This week is International Fraud Awareness Week. With the global spotlight on fraud from 17 to 23 November, statistics show that South Africa has not been immune.
The South African Banking Risk Information Centre (SABRIC) reported a spike in fraud incidents in 2018, with almost 23 500 cases across banking apps, online banking and mobile banking amounting to R262,8-million in gross losses.
Historically, the vast majority of complaints received by the Ombudsman for Banking Services were the result of ATM issues. In recent years however, online-related complaints were the main headache – with phishing the major underlying cause.
“While financial services firms are working around the clock to improve security, fraudsters are continuously devising new plans to circumvent the latest safety measures,” says Cowyk Fox, managing executive for everyday banking at Absa Retail and Business Bank.
An example of this has been the shift from phishing to vishing. With phishing, fraudsters impersonate a bank via email and entice the customer to click on links that redirect them to a fraudulent banking site, duping them into sharing their details and robbing them, Fox explains. With vishing, fraudsters call the customer claiming to be from their bank and ask for account and login details to urgently “stop” a fictitious transaction.
Phishing and vishing are examples of social engineering – the act of manipulating customers into sharing their personal information. Worryingly, studies suggest that the vast majority of customers struggle to differentiate between a phishing email and a legitimate email.
According to a recent Global Banking Fraud Survey, social engineering is one of the most significant challenges financial institutions in Europe, the Middle East and Africa face (as it relates to fraud risk).
Another common example of social engineering concerns the use of social media and dating sites where wealthy “suitors” befriend unsuspecting individuals with promises of gifts and holidays but soon request financial help due to an unforeseen “crisis” only to disappear with the money.
Since fraud is constantly evolving, it is not possible to provide hard and fast rules as a guarantee against fraud. Yet, there are steps customers can take to protect themselves:
* Do not use an emailed link to access your bank’s online portal, even if it seems legitimate. Always type the relevant URL directly into the internet browser.
* Check that the browser link starts with https – an indication that the website allows secure communication through encryption.
* Install the latest version of your bank’s app.
* Do not provide your “keys to the safe” (card PIN, card CVV, card One Time PIN (OTP), online banking PIN or online banking password) to anyone – your bank will never ask you to confirm your confidential information over the phone.
* If you do have access to a loved one’s PIN or password (which you should not have), never share this via text message or WhatsApp – their phone may have been stolen and you may unwittingly offer their “keys to the safe” to a criminal.
* Don’t approve any requests on your phone or via the app if you haven’t been transacting yourself.
* Register for your bank’s transaction notification service to ensure you know what is happening on your account.
* Add your bank’s fraud hotline number to your contacts so you have it available if you need to report fraud or to call the bank should you receive suspicious calls.
* Turn off your WiFi when banking on a public network – it is unsafe.
* If you think your banking profile may have been compromised, report it immediately.
* Choose strong, unique passwords and update them regularly.