Category Fraud/Crime

The hook, line and sinker of Internet bank fraud

30 March 2007 Gareth Stokes

There has been an alarming increase in the number of attempted fraudulent transactions over the Internet banking channel in recent weeks. While account holders at all of the big banks are at risk, recent reports centre on the experiences of Standard Bank

The Standard Bank email includes accurate corporate graphics, appears to be sent from the Standard Bank customer support centre and includes a link to a website which is an accurate copy of the Standard Bank site.

Three things alerted us to the dubious nature of these communications. All of the emails included requests for us to provide our pin numbers and passwords, the Standard Bank emails were sent to an email address that we had never given to the bank and we have no bank account with FNB at all! A quick telephone confirmed that the bank would never request such information by email or telephone, and that we should delete such correspondence without even attempting to follow the link.

These emails raise questions about how criminal syndicates go about obtaining personal details, and how they use the information once they have it.

Learning the lingo- phishing and email-spoofing

Internet account fraudsters use a combination of information mining techniques to obtain login details and passwords to bank accounts.

Their first weapon is known as phishing, defined as the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. This process is augmented by the use of email-spoofing which is the process of disguising an email to make it appear as if it was sent by a known or trusted institution.

A criminal syndicate launches a phishing attack by indiscriminately spamming thousands of email addresses. These lists are readily available- with programmers able to compile their own lists by trawling the Internet if they so prefer.

The syndicate relies on the statistical likelihood that a percentage of the thousands of emails generate will reach account holders of the particular bank and that at least some of these individuals number will be duped into following the email instruction. Once the syndicate obtains login details and passwords they can concentrate on withdrawing funds from the account.

Laundering the money is a topic for a separate email. However, it should be noted that many of these criminal syndicates operate secondary scams in parallel to their Internet phishing attacks. A recent example is an email which offers the recipient a lucrative employment opportunity. This offer is nothing more than an elaborate hoax to steal personal information and is often coupled with a request to open a bank account for the bogus employer. This account is then used to launder funds out of compromised Internet bank accounts and into the syndicates coffers.

Take precautions to ensure your privacy

Commonsense is the best approach to ensure that your personal details remain private. Ignore all communications which sound too good to be true and which offer something for nothing. Would you seriously entertain an unsolicited job offer that landed in your inbox? You get nothing for nothing these days- and you're going to have to realise this if you want to avoid being suckered by a clever email scam.

You should view any request for your personal information with cynicism and NEVER give away card numbers, passwords or pin numbers to anyone. Apply this rule to communication by telephone, by email or face-to-face. Your username and password is the key to the Internet vault that houses your savings. And you wouldn't give away the key to the safe in your house that easily, would you?

Editor's thoughts:
As mentioned in this article, weve received a number of suspect emails in recent days. Wed love to hear from you if you have had similar communications. Send your comments to .

Quick Polls


The shocking crime and motor vehicle accident statistics shared during a recent SHA presentation suggests that group personal accident and personal accident cover are a no-brainer. Do you agree?


Not sure
fanews magazine
FAnews April 2024 Get the latest issue of FAnews

This month's headlines

FAIS Ombud lashes broker for multiple compliance blunders
TCF… a regulatory misfit initiative?
The impact of NHI on medical malpractice insurance
Fixed versus variable: can you have your cake and eat it too?
The future world of work
Subscribe now