Report a security issue
To gain the confidence of victims, scammers often pretend to be associated with organisations they know you trust – be it a business, government agency or charity.
Scammers’ methods in using non-existent payment messages to mislead potential victims. This can involve inserting them into counterfeit documents to fraudulently claim that payments have been made when they have not.
SWIFT is aware of suspected scams in which fraudsters appear to encourage corporates and banks to partner with them in respect to SWIFT products including Alliance Lite2 and gpi. This is often done through deceptive emails, Powerpoint presentations, pdfs or other documents.
SWIFT investigates any suspicion of fraud. You can find information on malicious documentation typically used by thread actors in the SWIFT ISAC Bulletin 10105 and 10111 examples.
If you are in doubt about documents you have received, we recommend that you consult swift.com to view official SWIFT documentation. You can also contact Customer Support with any questions about the validity of documents received.
We would like to remind you that SWIFT does not play a role in the authentication process, as we do not have access to the information related to financial transactions. When in doubt, to authenticate the legitimacy of such documents, we recommend that you contact your own bank (or the bank specified by BIC or by name in the payment instruction) prior to executing a business transaction.
How to report a security issue or vulnerability to SWIFT
At SWIFT, our priority is the confidentiality, integrity and availability of our services. Our dedicated specialists work around-the-clock to optimise and secure our systems.
But, alongside our continued efforts around security, the threat landscape evolves daily and there will always be new types of threats against which the community needs to safeguard. Both SWIFT and its customers must remain constantly vigilant and proactive to counter the threats to our common security.
Have you discovered a vulnerability in our systems? Please help by reporting it to us so that we can improve the security of our systems together.
We will only use your personal information in accordance with the SWIFT Privacy Statement.
You can report your findings by sending an e-mail to firstname.lastname@example.org
We recommend that you secure your email transmission by using the following public PGP key.
In addition, we ask that you:
- Describe your finding as clearly and completely as possible.
- Provide any supporting information, material or attachments to support and validate your finding, to allow us to recreate or reproduce it as quickly and efficiently as possible.
- Describe the likely or potential consequences of your finding.
- Suggest mitigations or workarounds if possible.
- Keep all information and communication regarding your finding confidential, and do not disclose it to anyone outside of SWIFT.
- Do not engage in any activities that will adversely affect the confidentiality, integrity, or availability of the systems that relate to your finding.
A team of security experts will investigate your finding and you will receive a confirmation receipt of your email within one working day.
We value your contribution and thank you in advance.