Warning for Standard Bank customers
Standard Bank says it is seeing a rise in “spoofing” scams, where fraudsters use AI-generated voices and emails to impersonate bank officials, and has urged customers to be on alert.
South Africa’s largest bank by assets under management said that the scams are difficult for customers to identify, as calls and emails appear to come from their bank’s legitimate contact details.
Spoofing is a tactic where criminals impersonate trusted entities, like banks, by manipulating caller ID or email addresses to appear legitimate.
It is then combined with vishing scams, where fraudsters call customers using what appears to be a valid Standard Bank number.
The caller mimics the tone and structure of a genuine bank interaction, often including standard security questions and disclaimers.
To build trust, scammers may reference personal details such as birth dates, addresses, or account types. The information might seem harmless, but it is used to create credibility.
The caller will then typically claim to be calling about a service offering or to validate detected suspicious activity on the customer’s banking profile, including unauthorised changes to contact details.
When panic sets in, they offer fake solutions such as asking customers to transfer funds to a “safe” account, scan a QR code, click a link or share sensitive information like OTPS or instant money voucher codes.
Spoofing can also be combined with phishing emails, which appear to come from legitimate emails from bank employees and replicate the bank’s branding.
The messages often use an urgent, threatening tone to pressure customers into acting quickly. For instance, they may claim that accounts have been flagged due to KYC or FICA compliance issues.
Usually embedded in these emails is malware hidden in links, attachments, icons or QR codes.
Clicking or scanning these elements can install harmful software on a customer’s device or redirect them to legitimate-looking fake websites designed to steal personal information.
The emails usually have tight deadlines, ranging from hours to a few days, to heighten anxiety and push immediate action.
AI making things worse
“With the rapid development of artificial intelligence, we have seen an alarming enhancement in spoofing techniques,” said Adv. Athaly Khan, Head of Fraud Risk Management at Standard Bank.
AI gives fraudsters access to advanced technology like voice cloning, deep-fake videos, chatbots, and AI-generated phishing emails.
“Current scams look and sound more real than ever before. Stay safe, stay alert. Know what not to do, and what not to share,” said Khan.
What not to do:
- Don’t transfer funds to another account on instruction. Your bank can secure your funds without your involvement.
- Don’t generate instant money vouchers at someone else’s request. Authentication doesn’t require transactions.
- Don’t click links, icons, download attachments, or scan QR codes from texts or emails. Standard Bank doesn’t send these via digital communication.
What not to share:
- Never share login details, card expiry date, CVV (three digits on the back of your card), OTP, or ATM PIN.
- Never disclose financial information like your investments or where you hold other financial products.
- Never reveal your account details. You could unknowingly become a money mule.
- Fraud is widespread and constantly changing. Scammers use fear and urgency to manipulate victims. Stay calm, think critically, and always remember what NOT to do and what NOT to share.
The latest warning from Standard Bank joins a growing list of South African institutions highlighting the dangers that technology can pose to unsuspecting customers.
For instance, the National Financial Ombud Scheme (NFO) warned South Africans that fraudsters are increasingly targeting banking apps and virtual cards, with one victim losing R500,000.
The NFO saw a steep 73% increase in digital banking fraud complaints, climbing from 1,436 cases between January and May 2024 to 2,483 during the same period this year.
Loading ...