The incidence of digital banking fraud is increasing and an estimated R250 million is lost to cybercriminals every year.
Kalyani Pillay, CEO of the SA Banking Risk Information Centre (Sabric), says: “Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by banks are very robust, so it is easier to target people as they are the weakest link.”
Pillay says criminals are very skilled at using social engineering to manipulate their victims into divulging their personal and confidential information.
They capitalise on the fact that not all digital banking clients are digitally literate and exploit this vulnerability. Using technology coupled with social engineering, criminals can gather sufficient information to impersonate their victims, bypassing bank security protocols.
In most cases, clients are still compromised because of phishing, vishing or the installation of malware on to a victim’s device by having them click on a link, enabling the criminal to steal sufficient personal information to access their online banking profile.
Sabric urges consumers not to click on links or icons in unsolicited emails or SMSes.
Although phishing scams are not new, criminals are always finding new ways to trick consumers by taking advantage of the slickness, convenience and efficiency of digital platforms.
In one such modus operandi, the criminal sends the victim an email that purports to be from a trusted organisation that the victim has legitimate dealings with.
The email will display all the characteristics of customer centricity and promise to “optimise” the victim’s user experience or exclusively upgrade their benefits if they click on the link provided.
In another scam, the criminal plays on the victim’s fear, and sends them an email that appears to be from their bank, stating that a fraudulent transaction has been made.
The victim is then given the opportunity to report the “fraud” by clicking on a link and, in their state of panic, does so.
After clicking the links in these phishing emails, the victim is diverted to a fraudulent website under the control of the criminal, and any information entered on this page, such as a banking profile username or password, is sent to the criminal.
Once they have viewed your profile and confirmed that there is money to be accessed, they will fraudulently log on to your internet banking account.
SIM swap fraud is also on the rise. Once the criminal has your banking details and PIN, a fraudulent SIM swap is conducted on your cellphone number, which allows the criminals to transact as if they were the real account holder.
Pillay says if reception on your cellphone is lost, immediately check what the problem could be because you could have been a victim of an illegal SIM swap. If confirmed, notify your bank immediately.
Remember, banks will never ask you to confirm your confidential information over the phone. If you receive a phone call requesting confidential or personal information, immediately end the call.
If you receive a one-time PIN (OTP) on your phone without having effected a transaction, it was probably prompted by a fraudster using your personal information. Do not provide an OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.