The South African Banking Risk Information Centre (SABRIC), on behalf of the banking industry, has launched a Safe Banking Campaign to empower bank clients with information to ensure that they bank safely over the Festive Season.
As the year comes to a close, fraudsters take advantage of the fact that consumers receive bonuses, spend more money and are generally more relaxed because they are in holiday mode. SABRIC wants ensure that bank clients are empowered with information in order to protect themselves.
The Festive Season typically sees an increase in the use of online banking and card transactions and SABRIC urges bank clients to take note of the latest crime trends so that they do not become victims. Although the advent of digital technology has seen an increase in electronic banking crimes, SABRIC still urges consumers to remain aware of other modus operandi at play, such lost & stolen card fraud as well as Phishing, Vishing, all of which are on the increase.
Read the attached article providing information as to what Phishing, Vishing etc is, Handy Tips on what to look out for, as well as the banksFraud Line contact numbers.
WHAT IS VISHING
Vishing is when a fraudster phones a victim posing as a bank official or service provider and uses social engineering skills to manipulate them into disclosing confidential information, while at the same time leading them to believe that they are speaking to the bank or service provider. This information is then used to defraud the victim.
TIPS
- Be conscious of the fact that criminals can mask their telephone numbers seem as if a legitimate individual or company is making the phone call.
- Never share personal and confidential information with strangers over the phone.
- Also note that Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
- If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.
Criminals want access to your online facilities to steal your money and will use any number of tactics to access your confidential information. Criminals use tactics like phishing and the installation of malware onto a victim’s device to steal the personal information necessary to access their online banking profile. They also conduct fraudulent SIM swops to ensure that the One Time Password (OTP), sent by the bank to authorise a transaction, is sent to a SIM card under their control.
WHAT IS PHISHING:
Criminals often use phishing to trick you into disclosing your personal information like usernames, passwords, credit card details and mobile phone numbers. They sometimes also request your One Time Password/PIN (OTP) that will be sent to your mobile phone when transacting. They do this by sending emails that look like they come from trusted sources such as banks or legitimate companies. These mails entice the recipient to respond by clicking on a link. When clicking on the link, a victim is diverted to a fraudulent website (spoof site) under the control of the criminal, and any information entered on this page, for example, your banking username and passwords or cell phone numbers, will be sent to the criminals. The information harvested in this manner is then used by criminals to access your online banking profile illegally. Once they have viewed your profile and find that there is money to be accessed, they will commit fraud on your internet banking account.
Prior to launching a phishing attack, criminals collect email addresses to which they send their spam phishing mails. They also ensure that they have control over other bank accounts into which they can pay the proceeds of crime. They arrange a fraudulent website that resembles the real website of the company from whom the phishing mails purports to come, and host it on a vulnerable website. They then ensure that all communication received through this website is relayed to an email address under their control. Once a victim responds to the phishing email by clicking on the link and “logging in”, the sensitive information is relayed to them. Sometimes they use this information immediately to access the victim’s profile and can trigger an OTP to be sent to the victim’s mobile phone. The spoof website will then prompt the victim to submit the OTP. The criminal will then use the OTP to move funds fraudulently.
If they are not ready to use the compromised information immediately, they will save it for a later date and do a SIM swop to gain control over the victim’s communications when the OTP is generated during the fraudulent transaction.
MALWARE:
Clicking on an unsolicited link or icon could also result in a victim’s computer being infected with malware. The malware (malicious software) used in internet banking fraud, is software designed to gather and send sensitive information to a predetermined destination under control of the criminal. You could be tricked into infecting your computer with malware through clicking on a link or an attachment in an email as well as through accessing a fake website purporting to sell you software to fight malware. Criminals deploy malware designed to harvest banking credentials. These malicious programs relay the keys typed to the criminals who then decipher bank related usernames and passwords. The compromised information is then used to access the victim’s online banking profile unlawfully, and should there be funds available, these are transferred into the criminals account.
SIM SWOPS:
Through fraudulent SIM swops, criminals can take control of their victim’s mobile number enabling them to receive SMS’s sent by the bank to the client. These include Transaction Verification Codes (TVC), Random Verification Number (RVN), PINs or One Time Passwords (OTPs). Using these codes together with compromised login credentials, criminals can change, add beneficiaries and transfer money out of the victim’s account.
Criminals are also known to port their victim’s cell phone number fraudulently before doing a fraudulent SIM swop. Mobile Number Portability (MNP) gives mobile phone users the ability to move to another mobile network and still retain their mobile number (MSISDN). In this scenario, the victim’s SIM card is deactivated and the criminal receives communication for the new SIM card issued by the second mobile network operator, enabling them to receive a victims Transaction Verification Codes (TVC), Random Verification Number (RVN,) PIN or One Time Passwords (OTPs).
TIPS
- Ensure that the device you use for internet or mobile device banking has the latest version of antivirus and antispyware software installed from a reputable vendor. Robust solutions should identify malware and prompt you to delete it.
- Do not do your banking on a public or unfamiliar computer found at libraries, internet cafes and hotels.
- Avoid using WiFi hotspots, and ensure your own wireless network is encrypted before performing any banking transactions on your private computer. Prevent illegal software from being downloaded on your computer by creating administrative rights.
- Be suspicious if you receive lots of spam email or SMS messages. It could indicate that your computer or cell phone has been infected.
- Beware of fake anti-virus software that is offered at no charge, as it could contain malware.
- Do not use unknown devices, such as USB flash drives on your system, as they may transfer malware unknowingly.
- Avoid downloading pirated software as it may contain malware.
- Memorise your PIN and passwords and never write them down or share them, not even with a bank official.
- Make sure your PIN and passwords cannot be seen when you enter them.
- If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.
- Choose an unusual PIN and password that are hard to guess and change them often.
- For your security you only have three attempts to enter your PIN and password correctly before you are denied access to your services.
- Register for your bank’s cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.
- If the reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately.
- Inform your Bank should your cell phone number changes so that your cell phone notification contact number is updated on the banking system.
- Regularly verify whether the details received from cell phone notifications are correct and correspond to recent activity on your account. Should any detail appear suspicious, contact your Bank immediately and report all log-on notification that are unknown to you.
- Log onto your Bank’s website by typing in the web address yourself instead of accessing it via Google search as it might lead you to a spoofed site.
- Do not use web links that are saved under your favourites and never access your Bank’s website from a link in an email or SMS.
- Remember to log off immediately when you have finished banking.
- Make sure that no one has unauthorised access to your PC.
- Be especially aware that there are no security cameras trained on your PC and keyboard.
- Make sure that the software loaded onto your PC is correctly licensed.
- Never click on links or attachments in unsolicited or suspicious emails as harmful viruses, spyware & trojans could infect your PC.
- Install a personal firewall on your PC.
- Be cautious when using storage devices such as memory sticks and portable hard drives, and if you do make use of them, ensure that they are password protected.
- Don’t send emails that contain personal information, such as your card number and expiry date.
- Install a spam blocker on your system. This will ensure that fraudsters find it difficult to send you phishing emails.
- Keep your operating system and browser patches, and antivirus software up to date on your personal computer/laptop or cell phone, as they include important security enhancements to help detect phishing sites and malware.
- Should you realise that you have responded to a phishing mail, change your internet banking credentials immediately and advise your bank.
LOST & STOLEN CARD FRAUD
Once in possession of an original card and PIN number, fraudsters are able to use the card as if they were the actual card holder. By interrupting or interfering with a bank client whilst he or she is transacting, cards are stolen, swopped, or trapped in the ATM to be retrieved later by the fraudster. PIN numbers are easily acquired by shoulder surfing, which enables a stolen card to be utilised immediately by the fraudster. Fraudsters aim to maximise the reward before the victim even realises what has transpired and can report the card as stolen.
“By covering the PIN when punching the numbers, bank clients will be able to mitigate their risk even if they are the unfortunate victims of card theft” says Kalyani Pillay, CEO of SABRIC. “Bank clients are urged not to accept any assistance or allow anybody to interrupt or interfere with them at ATM’s while transacting”, says Pillay.
For more information you can visit the SABRIC website undefined
BANKS FRAUD LINE CONTACT NUMBERS (OBTAINED FROM BANKS WEBSITES)
ABSA: 0860 557 557 FNB: 0875 759 444
NEDBANK: 0102 173 001 SBSA: 0800 020 600
CAPITEC: 0860 10 20 43