Clients are compromised because of phishing, vishing or the installation of malware on a device
Technology coupled with social engineering enables criminals to gather sufficient information to impersonate victims, bypassing bank security protocols.
“In most cases, clients are still compromised because of phishing, vishing (voice phishing) or the installation of malware on a victim’s device by having them click on a link, enabling the criminal to steal sufficient personal information to access their online banking profile,” she said.
Sabric urged consumers not to click on links or icons in unsolicited emails or SMSes.
Another modus operandi was to send victims an email that appeared to be from their bank, stating that a fraudulent transaction had been made.
The victim is given an opportunity to report the “fraud” by clicking on a link that diverts to a fraudulent website under the control of the criminal.
Meanwhile, a vulnerability assessment conducted by AVeS Cyber Security found that employees’ social media profiles can put company data at risk.
AVeS Cyber Security chief executive Charl Ueckermann said: “Employees, their social media profiles and the devices they use to access a company’s network and resources provide a plethora of gateways into the infrastructure for cyber criminals.
“Organisations should take care to not focus purely on traditional defences. Attackers will quickly change their strategy from trying to bypass a strong perimeter defence to attacking the human element.”
Ueckermann said data breaches could result in identity theft or a violation of government or industry compliance regulations, and cause a business to face fines or other civil or criminal prosecutions.