Keeping your business secure

 

 

Integrated security in Business eBanking

Inbuilt security features ensure that:

  • We can identify you before we disclose confidential information
  • No unauthorised persons can access your company’s data through Business eBanking
  • Your data is encrypted during transmission between your browser and Danske Bank

Two-step authentication with eSafeID

When you access Business eBanking, we ask you for your password and a security code provided by your eSafeID device.

We use the most advanced security mechanisms to protect you, but to keep the high level of security and avoid fraud attempts you should use all available security features within Business eBanking.

 

 

Free Webroot Secure Anywhere®

Webroot Secure Anywhere® is available free to all Business eBanking customers. It uses worldwide Webroot © Intelligence to identify new files, classify threats in real time, prevent browser attacks, remove viruses from your PC,  and defend against financial and data-theft malware.

Download Webroot Secure Anywhere

Business eBanking security guidelines

  • Keep your details to yourself

    Keep your details to yourself

    Ensure that no one but you has access to your User ID, password and eSafeID. We will never ask for your password or security code from your eSafeID device under any circumstances. Please report any requests for this type of information to us on 02890 311377.

  • Be vigilant

    Be vigilant

    Always use Business eBanking in a place you trust. If possible avoid using publicly available computers and open Wi-Fi networks.

    Be careful when you use a Wi-Fi network, as others could tap into your computer. Remember to activate the encryption key before using the Wi-Fi network.

    Look for the locked padlock or unbroken key symbol in the browser when using our website, always log off after you have completed your Business eBanking session, and immediately report unusual Business eBanking activity (such as unexpected error messages, lengthy log-in time, or suspicious payments).

  • Make sure you're on the real Business eBanking

    Make sure you're on the real Business eBanking

    Don't use links from emails, text messages or another site - they could take you to a fake website that looks like ours, especially those expressing an urgent need for you to update your information, activate an account, or verify your identity. We will never send you an email containing a link to Business eBanking.

    Always access Business eBanking by either manually typing www.danskebank.co.uk or accessing the site from your favourites. When you try to access Business eBanking you’ll see that “https://” will appear before the address.

  • Fraud prevention measures you can take

    Fraud prevention measures you can take

    • Dual authorisation of payments – whereby payments need to be initiated by one user and approved by a second before they take effect, making it more difficult for hackers to make payments in your name.
    • Payment limits - using the Administration module in Business eBanking, you can create a payment limit on an account and/or on an individual user depending on your requirements.
    • Locked creditor listing - using the Administration module, you can restrict User access so that payments can only be made to a regular list of creditors.

Security tips to protect your computer

Updates

Always update programs when prompted. When you update your software - operating system, browser and all other programs - you close the security loopholes that hackers, malware and viruses find and exploit.

Antivirus

Install antivirus software, update the program regularly to ensure continual protection against new viruses, and set it to automatically check any downloads for viruses.

Firewall

Installing a firewall will prevent hackers from accessing your PC. Make sure you keep it updated.

Passwords

Keep your passwords secret. Don’t use names or birthdays as passwords - use a combination of letters, digits and symbols. Use different passwords for each site, and change them regularly.

Downloads

Rather than opening programs directly, save them on your hard drive and have your antivirus program check them before you open them. Don’t open attachments in unsolicited emails.

Social media

Be careful when opening links, images etc – even if they come from someone you know, they may contain malware. Do not disclose personal information, as you can’t be sure who’ll see it.

Protect your mobile devices

Types of Phishing

  • Types of Phishing: Real-time phishing

    Types of Phishing: Real-time phishing

    In a real-time phishing attack, the fraudsters will steal your logon and password as you are entering them into what looks like your usual online banking page. Then they will use these details to log on to the real version, before doing exactly as they wish with your money.

    This can happen either through a fake site that is indistinguishable from your actual online banking page, or through your computer being infected with malware.

  • Types of phishing: Vishing

    Types of phishing: Vishing

    Vishing is similar to phishing except the fraudster phones you, usually pretending to be your bank. They ask you to reveal personal and sensitive information. They might make a number of calls to gather small pieces of information. For example, one week they may ask which bank you are with, the next they may introduce themselves as being from that bank. They're very clever in how they operate, so always be alert. 

    If you decide that you want to ring the caller back to authenticate the call, you should always make sure that you source the number from your own records, rather than redialling the number they have called you on, and ensure that the original connection with the caller has been terminated first. You can do this by using a different phone or by phoning someone else you know first.

Tell-tale signs of a phishing email

Eight things to look out for

  • Unprofessional appearance

    Unprofessional appearance

    The typeface might be blotchy, too small or too large, or pictures are poor quality.

  • Links that don't go where they're supposed to

    Links that don't go where they're supposed to

    Phishing emails usually contain links which the fraudulent sender wants you to visit.

    The URL text in the email may look legitimate, but if you hold your mouse cursor over the link (without clicking it) the actual destination will appear at the bottom of your screen. If it doesn’t match the text in your email, ignore and delete the email.

  • A link that seems to be from Danske Bank but isn't

    A link that seems to be from Danske Bank but isn't

    In addition to the point above, look at the link itself.

    A genuine link from Danske Bank will contain ‘danskebank.co.uk’ followed by a ‘/’ and the subdomain – for example www.danskebank.co.uk/mortgages

    If there is anything between the ‘danskebank.co.uk’ and the ‘/’ then be careful, as this indicates that the link has not originated from us and may be malicious.

    For example, www.danskebank.co.uk.dodgylink.com/mortgages

  • It's too good to be true

    It's too good to be true

    This could take the form of an email that promises you a large sum of money if you take a certain action, or promises to pay our mortgage off for you if you click a link. Ask yourself, why would someone do this for you out of the blue?

  • Asking for bank details

    Asking for bank details

    We already know your account number and sort code, and the numbers of any debit or credit cards you might have.

    We will never contact you to ask for personal information such as card details, passwords and internet banking log on information through email, by text or by telephone.

  • You get an answer to a question you didn't ask

    You get an answer to a question you didn't ask

    If the email addresses an issue you didn’t ask about, it’s probably not genuine.

    For example, you get an email telling you to click a link to register your new credit card. But you haven’t applied for one.

  • You're asked for money

    You're asked for money

    Phishers want to steal your money. If they don’t get it by tricking you into revealing account or card numbers, they’ll ask you to send it to them directly for one of number of fictitious reasons, including things like medical care, investment in business, legal fees, and so on.

  • Aggressive tone

    Aggressive tone

    If you are in financial or other difficulties, we will always try and help you address them. We certainly won’t send you letters, texts or emails that immediately threaten account closures unless you comply with our demands.

    IIf you receive an email that appears to have been sent by us that requests you to enter personal information such as your account number or credit card number, do not reply and do not follow the instructions - even if the email suggests that you need to take immediate action to stop your account being frozen, or threatens you with fines if you don't.

Malware (Trojans,
viruses & malicious software)

Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your browser, or display fake websites, all in an effort to impersonate your business in online banking transactions. Your computer can become infected through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

Remember to keep your antivirus software updated and be cautious with software you download. Use an anti-spam product and treat unwanted emails with suspicion.

Malware and identity theft

  • Spyware

    Spyware

    Spyware is a program or file that often arrives as a hidden part of “free” programmes, and it monitors what you look at on the Web before reporting back to companies who sell the information. Some can pick up everything you type. Remember to keep your antivirus program up to date and be cautious with the free software you download.

  • Identity theft

    Identity theft

    Fraudsters employ many techniques to gather personal information with which they then attempt to target the finances of their intended victim. These techniques include masquerading as a genuine entity and contacting the intended victim and tricking them into providing personal and financial details.

    You should exercise extreme caution before responding to any communication, including emails and telephone calls, which ask you for such details – even if those communications are alarmist in nature.

  • CEO Fraud

    CEO Fraud

    This is when a fraudster hacks into the email account of a senior executive in their target business to trick its employees into transferring money to them.

    They find out who within that company has the ability to send payments and send an email requesting a payment to an apparently legitimate account but which belongs to the criminal. If the fraud is successful the fraudster will move the funds to other accounts, making them almost impossible to trace or recover.

    How do I protect my business?

    • Ensure all staff are aware of this type of fraud
    • Have a system in place, which allows your employees to verify that such requests from their CEO are legitimate
    • Always review financial transactions to check for inconsistencies/errors, such as misspelt company names
    • Consider what information is publicly available about the business and whether it needs to be public
    • Ensure computer systems are secure and that antivirus software is up to date

Suspect something?

Report fraud or phishing