Welcome to the Fraud Fight Forum, the Pan-African Exchange Platform of suspected Fraud. Join AIBFPC as a member to exchange about Fraud Risk Patterns and access to Fraud & Scam Risk Register for Insurance, Banking and Stock Market intermediaries

Account Hacking via Phishing Attacks

AIBFPC-Admin

Fraud Risk Scheme:

A fraudster sends fake emails/SMS messages or creates counterfeit web pages to trick employees or clients into disclosing their credentials (login, password, MFA codes) or installing malware. Once access is compromised, the attacker steals data, makes unauthorized transfers, or takes control of internal or external accounts.

Detection:

Logins from unusual devices, IP addresses, or countries.
Multiple failed login attempts followed by a successful one.
Unauthorized changes to passwords, email addresses, or transfer rules.
Unusual activity after receiving a suspicious email or SMS.
Appearance of unauthorized automatic email forwarding rules or transfers.
Alerts from anti-phishing tools (suspicious links, lookalike domains, questionable attachments).

Prevention:

Strong multi-factor authentication (e.g., password + phone code or security key).
Email filtering with sender verification and attachment analysis.
Regular user training and phishing simulation campaigns.
Endpoint and server protection with antivirus and regular updates.
Access rights limited according to user roles.
Clear procedures for reporting and responding to suspected fraud.

Share your feedback:

What tools, techniques, and processes are used in your organization to detect and prevent such fraud schemes?