The Ombudsman for Banking Service (OBS) has warned bank accountholders to be vigilant when transacting online and to be aware that scamsters use an array of techniques to obtain confidential information such as debit /credit card details, card pin numbers, transaction OTPs and mobile or internet banking passwords. An attack can be launched by email or text message and, in many cases, by an old-fashioned telephone call. The OBS also stressed that banks were unable to fully protect customers against the tactics used by fraudsters, despite spending millions of rand on world-class security systems and technologies aimed at protecting consumers from fraud.
Like giving a burglar your front door key
Fraudsters have long given up on trying to crack bank security to get direct access to your client’s hard-earned money. Instead, they use every trick in the book to get your clients to give them the front door key by… The irony is that the same technology that enables banks to fight off malicious attacks is being leveraged by fraudsters to launch elaborate phishing and vishing attacks. Phishing has been around for so long that it has earned a place in the Oxford dictionary: It is a noun, described as ‘the fraudulent practice of sending emails [or texts] purporting to be from reputable companies in order to induce individuals to reveal personal information such as passwords and credit card numbers’.
This writer received a phishing text a couple of days ago and is in a position to explain how they work. I had just opened an online share trading account and was in the process of completing the account activation stages. Imagine my surprise when I received a text message purporting to be from the same brand, with a URL requesting that I submit certain documents to prevent an account suspension. I took the bait and clicked the link without hesitation. Luckily for me my smartphone’s antivirus kicked in and prevented me from following the link; but that is how quickly and easily things can go wrong. PS: Although my gut reaction was to question how the scamster knew I had opened the account, it is most likely the attack was totally random. My mobile number was probably one among a list of millions that received this phishing text in the hope of finding a handful of victims at exactly the right time.
Going old school; scamming by telephone
In a media release the OBS said it had received more than 640 new fraud complaints over the past few months. These complaints typically come from consumers who have been deceived into providing their confidential banking information to fraudsters. “A couple of years ago, the most common scam centred on phishing emails; this seems to have been overtaken by vishing scams or fraudulent phone calls,” said Reana Steyn, Banking Ombudsman. “Anyone and everyone can be a target; but the devastation caused by these scams to elderly citizens, some of the most vulnerable members of society, is beyond heart-breaking”.
Here is how a typical vishing scam plays out, as described by the OBS. A bank customer receives a phone call from someone who says they are from the customer’s bank. This fraudulent representative will then deliver a practiced script that usually creates urgency by promising reward or threatening financial harm. They may, for example, offer to assist the customer to claim from a non-existent bank reward programme or inform the customer that funds have been fraudulently taken from an account. Scamsters make it their business to create realistic scenarios that lure
victims in. Their job is to get victims to ask: “That sounds reasonable, what do you need from me to fix things?”. But alarm bells should start ringing when anybody asks you to share your banking details.
The final stage of the telephone scam involves getting the bank customer to part with card details, cards pin numbers, transaction OTPs and mobile or internet banking passwords. “The fraudster says that [the login information] is necessary for them to assist the customer, to redeem the rewards, to do a transaction, stop a fraudulent payment or recover stolen money etc,” wrote the Ombudsman. If you provide this information you will soon find that your bank account is cleaned out. Telephone scams work because they catch consumers off guard. Unfortunately, consumers who believe they are talking to an official bank representative are highly susceptible to the combination of financial incentive and time pressure.
Discuss phishing and vishing with your clients
Financial advisers can add value to their clients by discussing the threat of phishing and vishing attacks and keeping them informed of the modus operandi of 21st Century con artists. Most importantly, remind them that the attacks can be elaborate and involve a range of mini-attacks launched digitally, by email or text message, or by voice. Something else worth considering is that fraudsters are often pre-armed with reams of personal information. They may know your client’s address, email, ID number and other details obtained from data hacks or social media ‘scraping’, a process by which scamsters trawl public social media profiles on Facebook, Twitter and LinkedIn. “Fraudsters are extremely sophisticated and convincing con-artists; it will be foolish to think that you will immediately see through the scam unless you are 100% clued up on these matters,” said Steyn.
It is difficult, and in many cases impossible, for banks to recover funds that have been stolen following the compromise of your bank account login details and transaction security. Banks are not usually ‘on the line’ for an account holder’s losses unless money is stolen at the bank; lost through the fault of a bank employee; or lost due to a technical glitch. And this means that many vulnerable consumers are left without financial recourse. “While this fraud may be crippling to a person who is working, at least they have an opportunity to rebuild their savings; we have had cases where an elderly person’s entire pension is stolen due to this type of fraud and there is no way, or time, for them to make up the loss,” said Steyn.
When in doubt: Hang up the phone
The best protection, according to the OBS, is to stay aware and to remember that legitimate businesses, especially banks, will never ask you for your personal, sensitive or confidential banking information. Never share your Pin, OTP or Password over the phone or by email. A good rule is to hang up if someone tries to coerce or pressure you into giving them sensitive information. “Keep a cool head and hang up the phone; then call your bank or credit card company and verify whether there is a real problem”, wrote the OBS. And always be sceptical. It is also important to contact your bank and network service provider if your cell phone loses connectivity for some time or if you receive notification of an unexpected SIM swap or number port request.
“Criminals are smart; if we are going to make headway against these fraudsters, we need to become smarter,” concluded Steyn. She urged readers to be alert to the various types of banking scams and teach themselves, their families and communities about the scams and the many safeguards provided by banks to prevent them from falling victim.
Article Courtesy of FA News: www.fanews.co.za