Fraud continues to pose the risk of serious financial losses for banking customers and all indications are that there are new scams and an increasing number of the victims.
This is the warning from Reana Steyn, ombudsman for banking services, who says the basic modus operandi of these scams are not new – but over the years there is a constant change in the execution techniques applied by the fraudsters.
The success of these scams and their evolution is guided by how the consumer will react in each situation, Steyn advises.
As an example, she mentioned two recent matters investigated by her office where two private banking customers fell victim to the same scam under the exact same circumstances. The story behind convincing of the victims to disclose their confidential banking information was new, but the basic scam remained the same, together with the results.
The new phishing MO scam
Mr Mabasa (not his real name) advised that he received emails purporting to be from the South African Post Office (Post Office) informing him that he had unclaimed packages. He advised that he in fact had a package at the Post Office which he was aware of and had not collected yet. He then received an SMS from the Post Office advising him to pay a fee of R42.50 for the package to be released and sent to his nearest Post Office branch.
Mr Mabasa followed the instructions on the link he received, and the link opened to a payment option on an “official” Post Office Payment page. He then inserted his card details and received an “Approve It” message on his cell phone.
He accordingly approved the transaction. Immediately thereafter, he received another “Approve It” message from his bank and he noticed the word Singapore and realised that he was being defrauded.
He immediately reported the fraud to his bank and instructed the bank not to release the pending transaction of R16 061.80. Since the transaction was authorised with the use of the card details and the “Approve It” message, the bank had already released the transaction and refused any liability for the loss suffered.
Mr Mabasa then reported the fraud to the Ombudsman for Banking Services (OBS) and asked for assistance with his complaint against the bank.
It was the OBS’s findings that Mr Mabasa had in fact made the payment himself and approved the transaction through his banking app. The OBS further found that although Mr Mabasa advised that he thought he was making a payment for R42.50, however, the message he received from the bank for the authentication of the payment read: “You are about to make an online purchase of CHF 1, 000.00 at BIGO Live…” Since it was clear from the message that the payment was not to the Post Office and that the purchase amount was not R42.50, the OBS found against Mr Mabasa, and concluded that he was unfortunately a victim of a phishing scam where he compromised his confidential banking details.
Fraud claims/losses for OBS complaints exceed R295-million in 2021
Steyn warns that banking fraud has become a very lucrative business for online scammers. The banking fraud matters investigated by her office in 2021 alone, the amounts claimed as losses by the victims of the various types of banking scams exceeded R295-million.
This is an extremely worrying trend, especially when considering that these are funds lost mostly by individuals and small businesses who in the majority of cases are not in a financial position to take such a knock. In addition to the negative effects of Covid-19 on finances, most of these victims will sadly never be able to recover from the loss, Reana adds.
The ombudsman confirmed that, in most of these matters, the amounts claimed were not recovered as they had already been withdrawn by the fraudsters. In fact, Steyn reiterates that the losses were largely due to the victims falling hook, line and sinker for typical and well-publicised scams.
The latest wave of scams to look out for in 2023
According to the Ombudsman for Banking Services 2021 records, the OBS received and investigated over 2 880 banking fraud related cases. This was an increase of 8,1% from the 2020 fraud cases investigated. Most of these matters were due to bank customers falling victim to Internet banking fraud, credit card fraud, current account fraud, and ATM card swap scams.
Steyn advises that these scams are avoidable and called on bank customers to be extra vigilant in 2022 to ensure that they (individuals and businesses) do not lose their life savings or shut down over a scam that could have been avoided had someone taken the time to consider the possibility that they are being defrauded prior to providing their confidential banking details to a stranger over the phone or entering the details on a link received via email or SMS or by accepting assistance from a stranger at an ATM.
She emphasises that no legitimate caller or email from the bank will ever ask a bank customer to provide their card number, passwords, and especially an OTP over the call or a link. She further advises the South African banking public to refrain from using links received to make payments especially when in the link they are instructed to put in their banking account details that can be used to access the funds in your account.
Call to raise awareness
The Ombudsman calls on all banking customers, banking institutions and other stakeholders to partner to educate the public and raise awareness about the various scams targeting bank customers and small businesses.
Steyn advises that the power to prevent these scams lies mostly with the bank customers as they are the ones being directly targeted and as such, the scams and the techniques used are created around the vulnerabilities identified from the bank customers.
Although there has been some awareness and education to consumers around the prevalent scams and how they committed, Steyn adds that over the years, the number of fraud victims has not decreased. This according to her is an indication that more vigorous action must be taken by institutions like the OBS, the banks, and very importantly, the media, to assist, warn and educate South African consumers.
Steyn states that the bank customers played the most critical role in ensuring that they do not fall victim to scams. According to her, the Banks can never ensure that bank customers do not provide their confidential banking information to strangers, nor can the fraudsters be prevented from trying their luck to deceive customers into providing them with the keys to their vaults.
The responsibility is on customers to always remain vigilant and suspicious especially when requested to provide their confidential banking details that they know very well can be used to access the funds in their accounts.
Fraud detection systems and insurance by banks
To combat the scourge of fraud, South African banks have over the years created and introduced various fraud detection systems. The aim of these systems is to monitor and detect unusual transactions and prevent them where possible, thus minimising the number of fraud losses suffered by consumers.
However, although these systems have proven to be valuable in preventing fraud in many instances, Steyn warns these measures by banks do not guarantee that all fraudulent transactions can or will be detected.
Therefore, if it is found that you as a customer provided your confidential banking details to the fraudster and as a result, funds were withdrawn from your account, you will bear the loss should the transaction not be detected and stopped by the bank, Reana warned.
Steyn advises that such losses are not for the banks to absorb through their insurance. She advised that her office had on previous occasions received some matters where customers believed that the banks were insured for the losses suffered by clients through banking scams.
This is simply not correct, Steyn states. She explained that the only time the bank will be held liable by the OBS is when the losses suffered by the customer were because of the bank’s negligence or wrongdoing.
Lastly, Steyn encourages the banking public to do their utmost to eliminate the scourge of banking fraud by educating themselves about the various banking fraud threats that are out there. She warns that, unless the consumers assume the responsibility to educate themselves about the banking scams, these scams will continue to grow as fraudsters will identify this as an ongoing lucrative vulnerability which only leads to profits for the fraudsters.
She offers the following advice for consumers:
* Be conscious of the fact that criminals can mask their telephone numbers to appear as if it is from a legitimate individual or company that is making the phone call.
* Never share personal and confidential information with strangers over the phone.
* Also note that Banks will never ask you to confirm your confidential information over the phone.
* If you receive a phone call requesting confidential or personal information, do not respond and end the call.
* Most important – If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised. Even if they claim to be from the bank and are urgently trying to stop a fraud on your account.
* If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop. Contact you bank as soon as possible.
* Do not click on links or icons in unsolicited emails or SMSs. Do not reply to these emails. Delete them immediately.
* Type in the URL (Uniform Resource Locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.
* Check that you are on the authentic/real site before entering any personal information.
* If you think that your device might have been compromised, contact your bank immediately.
* Don’t store your credit card or banking information on your smartphone in case malware gets installed on your phone.
* Regard urgent security alerts, offers or deals as warning signs of a hacking attempt.
* Do not trust websites you do not know.
* Do not make payments into an unknown person/merchants’ account without first verifying their authenticity.
* If you are requested to make a payment prior to you viewing or receiving security for the goods or services you are purchasing, it may be a scam. Take a minute to assess the risk before giving your funds away.
* Review your account statements on a regularly and query disputed transactions with your Bank immediately.
* When doing online shopping, only use your card to make payments on secure websites.
* Do not send emails that quote your card number and expiry date.
* Never let the card out of your sight when making payments.
* Ensure that you get your own card back after every purchase at a merchant.
* While transacting, always keep an eye on the ATM card slot to ensure that your card is not removed, skimmed and replaced without your knowledge.
* Never write down your PIN or disclose it to anyone.
* Report lost and stolen cards immediately.
* Destroy your credit card receipts before discarding them.
* Sign your card on the signature panel as soon as you receive it to prevent anyone else from taking ownership or trying to use it.
* Your credit card is not transferable. Only the person whose name appears on the front of the card is authorised to use it. The same applies to debit cards, even though they don’t contain your name on the front of the card.
* If you have a debit, cheque and credit card, don’t use the same PIN for all of them as should you lose one, the others won’t be at risk of being compromised.
* Always check transaction slips for the correct purchase amount before you sign them.
* Subscribe to your Bank’s SMS notification services as this will inform you of any transactional activity on your account.
* Should your card be retained by an ATM, contact your Bank and ensure that you block your card before leaving the ATM.
* Protect your cards as if they were cash. Never let them out of your sight and ensure that you get them back after every purchase.
* If you think the ATM is faulty, cancel the transaction IMMEDIATELY, report the fault to your Bank and transact at another ATM.
* Avoid ATMs that are dimly lit or surrounded by loiterers, and never allow your children to draw money using your card, since they’re the most vulnerable to perpetrators.
* Be cautious of strangers offering to help as they could be trying to distract you in order to get your card or PIN.
* Follow the instructions on the ATM screen carefully.
* Only punch in your PIN once prompted by the ATM.
* Report suspicious items or people around ATMs to the Bank.
* Choose familiar and well-lit ATMs where you are visible and safe.
* Be alert to your surroundings. Do not use the ATM if there are loiterers or suspicious people in the vicinity. Also, take note that fraudsters are often well-dressed, well-spoken and respectable looking individuals.
* If you are disturbed or interfered with while transacting at the ATM, your card may be skimmed, by being removed and replaced back into the ATM without your knowledge. Cancel the transaction immediately and report the incident using your Bank’s Stop Card Toll free number that is displayed on all ATMs, as well as on the back of your bank card.
* Should you have been disturbed whilst transacting, immediately change your PIN or stop the card, to protect yourself from any unauthorised transactions occurring on your account.
* Know what your ATM looks like so that you are able to identify any foreign objects attached to it.
* Do not ask anyone to assist you at the ATM, not even the security personnel guarding the ATM or a bank official. Rather go inside the bank for help.
* Never force your card into the slot as it might have been tampered with.
* Key in your PIN in such a way that no one else can see it e.g. cover your PIN when punching in the numbers even when alone at the ATM as some criminals may place secret cameras to observe your PIN.
* Don’t let anyone stand too close to you in order to keep both your card and PIN safe.