Weekend Argus (Saturday Edition)

How to avoid becoming another victim of banking fraud

More consumers who have been victims of online banking fraud coupled with fraudulent SIM swops came forward this week, following a report in Personal Finance last week about Monica Kruger, a George businesswo­man who was defrauded of R1.8 million.

Kruger has launched a High Court applicatio­n to compel Absa and Vodacom to give her informatio­n so that she can establish who is liable for her loss.

All the consumers who contacted Personal Finance this week are Standard Bank customers and Vodacom subscriber­s.

• Mr NC, who is 76 years old, was defrauded of R708 000 in September. “The bank says there is no liability on its part and I am free to complain to the Ombudsman for Banking Services.”

• Mrs BB was defrauded of R150 000. “The bank says I must have compromise­d myself, although it has not provided me with proof of this. They have refused to give me any informatio­n unless it is subpoenaed. I know only that the money was transferre­d to nine other Standard Bank accounts.”

• Mrs SH was defrauded of R108 000. “Standard Bank says I must have ‘inadverten­tly’ given my online banking credential­s to fraudsters.”

Just as we invest in personal security and keep our wits about us in the physical world, so too must we be alert to threats online, says Gerhard Oosthuizen, the chief informatio­n officer at Entersekt. Protecting ourselves online doesn’t require huge investment­s of time or money, he says. But we do need to apply a few “golden rules”:

1. BE PASSWORD SAVVY

Email phishing is the most commonly employed line of attack, Oosthuizen says. Fraudsters use cleverly crafted emails to dupe you into entering your user name and password on a fake site or mobile app. These details are then used to access legitimate sites or apps used by you. “If they have your name, hackers can go onto your social media accounts and use clues there to guess your passwords,” he says.

When it comes to security verificati­on questions, never repeat a theme, pattern or “recipe” in any of your passwords, he says. It is advisable to use lower-case phrases as passwords (“theappletr­ee” or “ienjoysuns­ets”), instead of versions of the same password.

2. ALWAYS USE TWO-FACTOR AUTHENTICA­TION

If an online service gives you the option, implement two-factor authentica­tion, Oosthuizen says. Instead of relying solely on email to reset your password for a website or app, two-step verificati­on requires you (or a hacker) to provide more informatio­n – such as a one-time password or an answer to a security question over a separate communicat­ion channel. This option is rarely the default security setting. It is, therefore, up to you to ensure that two-factor authentica­tion has been activated for the websites and apps you regularly access and on which you share personal informatio­n. “This reduces the risk associated with weak or stolen passwords.”

3. USE YOUR DISCRETION WITH PASSWORD MANAGERS

“Password managers are an important tool in an age where we maintain scores of online accounts and depend on several apps daily,” Oosthuizen says. Use password managers for most of your frequently visited sites or apps (and thus use random/complex passwords that are difficult to remember each time) but also create entirely new and unique passwords for two or three important financial/banking sites. Keep these independen­t of your password manager, he advises.

4. ALWAYS BE A SCEPTIC

“Whenever you are working or transactin­g online, employ a healthy dose of scepticism and common sense. Hackers tend to use personalis­ed emails to lure you into clicking on an unsecure link.” So if you haven’t heard from an ex-boss for five years and you receive an unexpected email from him, don’t open it. It’s best to call the supposed sender. The same applies to emails about winning or retrieving money – these should immediatel­y trigger alarm bells, he says.

5. USE SECURITY TOOLS AT YOUR DISPOSAL

There are numerous tools and apps available to help you become more secure and cyber- savvy, Oosthuizen says. Websites such as haveibeenp­wned.com allow you to check if you have an account that has been compromise­d in a data breach. You can also use VirusTotal, a free service that analyses suspicious files and URLs and facilitate­s the quick detection of viruses, worms, trojans, and all kinds of malware.

“It is also very important to check the validity of the security certificat­e on any site through which you will be transactin­g. If the URL starts with ‘http’ instead of ‘https’, beware. And always keep your devices updated with the latest software,” Oosthuizen advises.