Evergreen Content

Risky to bank digitally (13 438 'incidents' in 2017). How to never fall prey…

Last year, criminals launched 13 438 “incidents” across banking apps and online banking, costing the industry more than R250 million, according to the South African Banking Risk Information Centre (Sabric).

The number of “incidents” from January to August 2018 is already up 64% on the total for 2017.

Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by banks are very robust, so it is easier to target people, as they are the weakest link.

Kalyani Pillay, Sabric

Pillay says criminals prey on digital banking clients who are only semi-digitally literate, using technology and psychology to gather enough information to attempt an impersonation, thereby bypassing bank security procedures.

We also cannot stress the importance of not sharing confidential information with anyone or clicking on links in unsolicited emails.

Kalyani Pillay, Sabric

YOU are the weakest link!

Here follow tips on how to protect yourself:

Phishing, Vishing & SMSishing

  • Do not click on links or icons in unsolicited emails.

  • Never reply to these emails. Delete them immediately.

  • Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your contact details to contact the sender and confirm.

  • Always type in the URL (website address) or domain name for your bank in the address bar of your internet browser if you need to access your bank’s website.

  • Check that you are on your bank’s genuine website before inputting any personal information.

  • Make sure that you are not on a spoof site by clicking on the security icon on your browser toolbar to see that the URL begins with "HTTPS" rather than "HTTP".

  • Check for a closed green padlock next to the URL of the website. A green padlock shows that your connection with the website is secured and encrypted.

  • If you think that you might have been compromised, contact your bank immediately.

  • Create complicated passwords that are not easy to decipher and change them often.

  • Banks will never ask you to confirm your confidential information over the phone.

  • If you receive a phone call requesting confidential or personal information, do not respond and end the call.

  • If you receive a “One Time PIN” (OTP) on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.

  • If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.

SIM Swops

  • If reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately.

  • Inform your bank should your cellphone number change so that your cell phone notification contact number is updated on its systems.

  • Register for your Bank’s cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.

  • Regularly verify whether the details received from cell phone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious, immediately contact your bank and report all log-on notifications that are unknown to you.

  • Memorise your PIN and passwords, never write them down or share them, not even with a bank official.

  • Make sure your PIN and passwords cannot be seen when you enter them.

  • If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.

  • Choose an unusual PIN and password that are hard to guess and change them often.

Change of Bank Details Scam

  • Maintain a good relationship with existing suppliers and know your contacts whom you should be able to liaise with.

  • Ensure that you confirm any change of banking details with someone you usually deal with at the organisation before making any changes to beneficiary accounts. When calling the organisation to confirm the changes to banking details, use a number from the telephone directory and not the number on the letterhead or email as you will most likely be calling the fraudster.

  • If talking to this “supplier” on the telephone beforehand, they may ask about when you last sent payments to them, looking to see if you are still an active client. Again, ask to speak to contacts that you recognise and if necessary ask your contact to call you back.

  • Question whether well-known companies would change their banking details without notifying people through more formal channels.

  • Beware of supposed confirmatory emails from almost identical email addresses, such as .com instead of .co.za, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.

  • Instruct staff responsible for paying invoices to scrutinise invoices for irregularities and escalating suspicions to a known contact.

  • It is essential to make sure that you are certain of the identity of the person your business is dealing with at all times. Consider setting up designated “Single Points of Contact” with companies to which you make regular payments.

  • Ensure that your company’s private information is not disclosed to third parties who are not entitled to receive it or third parties whose identities cannot be rightfully verified.

  • Rather shred your business and suppliers’ invoices or any communication material that may contain letterheads, than to discard in rubbish bins.

  • Consider reviewing previous requests to change account details to confirm whether they were genuine or not.

  • To avoid your customers acting on an instruction allegedly from you, alert them to this type of fraud.

Email Hacking

  • Make sure your PC has the most up-to-date operating system and antivirus/malware software.

  • Depending on the extent to which your account was abused, you may have to contact all email recipients who were spammed by your hacked mailbox to advise them that these communications were not legitimate.

  • Set up several email addresses. Use your original email address for personal or business communication as you’d normally do and use an alternative email address to communicate with your service provider since many now ask for a different address for added protection. Then, use yet another email address for registering for websites, newsletters, online shopping and other services. In this way, the risk of a possible compromise is spread.

  • Use different and strong passwords for each account - one that is at least six characters long, and is a combination of letters, numbers and capitals/lowercase.

  • On a secure PC, log into your email and then check if any of the settings have been changed. This could indicate that your email account has been hacked, so ensure that if any of the settings have been altered, that you delete these immediately.

  • Once you have changed the settings, create a new password, and add your secondary email account as your alternative address.

  • Never list your main email address publicly anywhere online - in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers. Use a separate email address for the internet which is not linked to your personal or business email account.

  • Don’t use public computers to check email; there’s virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.

Enjoy The Money Show, but miss it sometimes?

Get the best bits emailed to you daily, right after it ends:

Subscribe to our Business Wrap Newsletter


This article first appeared on 702 : Risky to bank digitally (13 438 'incidents' in 2017). How to never fall prey…


Recommended

by NEWSROOM AI
Read More
[LISTEN] To give your kid a phone or not? That is the question

[LISTEN] To give your kid a phone or not? That is the question

In the parenting feature, creative parenting expert, Nikki Bush chats about the right age to give your child a cellphone.

3 risks to your retirement savings (and how to mitigate each of them)

3 risks to your retirement savings (and how to mitigate each of them)

Only 5% of South African retirement fund members will retire comfortably. Bruce Whitfield interviews advisor Warren Ingram.

Self-driving Merc returns to Chapman’s Peak to beat the bends in stirring new ad

Self-driving Merc returns to Chapman’s Peak to beat the bends in stirring new ad

The Money Show’s Bruce Whitfield interviews branding and advertising expert Andy Rice about Merc's stirring new ad.

'I don’t spend much. I drive an old car. I’ve never been in debt'

'I don’t spend much. I drive an old car. I’ve never been in debt'

Bruce Whitfield interviews analyst Chris Gilmour about his attitude toward money (hopes and fears, successes and failures, etc.).

Gift of the Givers' Dr Imtiaz Sooliman – angel amongst men – talks about money

Gift of the Givers' Dr Imtiaz Sooliman – angel amongst men – talks about money

"I have no desire for clothes. I have no desire for holidays. I have no desire for outings. All I see is the suffering of people…"

‘Budgeting’ for people who don’t budget (and probably never will)

‘Budgeting’ for people who don’t budget (and probably never will)

A simple savings plan for people who don’t like to budget. Bruce Whitfield interviews personal finance guru Warren Ingram.

Popular articles
[LISTEN] Cervical cancer is the only cancer that is caused by sex - Dr Eve

[LISTEN] Cervical cancer is the only cancer that is caused by sex - Dr Eve

Dr Eve discusses cervical cancer and how it can be prevented.

Angry customer stops at nothing to expose bad service at upmarket hotel

Angry customer stops at nothing to expose bad service at upmarket hotel

Khabazela shares some of the most popular tweets, posts, and videos on 'What's gone Viral'.

Motorist who killed two goslings has been identified

Motorist who killed two goslings has been identified

According to the SPCA, he will be charged with contravention of the Animal Protection Act.

Gift of the Givers' Dr Imtiaz Sooliman – angel amongst men – talks about money

Gift of the Givers' Dr Imtiaz Sooliman – angel amongst men – talks about money

"I have no desire for clothes. I have no desire for holidays. I have no desire for outings. All I see is the suffering of people…"

Group distances itself from N2 car spinners caught on film

Group distances itself from N2 car spinners caught on film

It turns out that the petrol heads who span cars on the N2 were part of the SA Torque Cape Town Breakfast Run.

Uber customer threatened with hockey stick by driver

Uber customer threatened with hockey stick by driver

An Uber customer shares how she was threatened by an Uber driver with a hockey stick after a disagreement.

SPCA to open case against impatient CT man seen driving over two goslings in CBD

SPCA to open case against impatient CT man seen driving over two goslings in CBD

A family of Egyptian geese were crossing the road at the corner of Spin Street and Adderley Street, when the man drove over them.