Fraud and Scams Continue to Rise, Protect Yourselves!

by | Sep 2, 2024

“Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by Banks are very robust, so it is easier to target people, as they are the weakest link.” says Kalyani Pillay, SABRIC CEO. She goes on to say that criminals are very skilled at using social engineering to manipulate their victims into divulging their personal or confidential information. They capitalize on the fact that not all digital banking clients are digitally literate and exploit this vulnerability. Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols.

In most cases, clients are still compromised because of phishing, vishing, or the installation of malware onto a victim’s device by having them click on a link, enabling the criminal to steal sufficient personal information to access their online banking profile. SABRIC urges consumers not to click on links or icons in unsolicited emails or SMSs.

Although phishing scams are not new, criminals are always finding new ways to trick consumers by taking advantage of the slickness, convenience, and efficiency of digital platforms. In one such modus operandi, the criminal sends the victim an email that purports to be from a trusted organization that the victim has legitimate dealings with. The email will display all the characteristics of customer centricity and promise to “optimize” the victim’s user experience or exclusively upgrade their benefits if they click on the link provided.
In another modus operandi, the criminal plays on the victim’s fear, and sends them an email that appears to be from their Bank, stating that a fraudulent transaction has been made. The victim is then given the opportunity to report the “fraud” by clicking on a link, and in their state of panic, does so. When clicking on links in these phishing emails, the victim is diverted to a fraudulent website under the control of the criminal, and any information entered on this page, such as a banking profile username or password is sent to the criminal. Once they have viewed your profile, and find that there is money to be accessed, they will commit fraud on your internet banking account.

Examples of recent scams:

SARS Impersonators: The SA Revenue Service is known for its relentless efforts to make sure citizens pay taxes due. It is therefore understandable that people immediately panic when they receive a message (email or SMS) that their taxes are outstanding or overdue, and that legal processes will follow, or they need to pay a lower amount than they had anticipated, and a bogus account number is provided for this. Recently there have been cases of emails or SMS’s stating there is a tax refund due to you; it then directs you to open an attachment or link to verify your bank account details to authorize the so-called refund.

Amounts due to collect a parcel: South Africa’s e-commerce sector is growing rapidly, reaching a record R71Billion in sales value in 2023, according to a new report. This represents 29% growth which means that online retail now represents 6% of the total retail sector, generating R1.1Trillion in sales last year. With the huge volume of online purchases, chances are good that you are in fact expecting a shipment. Consumers are spammed with messages that a small amount is due before the parcel can be delivered or collected. This may seem legitimate, especially if you are unaware which courier company will deliver your parcel.

It is important to be aware of the various ways that fraudsters use to scam people:

Phishing, Vishing and Smishing: Phishing is preferred by cyber criminals, and they cast their lines out daily. Whether it is a direct message on social media platforms; an email or smishing (an SMS purportedly from your bank or financial services provider). When you open the link or document it automatically installs malware (malicious software) on your device.

  • Do not click on links or icons in unsolicited emails.
  • Never reply to these emails. Delete them immediately.
  • Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm.
  • If you think that you might have been compromised, contact your bank immediately.
  • Create complicated passwords that are not easy to decipher and change them often.
  • Banks will never ask you to confirm your confidential information over the phone.
  • If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
  • If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.

SIM Swops: The scammer claims to be calling from your mobile service providers fraud department informing you that someone is trying to do a SIM swap on your phone. To stop the alleged fraud, you are requested to answer security questions and, in this way, they gain access not information enabling them to hack your phone and steal your identity.

  • If reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately.
  • Inform your bank should your cell phone number change, so that your cell phone notification contact number is updated on their systems.
  • Make sure your PIN and passwords cannot be seen when you enter them.
  • If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.
  • Choose an unusual PIN and password that are hard to guess and change them often.

Change of Bank Details Scam: Businesses receive notification from their suppliers that their bank details have been changed and payments are to be directed to the new bank account.

  • Maintain a good relationship with existing suppliers and know your contacts whom you should be able to liaise with.
  • Ensure that you confirm any change of banking details with someone you usually deal with at the organization before making any changes to beneficiary accounts. When calling the organization to confirm the changes to banking details, use a number from the telephone directory and not the number on the letterhead or email as you will most likely be calling the fraudster.
  • Instruct staff responsible for paying invoices to scrutinize invoices for irregularities and escalating suspicions to a known contact.
  • It is essential to make sure that you are certain of the identity of the person your business is always dealing with. Consider setting up designated ‘Single Point of Contact’ with companies to which you make regular payments.
  • Ensure that your company’s private information is not disclosed to third parties who are not entitled to receive it, or third parties whose identities cannot be rightfully verified.
  • Rather shred your business and suppliers’ invoices or any communication material that may contain letterheads, than to discard in rubbish bins.

Email Hacking: You receive a message that looks like a legitimate message from your bank, insurer or wealth manager. You are lured by a transaction request, such as password expiring and the process leads you to a website that will look exactly like your online banking site, promoting you to log in. The cyber criminal then has access to your actual online banking and profile

  • Make sure your PC has the most up-to-date OS updates and antivirus/malware software.
  • Depending on the extent to which your account was abused, you may have to contact all email recipients who were spammed by your hacked mailbox to advise them that these communications were not legitimate.
  • Set up several email addresses. Use your original email address for personal or business communication as you’d normally do and use an alternative email address to communicate with your service provider.
  • Don’t use public computers to check email; there’s virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.

Fraudsters are sophisticated and use personal behavior patterns to scam people. Elderly people are particularly vulnerable to scams and fraud as the younger generation have grown up with and use technology more than the older generation.

What are the Financial Institutions doing to help citizens targeted by Cyber crime?

SABRIC is a NPF company formed by South African banks to support the banking industry in the combating of crime. SABRIC’s clients are South African banks and major CIT companies. Its principal business is to detect, prevent and reduce organized crime in the banking industry through effective public private partnerships. SABRIC co-ordinates inter-bank activities aimed at addressing organized bank related financial crime, violent crime and cybercrime, and acts as a nodal point between the banking industry and others, in respect of issues relating to these crimes. The creation of public awareness of various bank related crimes and educating the public on how to protect themselves is one of SABRIC’s key focus areas. For more on SABRIC visit www.sabric.co.za

 2024 https://www.sabric.co.za

Information Manual