS or CHAPS into this narrative, so at a glance, the payment doesn’t look like a cheque.

To find out how you can customise your Barclays.Net Balance Summary Page to view the Cleared for Fate Balance and Ledger Balance, please login to Barclays.Net and view the “Reporting: Cash Statements Guide” under the Help Section.

Please also watch our Video on how to combat cheque fraud (opens in a new window).

Published (14 Dec 2016 12:55)

New malware threat – Keeping safe online

A new variant of malware has been detected targeting users of internet banking. The malware tries to trick users into entering their Smart Card and PIN to perform ‘additional security verification’. We would like to assure clients that no new verification steps have been introduced and any new screens asking for such information should be treated as fraudulent. If you notice any unusual behaviour while logging on, authorising payments or approving administrative changes, please remove your Smart Card immediately and contact us.

We would also like to assure clients that press reports of cyber-attacks on UK financial institutions are unrelated to this notification. To keep safe online please view our Insight & Research pages (opens in a new window) for further information.

Published (07 Nov 2016 15:05)

Use of security patched browsers

To provide the most secure electronic banking experience Barclays would like to remind all of our clients to ensure you comply with the Barclays.Net security obligations. This means ensuring Barclays.Net is accessed via an internet browser that is security patched by the vendor and the link below provides further information on why this is necessary. This is a Cyber Essentials and IASME certified organisation and is also backed by HM Government: https://www.getsafeonline.org/index.php/protecting-your-computer/software-updates/^ (opens in a new window).

“Not keeping your software up to date can result in serious issues. These include Viruses, spyware and other malware; Cyber-criminal attacks; Crashing, freezing and generally poor performance.”

For more information around supported operating system and browser combinations please view our hardware and software guide.

Published (29 Jul 2016 15:30)

Latest update - fraudulent emails

We understand that a number of our customers are receiving fraudulent emails purporting to come from a Barclays email account. These emails contain attachments that are used to install a Trojan to provide an entry point for a hacker to access your computer, and refers to a successful transaction. If you have received this type of email, please delete immediately without opening it. If you have inadvertently opened the email and its attachments, the PC should not be used at all and disconnected from any network immediately.

You should seek professional assistance in having the PC completely formatted and re-built to fully ensure that the malware has been removed from the PC.

Remember, you should never open emails or attachments that you do not recognise, do not believe you have requested, or do not believe refers to you.

If you have any concerns that you have received such an email or haven’t received a response to an email you have recently sent to us, please contact us by phone.

Published (03 Mar 2014 17:30)

New Fraud information - Attention all payment users/authorisers

We are aware that the criminal gangs who are targeting customers of banks across the globe are also trying to trick authorisers into authorising fraudulently input payments on internet banking systems. The use of dual approval for payments and administration changes – which we recommend you implement – will help prevent fraud taking place, but only if each authoriser determines payments are genuine. It is your responsibility to ensure that all payments you authorise are genuine. We strongly recommend that you fully check all the payment details (including amounts, beneficiary name and bank details) before you authorise the transaction.

As a reminder, these criminals want to infect your computer with an advanced virus that enables them to steal your login details, before taking remote control of your computer and emptying out your bank account(s). Therefore please take extra caution when opening unexpected emails and do not download any attachments unless you are confident they are safe.

Make sure you comply with your security obligations set out in the Security User Guide PDF† (312KB) (opens in a new window). Each of these obligations creates an additional layer of security. Failure to comply with any of these security obligations increases your risk of incurring unauthorised transactions.

Please note:

• Never leave your smart card inserted in your card reader when you are not signing a payment or performing an administration change. Always remove it, keep it secure after use, and keep your PIN secret
• Never log into Digital Channels on a computer that does not have up-to-date anti-virus software or a firewall. If you are not sure whether your computer has up-to-date anti-virus software or a firewall, contact your IT department before logging in
• We strongly recommend that you use dual approval for payments and administration changes (one user to input, one user to approve). Please contact the helpdesk if you require assistance in setting this up.

Published (06 Feb 2014 18:30)