Article

18.04.2016

Half of Belgian businesses have inadequate security against cyber-attacks

From the Global Information Security Survey it appears that 1 in 2 Belgian companies does not feel able to track down sophisticated cyber-attacks.

The annual Global Information Security Survey looked at the cyber security of 1,755 organisations from 67 countries, including 56 from Belgium. The results from our country are, to say the least, alarming: half of respondents do not currently feel able to detect a sophisticated cyber-attack, while according to 88% the architecture for securing information does not fully meet the needs of their organization.

The respondents are most concerned about cyber-attacks by criminal organisations (54%), hacktivists (54%), hackers working solo (53%) and – surprisingly – their own employees (40%). Phishing and malware are also high on the list of potential threats.

Five to midnight

Although the respondents realise that cyber fraud is becoming ever more sophisticated and that danger lurks around many corners, less than half have a team for system security. The reason is simple: the vast majority of respondents admit they have no qualified employees available and/or find it difficult to attract people with the necessary skills.

27% do not analyse any cyber threats, while 21% do not even have any identity and access management. In other words, the door to the digital world is wide open to a whole host of trouble. Modernisation of security is therefore urgently needed.

(Source: EY and De Tijd)

Article

18.04.2016

How do fraudsters operate? A summary of the most common techniques

Organised and professional fraud have not only become more common, the approach of fraudsters is also increasingly subtle, bold and sophisticated, particularly if they are targeting organisations' financial transactions.

They mostly use (a combination of) the following techniques:

Fake or forged transfers

This technique means that the fraudsters send fake "manual" transfers, i.e. paper transfer forms, letters or faxes, to their target's bank. The signatures on these payment orders tend to be perfectly recreated and can barely be distinguished from the original.

Forged invoices

In this case real invoices are intercepted and forged before they reach the debtor or the bank. This takes place at the postal service or at the organisation itself in cases of internal fraud.
The fraudsters then change the beneficiary's account number. For invoices this is often done with a sticker asking you to make your payment to a new account number from now on – hence the name "sticker fraud" – but nowadays devices or software are also used to create near perfect forgeries.

Social engineering and phishing

This form of fraud is based on manipulation: the fraudsters try to mislead their victims by urging them to perform certain transactions, usually involving the transfer of money. To make their orders seem real, they first collect names, direct telephone numbers, account balances, order or customer lists, etc.
This data is usually gathered from public websites or social media or even by retrieving non-shredded documents from bins. However, sometimes the fraudsters also contact the victim directly. They do this in an exceptionally convincing way, for example by pretending to be a member of the management or a colleague from a foreign branch. This type of fraud often results in heavy losses that are sometimes accompanied by extra damage in terms of solvency and the capacity to pay back loans.
Phishing is a specific sub-form of social engineering used by criminals to "fish" for personal data, mainly by e-mail, that enables them to steal money from a bank account at a later stage. This is often done by inspiring a "feeling of fear": they claim that your PIN code has expired or that your account will be closed if you do not respond immediately. In order to increase the fraud's chances of success, the criminals often call the victims in order to "guide" them (also called "vishing").
Whereas phishing is mainly known through mass mailings – a large group of people will receive the same, often rather amateurish personalised e-mail – we have now also noticed a shift in direction towards "spear phishing". Spear phishing means that the fraudsters focus on a very limited number of victims, after they have gathered as much personal information as possible in order to make their message as plausible as possible. These victims are obviously a "lucrative" target for the fraudsters: with affluent private individuals or companies, the loot is often much greater

Hacking

Whereas social engineering is mainly based on human shortcomings, hacking focuses on technical or material shortcomings. It all starts with a virus that hackers smuggle into your computer. This program collects your data and observes what you are doing. When you open an online banking session shortly afterwards, the hacker is informed. They can then make a pop-up appear on your screen urging you to confirm a payment order or enter your secret code, for example.
Nowadays hackers also increasingly commit multi-channel fraud, during which they call you during your online banking session to request confidential information.

Infiltration

A number of recent fraud cases show that a new and particularly alarming fraud technique is on the rise. An accomplice of the fraudsters seeks employment with the targeted organisation and becomes familiar with the payment and monitoring procedures. After a few months, this "sleeping fraudster" will carry out one or several large transfers to the fraudsters' account and disappear into thin air.

Article

18.04.2016

Stop fraudsters in their tracks

Fraud is certainly not something that only happens to other people. It is therefore imperative to give prevention the time and attention it deserves. With some relatively small actions, you can considerably reduce the risk of becoming a victim of fraud. And of course, you are not alone in the struggle against fraud!

What is being done by your bank?

Just like fraud itself, fraud control has also become a fully-fledged specialisation. BNP Paribas Fortis is strongly committed to fraud control and makes the necessary resources available in this respect. A whole series of systems and measures have already been introduced to stop these professional fraudsters in their tracks:

  • Prevention through permanent training for the bank's employees and internal and external communication;
  • Inspection and tracking systems to detect any abnormal transactions, even if the payment seems perfectly fine (correct channel, correct signatures, etc.). Your relationship manager may have already contacted your company to have a transaction confirmed.
    A lot of attention is also paid to tracking and eliminating so-called "money mules". intermediaries who make their bank account available (either unwittingly or maliciously) to criminals in order to transfer stolen money abroad;
  • Analysis and improvement systems used in cases when fraud unfortunately occurred or new fraud techniques or trends are surfacing.

These resources are certainly not watertight, but they make it possible to reduce the risk substantially. The bank also deploys specialists who are fully committed to fraud detection and prevention. They also conduct in-depth investigations into fraud incidents, file claims with the police and take the necessary measures to protect and recover any embezzled money.

Which measures can you take?

1. Thorough information, the basis of an effective prevention policy

  • Explain that this risk exists and that your employees should consider all forms of information as tangible company assets – there is no such thing as "innocent" data.
  • Encourage them to critically investigate and to report any questions deviating from the normal state of affairs.
  • Work on developing a monitoring culture within the workplace. This does not need to affect a serene working atmosphere or trust between colleagues however.
  • Be wary of any change of habits in your customers or suppliers. For example, if you are asked to make an invoice payment to an account abroad although you usually make your payments to a domestic account, this could indicate that something is wrong. Be sure to check this with your customer or supplier through known, reliable communication channels.

2. Protect your IT systems

First of all, some nuance is warranted: despite reports in the press about hacking and other fraud attempts, PC banking Business, Connexis and Isabel are still by far the safest channels for your financial transactions. However, we recommend you observe the following rules:

  • Install an anti-virus program and a firewall on your computer and update these systematically.
  • Do not respond to any questions by telephone. Your bank will never ask you for a code or any confidential information by telephone.
  • Only open the PC banking Business or Isabel session. In other words, make certain that other websites are never active.
  • Only sign the transactions that you were expecting or that you entered yourself with your electronic codes. If in doubt, stop the current transaction immediately.
  • Do not click on links to the bank's website, particularly if they have been sent by e-mail. Always type the URL yourself.
  • Take the time to establish whether any suspicious transactions were made, such as transfers to unknown or foreign accounts.

3. Do not allow any phishing for your data

All in all, phishing is relatively rare. Nevertheless, you may suddenly receive an e-mail that looks exactly like a message from your bank. Remember that your bank will never ask you for any personal data by e-mail (or telephone). If you do receive such a request, it will not be from the bank.

Other possible indications are poor language in the message, an incorrect salutation or the fact that the mail ended up in the spam folder. We recommend you mark a phishing e-mail as "unwanted e-mail" in your e-mail application. You can also report the offence to your internet provider, so the sender can be blocked.

4. Block fake paper transfers

If you are a frequent user of electronic banking, you can ask your relationship manager to block your accounts to limit the risk of fake paper transfers. Of course, this does not mean that all transactions are automatically stopped!

However, when BNP Paribas Fortis receives a manual payment order for one of the blocked accounts, our systems will automatically refuse the transaction and inform your relationship manager, who will contact you to verify whether this transaction can indeed be executed.

If you are unable to use your electronic banking channels and you need to switch to paper transactions because of a computer problem, for example, all you need to do is inform your relationship manager.

Remain vigilant

Your relationship manager is in contact with the anti-fraud teams and receives regular training in this regard. Together we watch over your interests, the security of your funds and your transactions. If you are in doubt about a transaction or if you have noticed something suspicious, please inform your relationship manager. Respond as soon as possible. It is the only way to recover some or all of the embezzled funds.
Article

18.04.2016

What to do in case of fraud?

Who can you contact when facing a case of fraud?

You received a suspicious e-mail, which you did not respond to

Forward the suspicious e-mail as an attachment to our specialists at phishing@bnpparibasfortis.com. They will try to eliminate the fraudulent website as soon as possible.

You shared an electronic signature or other confidential information (by telephone or on a website), you entered information into suspicious screens in PC banking or you clicked on a link in a suspicious e-mail.

Please contact our Help Desk.

  • PC banking/PC banking Pro +32 (0)2 228 08 88
  • PC banking Business +32 (0)2 565 05 00
  • Central Competence Centre Connexis +32 (0) 2 228 47 77
  • Isabel +32 (0) 2 404 03 35
  • Isabel (BNP Paribas Fortis) + 32 (0) 2 565 28 34  

Please contact your relationship manager immediately.

You are facing a different type of fraud

Please contact your relationship manager immediately

Do you have any further questions about how you can actively protect yourself against the risk of fraud?

Discuss them with your relationship manager. They can give you formal advice in person or appeal to the bank's specialists to discuss the specific risks for your organisation (in terms of your payment services or financial products, for example).

Article

08.03.2024

Has your company also locked in its energy prices?

The price of energy has experienced both high highs and low lows in recent years. This yo-yo behaviour is a worry to many entrepreneurs. Once again, BNP Paribas Fortis is here to offer you stability.

Controlling the price of energy: it’s an issue that’s almost impossible to avoid, or one that has been a recurring concern in your company over the past few years? We come from a time when energy prices were very volatile, with both high highs and low lows. These fluctuations have worried many entrepreneurs and, in some cases, caused huge additional costs. There is, however, a less well-known way for entrepreneurs to carry out risk management in this area. BNP Paribas Fortis is here to advise you.

Pendulum movement

Energy prices have been on a volatile ride in recent years. After the invasion of Ukraine, they rose to unprecedented levels. Gas prices rose to EUR 300 per MWh, while in previous years they had been around EUR 10-15 per MWh. Electricity prices rose to over EUR 600 per MWh. In previous years, the price was barely EUR 50 per MWh.

Crisis management

"As a result, BNP Paribas Fortis has received an increasing number of enquiries in recent years from companies looking to financially lock in their energy prices. Typically as a company you pay a variable price to the energy supplier. While you fix the price with the bank via a financial swap. Such financial swaps are also used to hedge other commodities (metals, oil products, etc.)." 

Mattias Demets, Commodity Derivatives Sales at BNP Paribas Fortis

The energy crisis of 2022 sent shock waves through the economy. Especially in energy-intensive sectors such as metallurgy or chemicals, it became clear how much affordable energy was crucial to the survival of many companies. Those that were self-sufficient in their energy needs weathered the storm better than others. The energy crisis also highlighted the importance of risk management. Companies wanted, as the legislator put it, to act like "prudent and reasonable persons" - the former "good householder principle". They fixed their energy prices and came out of the crisis virtually unscathed. While others could only hope that energy prices would come down again.

'Never waste a good crisis' is a regularly heard truism. For this energy crisis, we can use this expression once again. It’s fascinating to see companies now taking charge of their own energy supply. The rise of PPAs – Power Purchase Agreements – is particularly remarkable. A PPA is an electricity purchase agreement between a power producer and a customer.

Risk management

Companies are also making great strides in risk management. In the past, it was often up to management to lock in energy prices. They saw it as an additional responsibility to negotiate with energy suppliers. But since the energy crisis, we have seen companies become much more professional. Managing energy prices is today a job in itself. Companies are increasingly thinking about the right strategy to manage their energy costs so that their energy prices come down. How and when they lock in energy prices has become more of an informed decision than ever before, allowing them to protect their margins in the event of rising prices.

As a result, BNP Paribas Fortis has received an increasing number of enquiries in recent years from companies looking to financially lock in their energy prices. Typically as a company you pay a variable price to the energy supplier. While you fix the price with the bank via a financial swap. Such financial swaps are also used to hedge other commodities (metals, oil products, etc.). A financial swap may seem a bit complex at first, but it’s actually not such an intricate transaction. Of course, other structures are also available, depending on your needs.

This is where the “prudent and reasonable person” returns to assess what lies ahead. After all, whether you’re looking for smart investment opportunities or advice on ways to control your energy costs, it ultimately boils down to two sides of the same coin. BNP Paribas Fortis not only thinks about investing with you as an entrepreneur, but also about ways to help you smartly and safely manage important expenses  such as energy costs.

Permanent drop?

Regardless of how companies choose to fix their energy prices, the current market context is very interesting at the moment. Industry in Europe is going through tough times. Nevertheless, the economy is experiencing a soft landing – a slowdown, without a real recession. This is currently leading to lower gas and electricity prices. We have also had a mild and windy autumn and winter. As a result, energy producers have generated a historically high amount of electricity from renewable sources in recent months.

And there’s nothing to suggest that prices won't continue to fall. Europe is importing more LNG from the United States than ever before. Indeed, both the price of US gas and the cost of transporting it have fallen dramatically in recent months. However, elections are coming up in more than 65% of the developed world, and the geopolitical situation (Ukraine, Israel, Taiwan) could again cause volatility.

Prudence

Gas and electricity prices have not been this low for two years and the market is currently stable. But the 2022 energy crisis has shown that we must always be on our guard. Locking in your energy price is not only the most cost-effective tactic, but it will also protect you, as a business owner in times of increasing volatility.

For more information, please contact your relationship manager.

Discover More

Contact
Close

Contact

We would like you to answer a few questions. This will help us answer your request faster and in a more appropriate manner. Thank you in advance.

You are self-employed, exercise a liberal profession, are starting up or managing a smaller local company. Then visit our website for professionals.

You are an individual? Then visit our website for individuals .

Is your company/organisation client at BNP Paribas Fortis?

My organisation is being served by a Relationship Manager :

Your message

Type the code shown in the image:

captcha
Check
The Bank processes your personal data in accordance with the terms of the Privacy Notice of BNP Paribas Fortis SA/NV.

Thank you

Your message has been sent.

We will respond as soon as possible.

Back to the current page›
Top