Be vigilant – anyone can fall victim to a scam

If you think you’ve heard it all when it comes to cyber crime, think again – scams are constantly evolving and becoming increasingly sophisticated.

An example is “whaling”, an incarnation of phishing, which uses stolen personal information to access accounts. Rather than targeting individuals, whaling scams seek to defraud companies’ financial departments. While this may seem harder to achieve, the potential scale of the fraud makes it worthwhile for criminals.

“If you’re complacent about being scammed or think you’re too clever or sophisticated to fall for a scam, you’re a good target for a cyber criminal. You might spot 99,9% per cent of the poorly executed attempts, but only need to make one error of judgement,” says Alet Griesel, chief risk officer at DirectAxis.

She cites the example of a company director who was expecting a SARS refund and received an email, apparently from the revenue service, saying the money had been paid and was in his bank account. Typical of a phishing scam, it included what appeared to be a convenient link to his bank’s website, where he could enter his password to confirm the payment. He did click on the link, but fortunately stopped short of entering his details.

“I’d been expecting the money for some time and had been badgering my accountant about it, so when I got the mail, I just assumed it was because the accountant had followed up. I was busy, so clicked on the link. I had started entering my password on a page that seemed exactly like my bank’s Internet banking site. I don’t know what stopped me, but I shut it down and called the bank which confirmed it was a scam. I had to change all my passwords, which was a hassle, but a good lesson about not being so complacent in future,” explains the director, who prefers to remain anonymous.

He nearly fell for one of the most common bank scams in which fraudsters ask you to provide your account details or other information such as your pin number to confirm a payment. This information is then used to raid your account.

Some of these scams are so sophisticated and the phony web pages so realistic, that afterwards the victims will be adamant that they never revealed any personal or company information.

The bottom line is that you should never click on a link to a banking website in an email, SMS or instant message no matter how realistic it seems. Always enter the bank’s website address in your browser.

Another way scammers use bogus corporate identities is to pretend they are offering low-interest loans. Again the email appears to come from a well-known company offering loans at very low interest rates, but asks the recipient to pay an upfront fee in order to secure the loan or to cover administrative or legal costs. Legitimate companies do not ask for an upfront fee or deposit to secure a loan. Another red flag is that if the interest rates seem too good to be true, they probably are.

Often this kind of scam pressures people to respond quickly or miss out. The scammers hope that in their haste to respond the victims won’t look too closely at the offer or contact the company.

Perhaps the best-known scams, and also the ones which should be easiest to spot, offer a large amount of money as an incentive to provide personal details or a down payment. Typically people are told they’ve won a lottery, stand to inherit some money or need to assist with a currency transaction and are either asked for their bank details or to pay a deposit to secure the transaction.

“If you think criminals are hiding behind a well-known brand to try and defraud you, it’s important to report it, even if you have no intention of responding to the attempted fraud,” says Griesel.

Most reputable financial institutions have fraud departments and will act immediately to shut down websites, bank accounts and other mechanisms used as part of the fraud.

“Reporting scams is the best way to fight back. While you may not have fallen for the particular scam, by reporting it you prevent others from falling victim. Who knows, one day you might be grateful that someone flagged one that may have caught you.”

An infographic on how to spot scams is available here: https://www.directaxis.co.za/scam-guide