Your clients could be among thousands of South Africans who become victims to online banking scams each year. Jan Kruger of Absa Engineering Services: Specialised Investigations Forensics observed that phishing, vishing and smishing attacks were on an upward trend. He warned that South Africans who became complacent about this type of attack, did so at their own risk. “Day after day, minute after minute, we see individuals ‘take the bait’ and lose their hard-earned money by inadvertently interacting with these scamsters,” said Kruger.
Not the phishing your clients are used to
You should share the following definitions and countermeasures with your clients so that they have a better understanding of how each attack works, and how to prevent it. Kruger was presenting during a SA National Fraud Awareness Day event, held virtually on 16 November 2020, and hosted by the Association of Certified Fraud Examiners (ACFE). Phishing is described as an attempt to deceitfully obtain personal, sensitive financial information by sending emails that look like they come from a trusted source such as a bank or legitimate company. Each of us receives dozens of these emails every day, masquerading as one of the big five banks, or SARS, or National Treasury, or…
These emails demand your immediate action by, for example, threatening that your bank account has been suspended or that you are due a big refund from SARS or something similar. They not only create an urgency to act; but provide an easy-to-click link, either in the email content or as an HTML attachment, for you to follow. If you click on this link your browser is redirected to a ‘spoofed’ website where all types of nastiness might occur. A ‘spoofed’ website will look and feel almost exactly like the bank or financial services firm that you are familiar with; but it is not. “These scamsters will recreate a corporate website as if it is the real thing; these websites are designed to look exactly like your banks’ website and it can be quite difficult to tell them apart,” said Kruger.
Never interact with unsolicited emails or SMSs
Your clients should take the following counter measures. First and foremost, they should never click on the attachments or URL links contained in these emails. And second, assuming you cannot resist the temptation to check out the threat or promise that the phishing email has made, you should open an independent browser window and type in the exact website address of your bank or financial services provider, double-checking to ensure that you reach the official page. Another alternative is to telephone your bank’s customer services helpdesk to access your account via that channel instead of following the suspicious email link.
Vishing is another tactic that has gained in popularity of late. It involves criminal syndicates making use of social engineering skills to manipulate your clients into given away their banking or other personal details. “This technique is often aimed at older people who prefer telephone over online banking; the criminal will pose as a bank official or customer support agent and will begin an online attack while they are communicating with you telephonically,” said Kruger. He warned that scammers often had detailed information about their targets, which made it easier for them to win over their confidence. They obtain personal data from social media websites such as Facebook or LinkedIn, from internet searches or from compromised corporate data.
Be hyper vigilant and instantly suspicious
The best advice you can give your clients is to be hyper vigilant and instantly suspicious when dealing with an unsolicited call, email or SMS from their bank or other financial services provider. And remember: A bank will never ask you to confirm confidential information such as usernames, passwords or PINs over the telephone. Kruger suggested that you immediately end a phone call that makes suspicious requests and that you refrain from sharing personal information online or telephonically unless you have 100% certainty of who you are speaking to or what they require the information for. Other defences against vishing attacks include to avoid entering online competitions and surveys; and not to respond to unexpected or unsolicited pop-ups that may appear on your mobile phone. You should also immediately check with your mobile phone provider if your mobile phone goes out of service in case you are a victim of a SIM swap.
The final scam covered in today’s newsletter is perpetrated by SMS, and appropriately referred to as smishing. Your best defence against SMS scams is to delete the messages without interacting with them. You should not reply to an unsolicited SMS that wishes to link you to another website, regardless of the reward the scamsters offer, or threats they make. “If you are unsure of a call, email or SMS then your best course of action is to contact your bank or your bank’s forensic helpdesk and report the matter; the sooner we are informed of these scams, the sooner we can take action to prevent them from getting to other consumers,” concluded Kruger. Your bank is better positioned than ever to liaise with other banks and with mobile phone companies to stamp out these types of crime.
Writer’s thoughts:
The acceleration of the ‘digital everything’ trend means that more of our day-to-day transactions are taking place entirely virtually. This reduces the chance of contact crime, such as having our cards stolen at an ATM, but increases our susceptibility to online attacks. Have you, or any of your clients, suffered the inconvenience of online banking or debit or credit card fraud in 2020?
Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts editor@fanews.co.za.
Comment on this post