Does your Business Use Online Banking? You Might be Vulnerable to a New Attack!

Does your Business Use Online Banking? You Might be Vulnerable to a New Attack!

In 2017, cybercrime was the most common crime in the UK with 4.7 instances occurring in England and Wales alone. These figures are only getting higher and you are now 30 times more likely to be robbed online than you are to experience a physical burglary.

These risks, unsurprisingly, extend to commercial online banking systems. Industry professionals have recently discovered a disastrous form of malware that targets these systems. This malware can detect the online banking system being used and runs automated scripts in the background while the user logs into their account. It can change existing account numbers and sort codes of payees in attempts to disperse scheduled outgoing payments into fraudulent accounts. It is specifically used to target commercial online banking systems, like the ones you may use at your organisation.

Industry experts believe this malware can operate in the following types of digital environments 

  • When online banking is accessed on a PC via a web browser 
  • When a template feature is used to make bulk changes to the payment details of information of beneficiaries  
  • When two-factor authentication is not required for downloading or uploading the payment beneficiaries’ template or payment files

However, there are precautions you can take to protect your organisation’s privacy and financial security from this malware:

Communicate with your banking service — If your online banking system meets each of the three pieces of criteria for this malware to operate, it’s crucial to contact your bank immediately to discuss your protection options. In addition, even if your banking system doesn’t meet the listed criteria, make sure your banking system uses two-factor authentication during key transactional processes.

Update your staff members — Seeing as your employees likely use the same devices that access your organisation’s online banking systems, ensure that all staff members are routinely trained on cyber-security best practices. This includes detecting phishing scams, periodically updating passwords and limiting access to sites that aren’t work-related, such as online shopping or social media.

Consider changing your processes — If possible, switch to using certain devices with the sole purpose of conducting online banking. Make sure these devices operate on a secure internet server—possibly a different provider than what the rest of your business uses to ensure business continuity. Lastly, ensure that these devices implement maximum cyber-security measures and are routinely updated. This includes processes such as system updates, safety firewalls and anti-malware scanning. Periodically test your devices to be sure they can detect and avoid an attack.


To find out more about cybersecurity and cyber insurance, request a quote through our website or call us on 0330 1240730! 

9 Albany Park, Cabot Lane, Poole, Dorset, BH17 7BX
t. +44 (0)330 1240730
e. This email address is being protected from spambots. You need JavaScript enabled to view it.

© Insync Insurance Solutions Ltd 2016 All rights reserved. Cyberguru is a trading style of Insync Insurance Solutions Ltd which is authorised & regulated by the Financial Conduct Authority where our reference number is 766691. Our registered office is Midland House, 2 Poole Road, Bournemouth, Dorset BH2 5QY and we are registered in England under company number 08810662. Should you have cause to complain, and you are not satisfied with our response to your complaint, you may be able to refer it to the Financial Ombudsman Service, which can be contacted as follows: The Financial Ombudsman Service Exchange Tower, London, E14 9SR | Tel: 0800 023 4567 or 0300 123 9 123 | | Terms of Business