While online and contactless payments have become the norm in South Africa, major banks are reminding consumers to be aware of common scams, as the number of victims of banking scams has seen an uptick in 2023.
According to the South African Banking Risk Information Centre (SABRIC), there has been an increase in banking scams this year, and several social engineering scams are currently of great concern.
Social engineering is a method used by fraudsters and entails psychological manipulation to deceive individuals and organisations into divulging sensitive information or performing specific actions, said SABRIC.
The centre added that social engineering in the form of Phishing, Vishing and Smishing are rampant at the moment and is used to obtain personal information, OTPs, and passwords to commit card fraud (specifically where the card is not present), account takeovers, and fraudulent transactions on digital channels.
Nowadays, exploiting the fact that almost everyone banks online has been criminals’ primary source of income.
Online banking fraud accounts for the second-highest percentage of gross losses, according to SABRIC’s most up-to-date report, with the average victim losing R33,781.
SABRIC outlines the common social engineering tactics to keep an eye out for:
- Vishing is a form of attack where a cybercriminal uses voice or telephone-based communication to trick and manipulate individuals into divulging sensitive information or performing an action that can compromise their security.
- Phishing is an online fraud in which the attacker sends fraudulent emails or messages to trick the recipient into providing sensitive information, such as login credentials, credit card details, or other personal information. The emails or messages are designed to look like they are from a trustworthy source, such as a bank, social media platform, or other reputable institution, to convince the recipient to click on a link or provide information. Once the attacker has obtained the data, they can use it for fraud, such as identity theft or financial fraud.
- Smishing is a cyber-attack that uses text messages (SMS) or other messaging applications to trick individuals into divulging sensitive information or downloading malware onto their mobile devices. SMishing attacks typically involve a message that appears to be from a legitimate source, such as a bank, government, or service provider, which requests the recipient to take immediate action by clicking on a link, downloading an attachment, or responding to the message with personal information. Smishing aims to obtain sensitive information or gain unauthorised access to the recipient’s device.
Capitec also noted these scams as standard, adding that Vishing accounts for about 99% of its fraud cases in South Africa.
Standard Bank and Discovery Bank are others that highlighted Vishing as a concern. However, they flagged incidences where fraudsters call customers claiming to be from the fraud department – advising clients that their accounts have been compromised as they have noticed fraudulent transactions on the account and would like to assist them in reversing these transactions.
Standard Bank further noted concerns relating to malware or remote access.
International cybersecurity firm Kaspersky uncovered this type of tactic at the beginning of the year, which involves malware that can block contactless near-field transactions on hacked points of sale (POS) terminals.
This, in turn, forces the customer to use their physical credit cards, enabling cybercriminals to steal money.
Reminding South Africans of best practice
SABRIC highlighted the common ways customers could mitigate the risk of falling victim to the abovementioned scams:
- Use strong passwords – Use strong passwords unique to your bank account, and avoid using easily guessable passwords such as birthdates or simple words.
- Enable two-factor authentication – Two-factor authentication adds an extra layer of security to your bank account. It requires you to provide a second form of identification, such as a code sent to your phone or email in addition to your password.
- Monitor your accounts regularly – Check your bank accounts regularly to ensure no unauthorised transactions.
- Keep personal information private – Do not share your personal information, such as social security numbers, account numbers, and passwords with anyone. Also, be careful when giving out your personal information online or over the phone.
- Use secure internet connections – Only access your bank account from a secure internet connection. Avoid using public Wi-Fi networks, which are often not secure and can be easily hacked.
- Be cautious of phishing scams – Be careful of emails or phone calls that ask for your personal information. Scammers often pretend to be from your bank or other financial institutions to steal your information.
The banks also reminded South Africans that an official banking service provider would never ask for sensitive account details or pins.