Don’t take the phishing bait

Phishing occurs when criminals use a form of electronic communication, either SMS (smishing) or email (phishing), to try and extract sensitive information like usernames, passwords and credit card details. Photo by for illustration purposes only.

Phishing is fast becoming one of the leading contributors to fraud today, with 80 per cent of malicious software attacks coming from phishing, said Hendus Venter, the Chief Information Officer at African Bank.

In the personal loan sector, impersonation or identity theft ranks as the number one contributor to fraud, followed by credit card transaction dispute and then phishing, which comes in a close third.

Hendus says phishing occurs when criminals use a form of electronic communication, either SMS (smishing) or email (phishing), to try and extract sensitive information like usernames, passwords and credit card details.

“Clever social engineering tactics are regularly used by criminals to trick their victims into disclosing their cellphone or mobile device banking login credentials. Unsuspecting customers honestly believe they are speaking to a credible source from their bank and disclose sensitive information, often under the pretence of a ‘security protocol’,” he said. Once a criminal has your mobile banking PIN or password, a fraudulent SIM swop is conducted on the cellphone number and that allows the criminals to transact as if they were the real account holders.

And, having SMS notifications set up to your cellphone will not help you here. Hendus explained that because the SIM has been deactivated, no notifications will be received by the victim, making the fraud difficult to detect.

Hendus went on to say that SIM swops allow the criminal to receive Transaction Verification Codes (TVCs), Random Verification Codes (RVCs) or One Time Passwords (OTPs). “By using these in conjunction with the compromised login credentials, criminals are able to change and add beneficiaries and transfer money out of a victim’s account. They are even able to move to another cellphone network and still retain their cellphone number, which means the criminal will continue to receive communication on the new SIM card while the victim’s SIM card remains deactivated.”

“The problem,” said Hendus, “is that although most people are aware of the scams and would not normally give out important information, these fraudsters are so clever and believable that many people still fall victim to their scheme and then are not even aware that they have been scammed until it is too late.”

Hendus offered the following useful advice to avoid becoming a victim of phishing:

• Use a clever PIN: Always protect your cellphone and/ or mobile device content and personal information by using a PIN and ensuring that your phone and/ or computer and mobile devices are password protected. This is your strongest protection against being scammed. Never use your birthday or that of a family member or part of your phone or cell phone number as a PIN. It is just too easy for criminals to work out. Rather choose an unusual PIN that is hard to guess.

• Consider protecting your passwords using any one of the public and freely available password managers.

• Never carry unnecessary personal information in your wallet or purse.

• Never access your banking site on a public WiFi network.

• Never give out any personal details if someone phones you. A bank will never phone you to ask for your PIN number.

• Ensure you have the latest antivirus and anti-spy software installed on your cellphone and computers and other mobile devices.

• Regularly verify whether details received via your cellphone notifications are correct. Should any details appear suspicious, immediately make contact with your bank.

• Never log onto your bank’s website from a link in an email or SMS. Rather type in the full web address yourself.

• Be cautious when shopping online. Only use vendors who offer a second form of identification to avoid being scammed. In fact, according to Gary Desilla, African Bank’s Manager for Information Security, one may even consider opening a second bank account for online transactions. Desilla says a good tip is to only keep a minimum balance in the account and to then transfer funds to that account only when you need to complete an online transaction.

“Fraudsters do however know all the tricks, so in the event that you do get caught and believe your information has been compromised, change your internet banking credentials immediately and advise the bank accordingly,” concluded Hendus.

Do you perhaps have more information pertaining to this story? Email us at  (please remember to include your contact details in the email) or phone us on 011 693 3671.

For free daily local news on the West Rand, also visit our sister newspaper websites Roodepoort RecordKrugersdorp News and Get It Joburg West Magazine

Remember to visit our Facebook, Twitter and Instagram pages to let your voice be heard!

Latest News