Th South African Banking Risk Information Centre (Sabric), on behalf of the banking industry, is warning bank clients to protect their mobile devices.
The theft of mobile phones is not a new phenomenon, but Sabric is seeing an emerging trend where mobile phones that are being snatched from owners, are affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.
Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment.
Despite these benefits users must always remain vigilant because their mobile phones store far more information than they may be aware of. This is even more applicable if they use their mobile devices to do banking.
“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously” says Susan Potgieter, acting-CEO of Sabric.
There are a number of ways that criminals could access information stored on a mobile phone if it is stolen, to try and defraud the user, she adds.
One way is to literally access all open applications on an unlocked phone and view sensitive data. Another is to use social engineering to obtain usernames and passwords stored in the cloud.
Tactics used could be vishing, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PINs or passwords; or phishing where users are sent an email, which purporting to be from the bank or a legitimate service provider, which asks users to click on a link that requests PINs or passwords.
Once a user’s password has been compromised on a snatched phone, all other credentials are available and may be exploited. In addition to social engineering, users’ credentials could also be compromised through shoulder surfing in public places such as restaurants.
In the event that a user’s mobile phone is lost or stolen, they are advises to borrow a phone and contact their bank immediately so the banking app can be deactivated, card blocked and thebank account blocked.
Sabric advises users to ensure they store their bank’s hotline number somewhere other than on their mobile phone.
“If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to vish or phish you,” Sabric warns. “If you receive an email or SMS after doing this, don’t click on any links as these are not safe.”