The rate of scams has increased in South Africa so is online shopping, online banking, and contactless payment. Phishing attacks, malware attacks, and online fraud have increased significantly in 2023.
The South African Banking Risk Information Centre (SABRIC) urges bank customers to make a conscious decision to institute good habits to avoid becoming victims of Phishing, Vishing and SMishing scams. SABRIC has seen an increase in banking scams this year with social engineering scams becoming a great concern.
According to Interpol “Social engineering fraud is a broad term that refers to the scams used by criminals to exploit a person’s trust in order to obtain money directly or obtain confidential information to enable a subsequent crime. Social media is the preferred channel but it is not unusual for contact to be made by telephone or in person.”
Phishing is when an email request the user to click on a link in the email which then directs them to a “spoofed” website, designed to fool users into thinking that it is a legitimate attempt to obtain, verify or update contact details or other sensitive financial information. The spoofed website will look almost exactly like that of a legitimate or a well-known financial institution. Phishing emails, which are a form of spam emails, are typically sent in large numbers to consumer email accounts.
Vishing is when a fraudster phones their victim posing as a bank official or service provider and uses social engineering tactics to manipulate them into disclosing confidential information, while at the same time leading them to believe that they are speaking to the bank or service provider. This information is then used to defraud the victim.
SMishing, short for “SMS phishing” is like Phishing, except that a user is tricked into downloading malware onto their mobile device which is then used to fraudulently obtain sensitive information by sending out text messages asking users to call a number or click on a link. Phishing, Vishing and SMishing are all methods of deceitfully obtaining personal information such as passwords, ID numbers and bank card details by tricking clients into believing that they are from trusted sources, such as banks or legitimate companies.
According to Standard Bank, one must take note of: It could be a scam if…
- What you are offered or promised sounds too good to be true
- The offer takes you by surprise, or the prize relates to a competition you never entered
- You’re given limited time to confirm your details or win the prize, catching you off guard
- You receive the information via a free email address (like Hotmail, Aim, Yahoo or Gmail)
- You are promised large sums of money for very little or no effort on your part
- You’re asked to provide money upfront, for whatever reason, to receive the money or prize
- You’re asked to confirm personal or account details via a hyperlink, icon or attachment in an email or over the phone
To be on the lookout and avoid being scammed SAPS/SABRIC’s advice to you:
- Do not click on links or icons in unsolicited emails.
- Never reply to these emails. Delete them immediately.
- Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm.
- Always type in the URL (uniform resource locator) or domain name for your bank in the address bar of your internet browser if you need to access your bank’s website.
- Check that you are on your banks genuine website before inputting any personal information.
- Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to see that the URL begins with https rather than http.
- Check for a closed green padlock next to the URL of the website. A green padlock shows that your connection with the website is secured and encrypted.
- If you think that you might have been compromised, contact your bank immediately.
- Create complicated passwords that are not easy to decipher and change them often.
- Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
- If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.
