Prevent criminals from stealing your online banking information
Criminals often use phishing to trick you into disclosing your personal information like usernames, passwords, credit card details and mobile phone numbers. They sometimes also request your One Time Password/PIN (OTP) that will be sent to your mobile phone when transacting.
Criminals want access to your online facilities to steal your money and will use any number of tactics to access your confidential information. Criminals use tactics like phishing and the installation of malware onto a victim’s device to steal the personal information necessary to access their online banking profile.
They also conduct fraudulent SIM swaps to ensure that the One Time Password (OTP), sent by the bank to authorise a transaction, is sent to a SIM card under their control.
Phishing:
Criminals often use phishing to trick you into disclosing your personal information like usernames, passwords, credit card details and mobile phone numbers. They sometimes also request your One Time Password/PIN (OTP) that will be sent to your mobile phone when transacting. They do this by sending emails that look like they come from trusted sources such as banks or legitimate companies.
These mails entice the recipient to respond by clicking on a link. When clicking on the link, a victim is diverted to a fraudulent website (spoof site) under the control of the criminal, and any information entered on this page, for example, your banking username and passwords or cellphone numbers, will be sent to the criminals.
The information harvested in this manner is then used by criminals to access your online banking profile illegally. Once they have viewed your profile and find that there is money to be accessed, they will commit fraud on your internet banking account.
Before launching a phishing attack, criminals collect email addresses to which they send their spam phishing emails.
ALSO READ: DSSA seeks priority access to vaccines for individuals with Down syndrome
They also ensure that they have control over other bank accounts into which they can pay the proceeds of crime. They arrange a fraudulent website that resembles the real website of the company from whom the phishing emails purports to come, and host it on a vulnerable website.
They then ensure that all communication received through this website is relayed to an email address under their control. Once a victim responds to the phishing email by clicking on the link and “logging in”, the sensitive information is relayed to them.
Sometimes they use this information immediately to access the victim’s profile and can trigger an OTP to be sent to the victim’s mobile phone. The spoof website will then prompt the victim to submit the OTP. The criminal will then use the OTP to move funds fraudulently.
If they are not ready to use the compromised information immediately, they will save it for a later date and do a SIM swap to gain control over the victim’s communications when the OTP is generated during the fraudulent transaction.
Malware:
Clicking on an unsolicited link or icon could also result in a victim’s computer being infected with malware. The malware (malicious software) used in internet banking fraud, is software designed to gather and send sensitive information to a predetermined destination under the control of the criminal.
You could be tricked into infecting your computer with malware through clicking on a link or an attachment in an email as well as through accessing a fake website purporting to sell you software to fight malware.
Criminals deploy malware designed to harvest banking credentials. These malicious programs relay the keys typed to the criminals who then decipher bank-related usernames and passwords. The compromised information is then used to access the victim’s online banking profile unlawfully, and should there be funds available, these are transferred into the criminal’s account.
Sim Swaps:
Through fraudulent SIM swaps, criminals can take control of their victim’s mobile number enabling them to receive SMS’s sent by the bank to the client. These include Transaction Verification Codes (TVC), Random Verification Number (RVN), PINs or One Time Passwords (OTPs).
Using these codes together with compromised login credentials, criminals can change, add beneficiaries and transfer money out of the victim’s account.
Criminals are also known to port their victim’s cellphone number fraudulently before doing a fraudulent SIM swap. Mobile Number Portability (MNP) gives mobile phone users the ability to move to another mobile network and still retain their mobile number (MSISDN).
In this scenario, the victim’s SIM card is deactivated and the criminal receives a communication for the new SIM card issued by the second mobile network operator, enabling them to receive a victims Transaction Verification Codes (TVC), Random Verification Number (RVN,) PIN or One Time Passwords (OTPs).
ALSO READ: Samro urges corporates to book online performances in support of artists
