CYBERCRIMEIN AS EMAIL INDUSTRY, COMPROMISEDEVELOPING ZAMBIA TIPS
THIS week, this last we edition, draw we week’s focus towards includes we on edition, contin- the inend ternet ue the Business banking BAZ journey as Email Chairperson we continue through
of our series from the 2020
Code of Ethics and Banking to share the shared Compromise 2020 his Code (BEC) thoughts of Ethics
tips on the various
Practice, we continue with our which schemes and can that be Banking defined criminals as practice, and “a
with topic on us cheques-as on ‘Setting a payment criminal with fraudsters a instrument. specific act use where to focus take criminals advanon Bank
Goals illegally Cheques. tage of Amidst unsuspecting access Uncertainties’, an email members
Issuance of Cheques given As current a cheque book era account of the account of By the definition, the public and communicate and defraud a Cheque them as re-
holder, you are advised not global if fers of they their to are COVID-19 to a hard-earned issue negotiable the a user”. cheque pandemic. instrument monies. or payment
He that also They contains instruction touched do this an on by on an uncondition- stealing insufficiently ‘Business
Continuity account al order holders’ to Plans’, the usernames bank as to pay way a
These funded fraudsters account. work When you issue towards or accessing cause to be issued your online a cheque of and certain forging passwords sum ahead mentioned through in the in new the
on an insufficiently funded phishing instrument, facilities account or to other steal from you your means, are the liable money drawer’s to for criminal and
BUSINESS normal. will use various tactics to access facility granted to the customer and 1. The bank will not pay over customer for collection or clearing in safe places to avoid theft of
BANKING trick account, users proceedings to into the disclosing person under the their whom National fraudsters submit to such access plays a customer’s your an integral online name role to in the the compromised de- the counter and Exchange cheque(s) information Commission. issued fraudster’s is lost or damaged, account. the customer The Association also cheque works leaves to ensure that the bank-
TRANSFORMING details. your The confidential important Payments Systems information. role played Act No. 1 by of 2007. as your agent only. This and any ly immediately, returned, your will bank save is it enti- for eventually replace many ‘tradi- it is issued, They or then to the utilise order the of the banking velopment the Credit profile Reference illegally. of commerce Agency. Once and In industry in by a customer BAZ they is of a a mouthpiece third party. of the banking will have sector to approach and is the ing issuer industry of views are • Report put forward the loss when of your government cheque
Section in the use 33(1) country’s tactics of the like 2007 econ- National other addition, responsibilities the bank reserves are the pre- right tled tional’ book bank to the crimes bank immediately as it tran- you finances compromised a later to date Customers debit and your do are a therefore SIM account, swap or specified Criminals person information or the bearer. to they have
any economic viewed your dispensation. profile and In this regard, the cheque or instrument to stop the
Payments Systems Act, states as scribed mandated to address various matters of common in- determines policy or legislation. Many areas of law and phishing and the not the find that to close by there law. such is money a customer’s to be account accollect to gain encouraged control the amount over to the persuade due victim’s from the payment Through (if it fraudulent has not already SIM been scends • notice Ensure time it is that missing and the physical device you prox- omy access installation be user’s over opens email em- of an
When can follows and thus a customer use banks play an important role in the creation of new dustry interest through lobbying, advocacy and poli- including international law impact upon the interests malware onto a victim’s device b). and The take bank other on steps whom as provided the for in you if payee your of account the cheque has to deposit been paid out) and issue a replacement • When due writing to its on virtual the cheque, nature. do cessed, (or the they applicable capital will formation) commit terms and fraud in conditions. a country on communications and thus such cy cheques influence. when into the their The OTP account Association is aims cheque at facilitating or instrument. the If the of commercial customer banks not in Zambia. leave blank or open spaces on
swaps, criminals can take control imity use for internet or mobile phasised. account. account Now, with more cheque than access, ever, capital
to steal the “personal Any person informawho wilfully, cheques your internet are banking drawn acts account. as the closed. generated This during applies the irrespective fraudulent of their victim’s mobile number In device addition, banking the has convenience the latest the and socio-economic on request, the effects bank will of help the The economic bank may growth offer such process. a customer The banking sys- industrial and innovation growth provides of the sector, the bank as well with relevant For details example, issues the of payee micro and and amount fiscal policies lines and tion necessary dishonestly to access or with their intent to the not bank pay over may of the drawer of ‘lost’ cheque and version • anonymity Always
Paying Prior alternative Bank to launching and (Drawee appropriate a phishing Bank). products of transaction. the 2. fact The that bank will them to the of draw antivirus two of lines the and internet across anthe Indications COVID-19 defraud of pandemic a issues possible a cheque have on an aimed Signs spammers. to look out for separate that it is make people requested with easy by whom the you invest In to provide the customer with gen- tem facilitates the intermediation of internal and as building and sustaining good-will enabling and public con- receive financial SMS’s sector reform affect the trading environment online banking profile. They also The attack, responsibilities and criminals at services upscaling which collect of do email the not public require Pay- ada have, their passwords at investment, the its counter discretion, for to each a not customer given account only the you get the bank may assist Use to a arrange a all cancelled it cheques for criminal. criminals or simply left compromised eral descriptive businesses, insufficiently information email communities funded account or awareness • Depending on fraud on the and extent cyber-
on; international trade. fidence in the commercial banking sent by sector. the bank One of to the client. for banks in Zambia tispyware and the Association software installed consults its conduct fraudulent SIM swaps ing chequebook. are also prescribed by replacement email Rich address Quick of the for cheque. scam” the internet perpetrate - other DO destroy cases, YOUR them these victims HOMEWORK crimes. are guided These
dresses Bank to which they send their value nothing, - one or proceeds that but allowed is also at of least the stand you cheque six to to issued draw lose a “Get causes to be issued a cheque The history When the of bank the needs banking to inform sector its in Zambia These is through include engagement Transaction members to form industry from a reputable position on vendor. many such is-
by another ways this customer mandate of the is same realised • Always record the amount drawn and address to ensure individuals to include: that be the drawn negatively One on Time that account im- crimes law. to which attacks INVESTING purporting include YOUR unau- to
spam phishing in the your financial mails. account services was against most, characters if this not cheque. all long, the and money is they which • It claims is not linked to pay to out your dou- digital BEFORE by the criminal, dates as customer far back that as 1906, one of when their cheques the first commercial Clicking bank. with on In order an critical unsolicited to protect Government the agencies Verification Stopping and ministries of Codes Payment (TVC), as Instructions sues. With the active Robust on cheque participation solutions folio of should the member iden1.) Password The time and (OTP), which generally sent cheque by the taken when bank it is pacted. The outbreak of the sector, abused, c). They When with also you ensure a may you specific that have deposit they to focus a or Cheques icon bank-Standard has been Chartered returned or Bank other was items established, are initially link a f). combination with invested. well as other of This letters, critical type stakeholders of ble-digit personal in the Zambian returns. or business econ- banks, email the Bankers MONEY. be Association a technical of Zambia support works engineer to fos-
interests could of the payable/drawn also bank, result customers in a Random Normally, Verification once a customer Number has thorised tify • Never malware endorse access and a cheque to prompt devices, until you for clearing presented a transaction, about a cheque; spam is sent unpaid, the bank will do so within abroad issued account. payment instructions to identity requested and online bank
for payments is pandemic to • authorise Complaints vis-à-vis living in the cheque have contact the control Commercial drawn all over email other from recipients bank Banking another fraud victim’s numbers is are computer are perpetrated advised and subject capitals/ to being deposit to when infected different such an (RVN), • It claims PINs or to One be an Time opportu- • to you Consult delete are theft ready it. to an follow to unbiased cash several or deposit third
How dishonoured, and when a commits cheque an offence it on first branch opened in Kalomo District of Southern omy. ter an environment in which financial services are val- 2.) to being a SIM sent accounts who a were your reasonable into spammed bank which timeframe, will they by give can with pay you an laws with lowercase. malware. or Passwords information steps to “fix” something
cheques rules. into However, their own account where their bank, it is expected that such it. The information theft. can Even be on bank, altered more if card and from is also under liable your gave their on conviction email rise control. to to nity of a lifetime. (OTPs). Using new normal Province. a space. ued these and can prosper. party- In communicating like an unconnected the industry’s
may be stopped; assurance In the last of 114 ultimate years confidentiality of the existence ‘investor’ and oper- lures their victim by a transaction will not be stopped lost or stolen. address. fine not exceeding one hundred value the your proceeds of hacked this of mailbox deposit crime. to your such The cheques malware are (malicious returned in codes • Do concerning, their • Do computer. not do is your its The banking potential victim then on to a
or cancelled. together not use However, with public compromised in cases the use How of ation This of and the week, commercial privacy. we begin banking by sector dis- in Zambia, guaranteeing the 3. Cheques HOW high payable WE profits WORK to juristic that views, the Association broker • Check works or your licensed with bank Government, statements financial the thousand and a cheque reliance penalty may on units be dig- or account advise • You cannot understand
They At the them arrange as customer’s per that a Zambia fraudulent these specific Elec- request, accordance software) • Using person(s) used a secure with in shall internet the only device, rules be bankcredited ap- to country currently has 18 registered commercial banks. The Bankers Association of login Zambia of computers warranting credentials, works circumstances, to with check the its fraudsters regulators, email; the other infiltrate unwittingly industry public often associations, for or networks, any installs unfamiliar suspicious malware, the resulting community, computer in ital They technologies made often imprisonment out use to reduce phishing for for business a the term to not advisor transactions data sends before breaches. their on investing. your personal account or
promise in a named the little your country juristic email or no person(s) and where financial then account the how customer there it generates is may virtually stop money. or no cancel way such cussing tronic communications the Clearing bank Ponzi will be House and able were to Pyramid (ZECH) provide not images plying log into
• Emails are not being website
Taking into that account resembles the critical the real role played ing by fraud, the is members software to designed provide analysis, advice can change, and advocacy add beneficiaries, and community groups mass which found at libraries, internet exceeding unauthorised two years, alter- or both.” and the media. continuity. trick risk you of into disclosing your perSchemes of cheques issued by the customer transactions. • It • Ensure there is segregation of received. or website legitimate. Foreign of the Currency company from Clearing cheque risk. to check gather is if and any drawn, send of the sensitive your settings bank is and to transfer know is not if money they a registered have out of been the prod- confidential cafes and hotels. information back to
sector in (could the provision be at a fee of to banking be decided services by all Lost sec- or contributes to the development of In such public cases, policy the on bank will Some process of the initiatives accounts that responsibilities the Bankers Association and/ sonal Technological ation; information to Damaged instances debit your Payment the account, inves-
When a cheque advancements like is usernames, issued and is House whom MODUS the (FCCR) phishing OPERANDI rules. emails At its sole entitled information have In most been to changed. a predetermined This
tors of victim’s uct, accidentally or a account. product infected offered with by an TIPS the criminal. - MOBILE DEVICES AND The the economy bank), and the provide existing the banks original in the country Instruments banking and other financial services. the stop or cancelled payment of Zambia is working or on duties in collaboration especially preparing with the Bank of are subsequently dishonour credit at improving card returned of details unpaid the for discretion, purports • These Set the vague under amount that control about due of from na- TABLETS •
4.) passwords, cheques up to several schemes the come the bank customer and email may host generally issued it deter- on , but a the or tor destination could collect will
• Missing aimed emails. All banks be indicate (locally and your internationally) the payments Avoid using and reconciliations Wi-Fi hotspots,
realised the importance of establishing an umbrella The Bankers Association of authorised Zambia instructions malware These works criminal or immediately to financial have ensure elements had upon of services Zambia receipt are and other key stakeholders include the fol- and mobile cheques, lack of phone funds, including numbers. the bank will They submit provision if funds of may the original cheque issued work if your on the principle that if a customer of the instructions and take appropriate DEVICE • Always AND verify SOFTWARE that the cheque quality mine vulnerable addresses. the website. criteria Use your be of accessed original either a you ture fraudsters. email of the account investment account has been is but closed. will also provider. keylogging known to port spyware their victim’s installed and The ensure promoter your own promises wireless such of life a customer’s for people name across to the body meet that would effectively represent the interests of TIPS
that the banking system can continue to deliver the lowing: - sometimes post-dated also request and stale your OTP may the then not value always ensure date be feasible. that and all be- This You hands applies could over so be ensure that if any cell action intentionally. phone provided number the fraudulently cheque(s) or other
before irrespective a cheque tricked to into them of infor the MANAGEMENT network has cleared is encrypted with the bank before before the • globe Receiving Credit and Reference large evidence numbers Agency. is there Where the traditional email sector. They address Ponzi for or personal Pyramid benefits of of return. These competition to Zambian • Returns banking custom- or profits earned
If within a reasonable period after stress hacked, the rate that will cheques; collection/ clearing, they act as the native instruments method like Direct for Debit obtaining or RTGS high • Keep returns, your which software could up to not customer be sent persistently to your mobile (three times fore communication the business bank receives this communication background the value. that in 2008, of the the settings ers. have been received through fact fecting that your the computer bank may with have, malat ·
releasing goods you have sold before doing a fraudulent -Promoting been SIM shared Secure date, digital using payments the smartphone channels latest security through by
performing any banking
It or was the against entry has been made, there is a agent to collect the finds from the and other have not already to 5.) phone of indicate undeliverable the positive or bounce impact Both schemes see re- hype their high-level are dependent from drawer on of recruiting cheque. be
The when within implications 12 transacting. months) issues of They issu- cheques scheme.
However, should the bank not its investors discretion, given you value funds enabling achieved the through lock screen normal and Bankers this as website you’d dispute Association normally with is relayed the of bank Zambia do to about and an email (BAZ) a cheque was ware altered, formal- cheque through that issuer’s clicking you bank. delete on As a such, link these and or swop. processed. SOCIAL ENGINEERING As available.
transactions always, be sure on to your join us private next technological do messages for innovations emails you have did this ing which by a sending cheque as subsequently emails which that is returned sub- turns receive address paid generated under the from value a their customer’s for for control. earlier any account, Once rea- in- the or financial an allowed attachment given the connections; you complexities in to an draw email of the a against as cheque well fact For more Mobile example, members Number you to may Portability the scheme. wish the conventional week security patches computer. as we finalise function, Prevent investment on the 2020 Code
illegal be it a softpat- op-
not send. unpaid for lack of funds, after
ly registered. use an alternative Prior to the email establishment of BAZ, immediately. the MODUS OPERANDI had. look sequently like However, they come dishonoured; the from advance- trusted vestors son, a victim the bank through responds bank will provide reserves to revenue the image the phishing right paid of the clearing they accessing system, are privy the a bank fake to cannot inside webperson (MNP) • Fraud If it gives paying sounds Prevention mobile you too Tips phone to good instruct users to be of tern Ethics ware password from and Banking being or downloaded Practice. a fingerprint short pe- exhausting the permissible occasions Association address to communicate with Social engineering exploits
operated informally the the that as chairing through cheque. portunities, within cheque as proof of the instruction to accept responsibility for the loss, or Cheque bank Security to transfer Tips ment sources and in of such returning technology as banks cheques or has as legitiprescribed also to by email reverse new by investors, clicking the credit on the rather and link where than and their the true, ability it is most to move likely to another a the scam. mon- • Ensure that you have the • Not being able to log into bank your in pay. a service provider, since theft of the you cheque have in changed the system. human • Never psychology sign blank and cheques is a or Please latest share anti-virus your comments software and particular year, offering all related information site • g). secre- Once purporting It is to through inevitable sell you softsocial that riod. screen on your lock. computer by creating
ey mobile • directly, Be network skeptical by electronic and of still any retain invest- means Where • administrative In some possible, cases, rights. the do not promot- save mate The companies. the importance Regulators effects-fraudsters These of emails safe- had 6.) negative (The Central Bank), the appropriate, “logging legitimate in”, the adjust sensitive investments associated inforConsequently, to tarial from many now ask for a different thoughts with us installed on your services, as well as coordinating all activities cheques engineering ware the settings, techniques create payable/drawn a new and applications via Email: Mirriam.
of fight malware. if a cheque Criminals or other pre-sign cheques entice your email the bank recipient will, account. withdraw to respond the cheque-book by form of manipulation used by
guarding the cheque as a mation is thereon. relayed to them. deploy malware take designed to into their you mobile • Always account. number keep cheque (MSISDN). books Zimba@baz.co.zm any sensitive personal in- have ceased opportunity interest membership. business Encashment for activities. added protection. At the will and guarantee add your computer. will use fake qualifications the or address overtime payment they
The of Association’s A Third-Party charge Cheques for role has abroad that password, instrument longer deposited to clear, the by in the ment’s criminals insistence to gain personal that you or act er clicking payment on a link. instrument. When clicking
evolved processing Sometimes to include unpaid they the promotion use cheque(s) this inforof efficiencies, some harvest cases in- banking cheques credentials. may be re- In Fraud this scenario, Prevention the victim’s Tips SIM formation • Be suspicious or bank if you receive account and on • Seeing the are link, working unknown a victim around is emails diverted in the point Then, where use yet there another are email more investment. secondary To email close account the deal, as NOW. confidential information from an or references to entice inves-
novations may mation apply. and immediately industry growth to access and the positioning turned These mem- malicious unpaid programs after a number relay card is deactivated, and the frauddetails lots of spam on email your or electronic SMS clock to your a fraudulent to Sent defraud Items website unsuspecting folder. (spoof your
Collecting Cheques existing victim’s address investors for registering and can than trigger new they
the keys often alternative typed come to the up address. criminals with pho- unsuspecting • Be careful victim. of investments Criminals ber-banks d). Locally to profile continue drawn supporting cheques both private of years. sector If in doubt you should ster receives CYBER communication CRIME for tors devices. • Do for not example, give control an ‘attorney’ of your
messages. It could indicate members site) TIPS under of the the control public of of the their MODUS OPERANDI · with computer a). When you deposit investors, are an for subject websites, the to scheme newsletters, ZECH and collaps- FCC and Government OTP to be sent economic to the agendas victim’s enshrined first ny who in statistics, talk then the to decipher your misrepresenting bank bank before related ac- the that know new guarantee that SIM the card weakest you issued high link by profits the in the
Think that ‘many your before computer to years’ a you third experience download or party cell who hard-earned cheques fraudsters, • Make sure into and monies. your any your information device account, online and all shopping monies invested, other are country’s es Rules. mobile National phone. The Development spoof and Policies. website cepting and usernames • Never stressing cheques list your the drawn main uniqueness abroad. email and passwords. The second with security little chain or no is financial a human and risk.
Cybercrime mobile network is socio-tech- operator, in apps call the phone stock you to has your unexpectedly. market. been mobile infected. or tablet your entered For (laptop, bank the mobile next acts as few phone, the weeks, Collecting tablet) we lost. will on this page, for example, services. In this way, the risk address publicly anywhere will pose as technical support
BAZ e). then People aims When prompt at the participating who the cheque(s) were victim expect- at to the de- highest In of compromised level certain their of offer. circumstances information is it may then nical enabling • Exercise problem them to which due receive diligence is increas- a victims in • devices: Often high returns are paid your has banking the most Collecting username up-to-date Bank and acts at an alarming rate · will Bank. focus The on a series of articles submit of a possible the OTP. compromise The criminal is will decision ing posited to making make by you in a are good the subsequent- country return through on the be used online to access - in forums, the victim’s in online online
TIPS contin- preferable to use an alter- ing Transaction selecting engineer, or investments Verification bank staff, Codes and and will the
initially Do • Beware Do not not and bypass of rely then fake on built-in anti-virus investors call line secu- are passwords Operating or System cell phone updates numbers,
ued then spread. engagement use the OTP with to the move three funds primary regulators banking advertisements, of profile unlawfully, on blogs, and (TVC), exploit Random the victim’s Verification inclination to identification software that is (CID) offered alone at no is and sent antivirus/malware to criminal elements.
the fraudulently. financial services sector-the Bank of Zambia, should social the there media be funds or any available, place Number trust. The (RVN,) victim PIN then or willingly One to charge, authenticate as it could a caller. contain software. The information harvested in • If Use they different are not and ready strong to use
Pensions and Insurance Authority and the these Securities where are it transferred can be harvested into the by Time divulges Passwords any information (OTPs). malware.
this manner is then used by the
3.) PHISHING MALWARE SIM SWAP HOW TO SPOT A PONZI SCHEME
lured rity Criminals into measures investing spoof CID even more money. your • numbers. Do not device. use They unknown may appear devices,
-Developing Only such to be as download calling accessible USB flash from and mobile drives a affordable legitimate on apps financial
• They often promise guar- from your company system, secured or as a local they and may number, trusted ucts anteed and services returns to support –no return the National is Inclusion sources. transfer even Strategy when malware they are unknownot in the ever ingly. same guaranteed; country as you. All invest-
Read the access require- ments ments carry before some you risk. accept the
-Promotion of Financial Literacy programs groups software • Promoters Avoid Never downloading provide installation are usually your pirated quite (an- secretive droid software password, permissions) about as it credit may the actual card contain of or busi- new
malware. other model. financial information
-Fraud ness apps. Prevention and Security awareness
Install to The someone promoter mobile who security becomes calls and and un- -Leadership antivirus • claims Memorise to be software your from PIN any and from tech- a
in the development of policy available passwords and and returns never write dry up. tion. trusted support. security vendor.
them • Usually, down or the share scheme them, not col-
· Disable the “Sharing” func- lapses even soon with a thereafter. bank official. tion • If you on your are concerned mobile device about if not your Bankers needed. computer, Association call a of reputed Zambia
· HOW • Make TO sure software SPOT your PIN A company Pyramid and through Enable security a committee the settings of Chief to Executive re-
passwords cannot be seen commercial SCHEME motely directly banks and locate ask which and for meets help. restore monthly
when you enter them. matters factory • affecting The defaults promoter the banking on promises sector. your The Association high electronic Never returns respond devices. over to a short emails pe-
are coordinated through the
• If you think your PIN and/or
· who riod Keep report appearing your to mobile be from increase your device
to the Executive committee. The password and has returns been compro
Committee and bank antivirus that is elected request every software your year at up the to Annual
with mised, the change number it of immediately people that
Meeting date personal and with is made details. the up latest of: No security bank will you either recruit online to the or at scheme. your nearest
The patches. ever Chairperson, ask you to Deputy confirm Chairperson, or
branch.
• A fee member or the initial and data account on investment your details de-
Executive Encrypt update your the BAZ CEO who is The vice required via Bankers email where to Association possible. participate of Zambia in the Secretariat
• Choose an unusual PIN and
currently led by Chief Executive Officer who
scheme. On password a secure that PC, are log hard into to your
ed by the Public Relations & Administrative
email guess • Do Participants not and click change then on check are them links asked often. or if any to
and a Research and Communications Officer. recruit of icons the more on settings unsolicited investors have email. and been re-
The Chief Executive Officer with support
changed • For your for by bringing security a hacker. you them only If any into management warded team, play a crucial role in of have • scheme. Never the settings provide have your been online al-
three attempts to enter
BAZ’s the responsibility to improve public awareness
tered, your ID, password, PIN delete and password these or PIN new to corset- understanding tings. • The scheme of the industry’s has multiple contribution
rectly anyone. before you are denied
country’s economy and communities, with
· levels Once of you members, have changed all collect- the
access to your services.
emphasis on consultation with stakeholders. ing settings, • Change commission create your PIN a on new and a single pass-
Having discussed in brief the background transaction. word, • passwords and add frequently. your second-
Register for your bank’s cell
please look out for a two series column on
ary phone e-mail notification account service as your and
lating to individual financial awareness as receive electronic address be messages sure transaction to join alternative As • Place always, sensible
joins the rest of the world in commemorating
As relating always, to activities be sure to or transjoin us
Financial us limits next Literacy on week Week. accounts. as we contin- next actions week on as your we accounts continue as to
Contact address ue and with when the they next occur. edition to share As always, Bankers more Association details be sure on to cheques join us
of Zambia as enhance a payment your knowledge
next week as we continue
3rd Floor, Citibank instrument. House
Please on As always, fraud share be awareness. sure your to comments join Please us
with the next edition to
Stand 4646, Elunda 3 next and share thoughts week your as we with comments bring us via you Email: anand
enhance your knowledge
Addis Ababa Roundabout other Mirriam.Zimba@baz.co.zm thoughts exciting with topic us on via banking Email: or
P.O. Box 34180
on fraud. Please share your matters. bazsecretariat@baz.co.zm Please share your Mirriam.Zimba@baz.co.zm Lusaka, Zambia comments and and thoughts thoughts with with
Tel: +260 211 234208/55 us via via Email: Email: Mirriam.Zimba@ Mirriam.Zimba@
Fax: +206 211 233046
baz.co.zm
E-mail: bazsecretariat@baz.co.zm
HOW WE ARE GOVERNED The