www.icbcstandardbank.com Open in urlscan Pro
240d:c010:75:9::42  Public Scan

Form analysis
0 forms found in the DOM

Text Content

This website supports IPV6 English

 * Home
 * About Us
   * Overview
   * Investor Relations
   * Regulatory Disclosures
   * Corporate Disclosures
 * Products
   * Commodities
   * Foreign Exchange
   * Fixed Income
   * Structured Finance
   * Primary Markets
 * Research & Strategy
   * Overview
   * Reports
 * Careers
 * Contact Us

About Us

Overview

Investor Relations

Regulatory Disclosures

Overview



ICBCS And Affiliate Investment Recommendations Disclosures



Third Party Research Disclosures



Dodd Frank



Corporate Disclosures

Terms and conditions



Privacy Notice



CookieStatement



Online Fraud and Security Notice



Modern slavery Act Statement



Tax Strategy



　You Are Here： Home > About Us > Corporate Disclosures > Online Fraud and
Security Notice

Online Fraud and Security Notice

Last updated: May 2022

 

How we protect our clients

ICBC Standard Bank Plc takes great care to ensure the ongoing security of
clients’ assets and personal information.

The evolving nature of the cybersecurity landscape means that we are continually
reviewing the threats that we face to allow us to take appropriate measures to
help anticipate issues before they arise and to respond accordingly when they
do. We have multiple layers of security protection and will continue to make
investments in cybersecurity and fraud-prevention technologies. We provide our
staff with training on cybersecurity awareness and fraud protection policies and
procedures.

Clients play a key role in protecting their information and we ask that they
remain vigilant to online fraud and scams.  A brief reminder of some of the
way’s clients should do this is detailed below.

How clients can protect themselves

Please consider the widely adopted safeguards below which will help to protect
you from the most common online fraud and scams.  Please also note the
statements about our business practices.

Online security safeguards:

o    Do not open emails or text messages or click links or download files sent
by unknown sources;

o    Do not respond to unexpected requests for validation of your security or
personal details;

o    Do not respond to requests that threaten to close or suspend your account
or access if you do not take immediate action;

o    Avoid being targeted by fraudsters by limiting the amount of detail in
social media posts about your professional role or in professional networking
sites;

o    Use only software approved by your company and follow your firm’s data
security policies;

o    Use a strong password / passphrase for email and other key systems and
enable two-factor authentication whenever possible;

o    Install anti-virus software on your personal computer and devices, and sign
up for automatic updates to keep your software up-to-date; and

o    Beware of free wi-fi. Make sure no-one can access or install malware on
your computer or mobile devices and preferably use a VPN.

Anti-fraud safeguards:

o    Be especially wary of emails containing payment instructions – especially
payments to overseas bank accounts or any late changes to expected instructions;

o    Always verify changes to payment details by telephoning us directly using a
number you already have on record and not one contained in the payment email; or
use our online services (e.g. Phoenix) to verify our payment instructions as
these are protected by strong authentication and encryption controls;

o    Check your account balances and transactions for fraudulent activity
frequently and if available, enable the alerting facility on your account; and

o    Be particularly vigilant around holiday periods as cyber criminals are
known to attack when a victim company may have staffing shortages.

Reminder of our Business Practices:

o    We will only very rarely change our contact or account details (including
settlement instructions). If you ever receive a request related to such a
change, please reach out to your contact with us to verify the authenticity of
such a communication or validate the details by using our online services (e.g.
Phoenix);

o    We do not send emails that require you to enter personal security
information directly into an email or a website; and

o    We do not send emails threatening to close your account if you do not take
the immediate action of providing personal or business information into an email
or a website.

You cannot fully trust email communication

Owing to the nature of email communication and its reliance on a wide range of
technical and organisation security controls at the sender and receiver ends and
at all stages in between, email cannot be regarded as being 100% trustworthy. 
Please always verify critical information with your contact at ICBC Standard
Bank Plc using a different communication channel.

Below are some common email cyber-attacks and how you should respond to them. 
However, it is important that you consider the cyber risks to your organisation
independently and take all necessary precautions to protect your firm.

Business Email Compromise

This is an umbrella term for a range of sophisticated fraud schemes used by
criminals to trick employees of victim companies into divulging company
sensitive information or allowing payments to be made based of fraudulent
instructions.  The most common methods used are:

o    Fraudsters may take over or hack an employee’s email account.

o    Fraudsters may send a spoofed or masked email containing a fake header that
hides the true origin of the message.

o    Fraudsters may purchase a domain which closely resembles a legitimate
company domain then set up email account linked to this to target the victim
company.

In order to reduce the likelihood of business email compromise, you can, among
other things, train employees to recognise suspicious emails and implement
controls to highlight emails sent from outside your organisation.

Social Engineering

This is a method of manipulating employees of a victim company into divulging
sensitive information or causing them to take an action which would break with
your normal procedures.

Phishing is a common form of social engineering which involves a fraudster
emailing a victim company with the intent of manipulating an employee to
complete an action or provide sensitive information.

Vishing is a form of social engineering that takes place over the phone with the
intention of gaining sensitive personal and/or organizational information. The
scammer would usually impersonate a customer, employee or organization in an
attempt to gain the trust of the victim.

Smishing is the same as the above but conducted by text messages which are more
easily spoofed owing to the relatively poor security of voice and text
communication.

In order to reduce the likelihood of social engineering, you can, among other
things, ensure that your employees always validate and authenticate who they are
talking to and ensure that they never give out passwords or secure information.

Email Spoofing and Brand Impersonation

This is a method of collecting sensitive information from employees of a victim
company via email by impersonating a trustworthy source. Fraudsters may
impersonate a familiar source in an attempt to gain information about the
employee or any known affiliate.

This impersonation often involves the use of a slightly altered email domain
name or address that the receiver might not notice.  By adding official-looking
logos, banking registration details and company numbers, these well-crafted
deceptions give the impression that everything is legitimate

In order to reduce the likelihood of email spoofing, you can, among other
things, ensure that your employees keep their email accounts secure by following
our online security safeguards and also training them to identify altered email
addresses and websites. 

If you receive an email that you are suspicious about then contact the head
office switchboard or use contact details that you already have but never use
numbers supplied by the person you’re suspicious of or use links they in their
email.

Malware

This is software that is hostile or intrusive which aims to steal, manipulate or
corrupt a victim company’s data. The fraudster may also use this malware to
monitor employees’ habits, collect data and modify or create payments.

Some examples of malware include viruses which self-replicate and spread to
other computers to steal information; and a ‘Trojan-Horse’ which is malware that
is disguised as a normal file.

In order to reduce the likelihood of malware, your firm can, among other things,
block access to suspicious websites, scan email attachments, disable auto-run of
macros when opening Microsoft Excel, ensure all software is patched and updated,
ensure antivirus is updated and performs regular scans, regularly back up and
secure data, flag all external emails and restrict the ability to send and
receive external emails.

Reporting an online security concern

Please contact your Account Executive immediately if you notice suspicious
activity on any of our services or receive a questionable email or text that
appears to come from ICBC Standard Bank Plc.

Additional Third-Party Resources

Get Safe Online.  Guidance on how to protect against fraud, identity theft and
other online threats.

Bank Safe Online - UK.  Guidance on how to protect your information from
potential fraudsters and learn how to bank safely online.



Terms and conditions | Privacy Notice | Regulatory Disclosures | Corporate
Disclosures
ICBC Standard Bank Plc Authorised by the Prudential Regulation Authority and
Regulated by the Financial Conduct Authority and Prudential Regulation
Authority.