Safe deposit box fraud

Stay up to date with the latest measures from the financial sector

4 min Reading time

Another type of fraud that is currently on the rise among companies is safe deposit fraud. An apparently reliable sender (such as a the bank, the postal service, a telephone operator…)  calls the company or self-employed person to warn that suspicious banking transactions are taking place on the company account. Damage can be prevented if you act 'quickly' and transfer the funds to a 'safe deposit box'. However, it later turns out that such a 'safe deposit box' does not exist and the manager is left with a major financial loss...


With this type of fraud, scammers often act in two steps. They first send a phishing message to gain access to the bank account of the company or self-employed person. They then call an employee of the company or the self-employed person and convince him/her to transfer money to a so-called 'safe deposit box.'

How does it work?


Safe deposit box fraud often starts with a phishing message that cyber criminals send by email, text message, WhatsApp or social media. This message contains a link that takes you to a fake website. Scammers use this website to collect personal information such as contact details or even codes to log in to internet banking. Once the scammers have this information, they can start their fraudulent actions: they call the company or self-employed person and pretend to be a bank employee. They then explain that suspicious transactions have been made on the account.

Somethimes this step is skipped and scammers simply call the company or self-employed person with a lot of persuasion. They will do anything to gain trust.

The scammers will then offer to transfer the money to a safe account, namely the so-called 'safe deposit box'. But that account does not exist at all. And if the company employee or the self-employed person does transfer money to this false 'safe deposit box', it ends up in the account of a money mule. From then on, the transferred amount is transferred to the cyber criminals' account in record time. An alternative scenario is that the fraudster has the 'cancellation of fraudulent transfers' confirmed by the victim, while in fact he or she just signs the fraudulent transfers.

How to protect your business?

  • Never provide the company's personal information and/or bank codes (account number, PIN code, response code) via email, text message, telephone call, a message on social media or WhatsApp. The bank - or any other organization - will never make such a request via telephone, email, text message or social media.
  • Nor will the bank advise transferring the company's money to an account of another party. There is no such thing as a secure 'vault account'!
  • The bank will also never ask you to install software (anydesk, teamviewer) to take over your computer remotely.
  • Did you receive a strange message or call and are you unsure about its authenticity? Then be on the safe side and don't respond to this. Don't let yourself be pressured or persuaded to act 'quickly'. Do you want more information? Then call the bank yourself. Scammers cannot intercept that call.

Got scammed?

  • Contact your company's bank as soon as possible. The bank can be reached 24/7 via special fraud numbers to report fraud online. An overview of all contact points can be found on the Card Stop website.
  • Notify Card Stop (078 170 170).
  • File a complaint with the police.