Phishing is fast becoming one of the leading contributors of fraud today, with 80% of malicious software attacks coming from phishing.
With Black Friday online shopping and Cyber Monday Deals this November, there is no better time for South Africans to remind themselves of the number of different scams they could be exposed to and how best to avoid these.
In the personal loan sector, impersonation or identity theft ranks top as the number one contributor to fraud, followed by credit card transaction disputes and phishing coming in a close third.
Piet Swanepoel, chief risk officer at African Bank, says phishing is when criminals use a form of electronic communication, either SMS (smishing) or email (phishing), to extract sensitive information like usernames, passwords and credit card details.
“Clever social engineering tactics are regularly used by criminals to trick their victims into disclosing their cellphone or mobile device banking login credentials.
“Unsuspecting customers believe they are speaking to a credible source from their bank and disclose sensitive information, often under the pretence of a ‘security protocol’,” said Swanepoel.
Once a criminal has your mobile banking pin or password, a fraudulent sim swap is conducted on the cellphone number that allows the criminals to transact as if they were the real account holder. SMS notifications on your cellphone will not even help you here.
He explains because the sim has been deactivated, no notifications will be received by the victim, making the fraud difficult to detect.
Swanepoel says sim swops allow the criminal to receive transaction verification codes (TVCs), random verification codes (RVCs) or one-time passwords (OTPs).
“By using these together with compromised login credentials, criminals can change, add beneficiaries and transfer money out of a victim’s account.
“They are even able to move to another cellphone network and still retain their cellphone number, which means the criminal will continue to receive communication on the new sim card while the victim’s sim card remains deactivated.
“The problem is that although most people are aware of the scams and would not normally give out important information, these fraudsters are so clever and believable that many people still fall victim to their schemes. They are not aware that they have been scammed until it is too late.”
He offers this advice to prevent becoming a victim of phishing.
• Use a clever pin: Always protect your cellphone and/or mobile device content and personal information by using a pin and ensuring that your phone and/or computer and mobile devices are password protected.
This is your strongest protection against being scammed. Never use your birthday or that of a family member or part of your phone or cellphone number. It is just too easy for criminals to work out. Rather choose an unusual pin that is hard to guess.
• Consider protecting your passwords using any one of the public and freely available password managers.
• Never carry unnecessary personal information in your wallet or purse.
• Never access your banking site on a public Wi-Fi network.
• Never give out any personal details if someone phones you. A bank will never phone you to ask for your PIN.
• Ensure you have the latest antivirus and antispyware software installed on your cellphone and computers and other mobile devices.
• Regularly verify whether details received from your cellphone notifications are correct. Should any details appear suspicious, immediately make contact with your bank.
• Never log onto your bank’s website from a link in an email or SMS. Rather type in the full web address yourself.
• Be cautious when shopping online. Only use vendors who offer a second form of identification to avoid being scammed.
One may even consider opening a second bank account for online transactions. A good tip is to only keep a minimum balance in the account and then transfer funds to that account only when you need to complete an online transaction.
“Fraudsters know all the tricks, so if you do get caught and believe your information has been compromised, change your internet banking credentials immediately and advise the bank accordingly,” added Swanepoel.
