Good morning bloggers. I have posted some of the banking scams that are currently plaguing the world (not just South Africa, it's all over).
Please read through this carefully, it explains in detail, how the different scams work and also gives great tips on how to prevent falling into the trap.
Security Notice
Phishing
SIM Swap
Confirmation of payments or deposits Scam warning
Keystroke logging
1. Phishing
TopPhishing is a scam designed to obtain information in order to gain access to your banking accounts. The scam artist entices you to disclose confidential personal data such as bank and credit card account numbers and passwords / PINs, by convincing you that they are genuinely communicating directly from the Bank. The communiqué requests you change your passwords / PINs under the advice that you may have been compromised.
The required password may be provided to you by the perpetrators and when you change your details, you grant them access to your accounts. There has been an increase of such Phishing schemes through both email and internet channels. They employ spam email where the addresses seem genuine, as the sender address creates the impression that it was sent from your financial institution. In addition, you may be surfing a site, where a pop-up may prompt you to follow the links to your banking site. These prompts could be under the guise of a competition where you should click here to enter, which takes you to the phishing sites.
Please note that we as a bank will never send you an email requesting you to enter your personal details or private identification and authentication details such as Client Identity number (Profile), PIN and/or Password. If you are in any doubt about the source of an email claiming to come from us or of the validity of our website, call our helpdesk.
What does a phishing scam look like?
Generally, you receive an email message or view a pop-up window that includes bank logos and other key information taken directly from our genuine websites and communications. Deceptive emails usually include attachments or hyperlinks. The main identifier is the request to amend or update your details electronically.
How do phishing scam artists get my email address and know where I bank?
Typically, they don't. The perpetrators mass mail emails to random addresses or popular domains (hotmail.com, gmail.com) and hope that they hit on a real address.
What should I do if I receive such email?
Delete any such suspicious mails immediately. What to do if you have clicked on the link? First ensure that you close down the website you have clicked on from the Phishing email. Logon to the secure internet banking website and change your details immediately (PIN and Password) or contact the internet banking helpdesk for further assistance.
Fraud preventative tips
We recommend you monitor your accounts regularly for unusual activity and report any suspicious activity by calling our helpdesk.
We recommend you monitor your accounts regularly for unusual activity and report any suspicious activity by calling our helpdesk.
Always keep your PIN and Password a secret
Refrain from using public facilities to do your secure banking, like hotels, internet cafes and the like as those terminals may not be secure.
Always type in the address of the internet banking website, (never access your Internet Banking facility through a bookmark or saved page).
Our SMS authorisation facility will further protect you in the event that someone gains access to your profile. As a unique SMS reference number is required for certain functions, the more risky transactions cannot be effected on your account without your knowledge and authorisation. If you have not already done so, we encourage you to activate the SMS facility at any branch.
Keep your operating system and browser patches up to date, since this includes important security enhancements.
We encourage you to install and maintain up-to-date anti-virus and anti-spyware.
2. SIM Swap
TopSMS authorisation offers you additional security when making once-off payments and/or adding beneficiaries to your profile. How does SMS authorisation work? Once the SMS facility has been activated on your profile, a unique eight-digit alpha-numeric reference number will be sent to your cellphone whenever you make once-off payments and/or add beneficiaries. You will need to enter the reference number in the input field on screen to be able to proceed with the transaction.
The SIM Swap Scam
Criminals are now fraudulently initiating SIM card swaps which allow them to intercept the SMS authorisation facility
How this works?
The SIM swap takes place after the fraudsters have received the client's logon details as a result of the client acting on, for example, Phishing emails. Once the fraudsters have the client's cellphone number and other personal information, the fraudster can pose as the client, requesting a new SIM card from a cellular service provider. The cellular service provider transfers the client's SIM card identity to the new SIM card, cancelling the client's SIM card in the process. The result is no signal on the old SIM card, which means the client cannot receive or make phone calls or send SMS messages. The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently.
What you as the client should do:
If you fall prey to an unlawful SIM swap or suspect that you have, contact your cellular service provider for assistance.
If you fall prey to an unlawful SIM swap or suspect that you have, contact your cellular service provider for assistance.
You should also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect, to prevent fraudsters from gaining access and transacting on your accounts.
3. Confirmation of payments or deposits - Scam warningTop
There is a high incidence of deposit and refund scams and you may be at risk of becoming a victim. The basis of the refund and the deposit scams is the same. A fraudulent cheque is deposited and misrepresented as either cash or an electronic funds transfer (EFT). Once the deposit is effected, the perpetrators will create / amend a document that will show that the funds credited are cleared. They may amend the cheque deposit slip to reflect as cash, or generate a fraudulent Internet Payment confirmation. Please note that the fraudulent deposit may show as available but it could include uncleared effects.
The scam then splits, with two possible goals:
Deposit Scam
The perpetrators approach you with a payment for goods / services. The deal is concluded and the deposit is made. You may or may not check you account to determine if the funds have been credited. In some cases, you may rely on the fraudulent document confirming the deposit and release the goods or complete the required service. The initial deposit was actually a cheque deposit, masquerading as cleared funds. This amount is returned and your account is debited.
Refund Scam
In this scenario, there may be a pre-existing deal in place, or there could just be a sudden deposit into your account, wherein you have no knowledge of the payment. A falsified payment confirmation or deposit slip is sent to you as proof, requesting a refund. There are three scenarios:
An unexpected credit reflects on your account.
The perpetrators contact you, claiming a mistake on their part, where the funds were deposited into the incorrect account.
They request a refund via EFT to a nominated account. In support of their claim, you receive either an Internet payment confirmation or a cash deposit slip.
The claim of incorrect payment is sometimes supported by a fax, purporting to be from a well-known company or institution (Telkom, SARS etc.).
You may be convinced the funds are cleared and duly return the full amount to the nominated account.
A couple of days later, the initial fraudulent cheque deposit is returned and your account is debited. As you have refunded the amount via EFT, the funds are immediately cleared and the fraudsters withdraw the amount in cash and disappear.
2. A deal with new clients is concluded and a certain amount is expected in your account.
You receive an Internet Payment confirmation or a cash deposit to confirm the deposit of cleared funds.
However, the perpetrators make a deposit, which exceeds the expected amount (the new amount appears to be the result of finger trouble - an extra zero, or a double digit).
Contact is made either from your side or theirs, but they claim ignorance and confirm the mistake on their part with an urgent request to have the funds returned.
You may see the deposit reflecting (perhaps as movements due or with a suitable narrative) and duly refund the difference on the basis of the amended deposit slip / Internet Payment confirmation.
The cheque deposit is again unpaid a couple of days later and you carry the loss.
3. The fraudsters intercept a company's debtor invoices being sent out.
A cheque deposit is then made in excess of what the debtor owes to the targeted company.
The fraudster then contacts the company (telephonically and / or sometimes by fax) and tells them that they have made an electronic transfer in excess of the invoice received.
Similar to the previous scenarios described above, a document will be provided to mask the deposit as a cash deposit or an electronic transfer.
Preventative measures
We urge you to contact your home branch to confirm the nature of the deposit.
Do not merely accept the fact that a deposit shows on the account and always insist on verification that the movements on your account represent a cash deposit or an Internet transfer.
Delay the refund until such time as you can obtain confirmation.
4. Keystroke logging
TopKeystroke logging (key logging) is the use of computer software (spyware) or a device to record the keystrokes on a PC. This information is sent to/ retrieved by the fraudster, who is then able to analyse and possibly identify pertinent information (account access details, PINs, passwords), which will enable them to log on to internet banking as a legitimate client.
We therefore recommend that you do not perform any internet banking transactions in a public area where you suspect your personal details could be compromised. How are key loggers installed and what can they look like? The software can be installed on the physical machine or the user can be encouraged to run an email attachment that, when executed, will install the key logger. Other methods used are viruses and worms. A hardware key logger is a unit that is installed with the keyboard or it is a cable, hence it can look similar to common computer equipment.
Tips to assist you in preventing keylogging:
Do not do your banking on a public or unfamiliar computer.
Ensure effective access control to your PC.
Be alert to computer hardware changes.
Ensure that the computer has the latest version of anti-virus and anti-spy software installed.
Do not open attachments (embedded or otherwise) from unknown sources.
If you need to do your banking urgently and do not have access to a secure computer, our Cellphone or Telephone Banking services may be used.
If you are unable to avoid using a public computer to do your banking, it is advisable to change your PIN and password as soon as you have access to secure computer facilities.
Please remember to logoff and close your browser after banking online.
Please note:
The bank will never send you an email requesting you to enter personal details or private identification and authentication details such as Profile, PIN and/or Password.
The bank will never send you an email requesting you to enter personal details or private identification and authentication details such as Profile, PIN and/or Password.
If you receive an SMS reference number and you are not transacting, immediately change your PIN and Password and contact the internet banking helpdesk for further assistance.
Contact your branch to confirm the nature of a deposit, if you are unsure of any documentation provided.
Do not do your banking on a public or unfamiliar computer.
Posts
No comments:
Post a Comment