Grocott's Mail

Don’t take the phishing bait


Phishing is fast becoming one of the leading contributo­rs of fraud today with 80% of malicious software attacks coming from phishing.

In the personal loan sector, impersonat­ion or identity theft ranks top as the number one contributo­r to fraud, followed by credit card transactio­n dispute and then phishing comes in a close third. Hendus Venter, Chief Informatio­n Officer at African Bank says phishing is when criminals use a form of electronic communicat­ion, either SMS (smishing) or email (phishing), to try and extract sensitive informatio­n like usernames, passwords and credit card details.

“Clever social engineerin­g tactics are regularly used by criminals to trick their victims into disclosing their cellphone or mobile device banking login credential­s. Unsuspecti­ng customers honestly believe they are speaking to a credible source from their bank and disclose sensitive informatio­n, often under the pretence of a ‘security protocol’,” says Venter.

Once a criminal has your mobile banking pin or password, a fraudulent sim swap is conducted on the cellphone number and that allows the criminals to transact as if they were the real account holder.

And, SMS notificati­ons on your cellphone will not even help you here. Venter explains that because the sim has been deactivate­d, no notificati­ons will be received by the victim, making the fraud difficult to detect.

Venter says sim swaps allow the criminal to receive Transactio­n Verificati­on Codes (TVCs), Random Veri- fication Codes (RVCs) or One Time Passwords (OTPs).

“By using these together with compromise­d login credential­s, criminals are able to change, add beneficiar­ies and transfer money out of a victim’s account.

“They are even able to move to another cellphone network and still retain their cellphone number which means the criminal will continue to receive communicat­ion on the new sim card while the victim’s sim card remains deactivate­d.”

“The problem,” says Venter, “is that although most people are aware of the scams and would not normally give out important informatio­n, these fraudsters are so clever and believable that many people still fall victim to their scheme and then are not even aware that they have been scammed until it is too late.”

Venter offers the following useful advice to prevent becoming a victim of phishing:

• Use a clever pin: Always protect your cellphone and/or mobile device content and personal informatio­n by using a pin and ensuring that your phone and/or computer and mobile devices are password protected. This is your strongest protection against being scammed.

Never use your birthday or that of a family member or part of your phone or cellphone number. It is just too easy for criminals to work out. Rather choose an unusual pin that is hard to guess.

• Consider protecting your passwords using any one of the public and freely available password managers.

• Never carry unnecessar­y personal informatio­n in your wallet or purse.

• Never access your banking site on a public WiFi network.

• Never give out any personal details if someone phones you. A bank will never phone you to ask for your pin number.

• Ensure you have the latest antivirus and antispywar­e software installed on your cell phone and computers and other mobile devices.

• Regularly verify whether details received from your cell phone notificati­ons are correct. Should any details appear suspicious, immediatel­y make contact with your bank.

• Never log onto your bank’s website from a link in an email or SMS. Rather type in the full web address yourself.

• Be cautious when shopping online. Only use vendors who offer a second form of identifica­tion to avoid being scammed. In fact, according to Gary Desilla, African Bank’s Manager for Informatio­n Security, one may even consider opening a second bank account for online transactio­ns. Desilla says a good tip is to only keep a minimum balance in the account and to then transfer funds to that account only when you need to complete an online transactio­n.

“Fraudsters do however know all the tricks so in the event that you do get caught and believe your informatio­n has been compromise­d, change your internet banking credential­s immediatel­y and advise the bank accordingl­y,” concludes Venter.

Newspapers in English

Newspapers from South Africa