Protect your identity

2013-04-07 10:00

My mother nearly fell for a phishing scam when she received an email asking her to verify her banking details to receive her tax refund.

The mail was timed to coincide with the period she normally receives a refund, giving it a sense of legitimacy.

As scams become more sophisticated, banks have highlighted five ways to?protect your identity.

Phishing scam

Aim

To obtain account and login details

Fraudsters need your account and logon details to defraud you. To obtain these, they will send you an email or SMS that appears to look legitimate and which requires you to click on a link. For example, it could be an email apparently sent from the SA Revenue Service, claiming your refund is ready to be paid. You are asked to just click on a link and verify your banking details. This takes you to a “spoof” website that looks just like your bank’s site where you are required to enter your account number and PIN.

A “spoof” website appears to be the legitimate site of a particular company or organisation and is configured to look like the original. It is usually created for online fraud and is controlled by fraudsters to obtain your internet logon credentials, which are then used to defraud you.

Protect yourself:

In order to limit the chances of falling prey to phishing attacks, take note of the following information:

» Email greeting: The greeting line of a phishing email is typically generic, such as: “Dear Sir/Madam”. Legitimate mails are usually personalised.

» The sender’s address: The sender’s email address is not a good indicator of the true origin of an email. This field can very easily be forged.

» Tone of the mail: The content would normally ask you to update, validate, and/or confirm your personal data, often with a sense of urgency and with dire consequences if you ignore it. For example:

» We are updating our accounts and need data fast;

» An unauthorised transaction has recently occurred on your account;

» You may lose your account if you don’t update information; and

» Click here to verify your information.

Recent examples have had a more authenticated feel, such as:

» Dear customer, thank you for registering for e-statements. Please click here to view/receive your statement;

» Dear customer, to redeem your cash rewards, please click on this link; and

» Dear customer, a debit order will be processed against your account on mm/dd/yy. Click here to confirm or cancel the order.

Also take note of the writing style that commonly includes poor spelling, bad grammar, missing words and logic gaps.

Links and URLs

Fraudsters use deception to create the illusion of legitimacy. Scrutinise the link carefully. A common form of trickery is where the @ in the URL appears, near the end of the web address.

Your browser might ignore all characters preceding the @ symbol in determining the actual address. The real web address follows the @, which may be hidden at the end of a very long URL.

For example: http://www.company.com:crafty... ...long... ...string@www.scammer.com

You see the company.com part. This URL really goes to www.scammer.com, which you can’t see because the URL string is so long.

» Connection security: Make sure you are not on a spoof site by clicking on the security icon on your browser toolbar and ensuring the URL begins with https not http.

» Attachments: These are dangerous. Do not open them and delete the email after reporting the scam.

Change of banking details scam

Aim

To get you to pay money into a fictitious account

In this scam, you receive an authentic-looking letter on a company letterhead or an email from a company that appears to be from one of your trusted suppliers.

This communication informs you of a change of their account details. The letter may be accompanied by a “cancelled cheque” showing their “new” bank account details. As soon as you make a payment, the fraudster withdraws the funds.

Protect yourself

» Confirm notifications for any changes of banking details by official correspondence using their contact details that you have in your database before processing the next payment.

» Beware of supposedly confirmatory emails from almost identical email addresses, such as .com instead of .co.za, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.

» Instruct staff with the responsibility for paying invoices to scrutinise invoices for irregularities.

» Have a single point of contact with the company you supply so you know who you are dealing with.

» Ensure your company’s private information is not disclosed to parties not entitled to receive it.

» Rather shred your business and supplier invoices, or any communication material that may contain letterheads, than discard in rubbish bins.

» Review previous requests to change account details to confirm whether they were genuine or not.

» To avoid your customers acting on an instruction purporting to be from you, alert them to this type of fraud.

Electronic payments are made based on the account number only. Any account name given is not routinely checked as part of the automated payment process.

This is the same for all South African banks. It is the responsibility of the remitter to ensure the account details being used are correct, by conducting independent verification.

Refund scam

Aim

To get you to ‘refund’ fictitious deposits into your bank account

A deposit-refund scam is one where criminals call you to tell you that an amount of money was “mistakenly” deposited into your account.

The criminal will fax a proof of payment and ask for a refund.

However, the “proof” is either a fraudulent copy of an altered deposit slip or an altered internet banking payment confirmation. The criminals actually use a fraudulent cheque to make the deposit.

This means that after you have refunded the money electronically, your bank account is debited with the reversal of the fraudulent deposit by the bank.

Typically, you will be unable to call the “client” and will suffer the loss as the funds have already been withdrawn from the fraudster’s account.

Protect yourself

» Never reimburse any money until you have verified with your branch what type of deposit you received

» Report the matter to your bank immediately

» If the fraudster insists on a refund, the best thing to do is advise him or her to facilitate this refund through the bank.

Faced with this choice, the fraudster will more than likely refrain from approaching the bank for a refund.

SMishing scam

Aim

To get your personal information via SMS

“SMishing” is a technique that fraudsters use to steal your personal information. By cleverly disguising an SMS sent to your cellphone so that it looks legitimate, fraudsters use various techniques to then capture your personal details.

One such technique is placing a clickable link on the SMS itself. When accessed on your WAP-enabled cellphone, the link takes you to a fake site that looks very similar to the bank’s mobile site.

Once on the site, the recipient is asked to enter sensitive information, such as passwords, credit card details or bank account numbers. These details are then received by fraudsters, who use these details to perform unauthorised transactions acting as the customer.

Another technique of SMishing that fraudsters use is placing a number on the SMS and instructing customers to “urgently” dial a particular number.

This number then reaches a voice-activated service that would pretend to be the bank and asks the customer to enter or submit sensitive information. The fraudsters then capture this information and use it unlawfully.

Protect yourself

» Never follow any links in an SMS to reach a cellphone banking or internet banking website. Always enter the website address yourself or dial the relevant string (*120*2345#) to access cellphone banking.

» A secure PIN is needed for a customer to transact via cellphone banking. Standard Bank urges all customers to ensure that their cellphone banking PIN is kept secret and is never shared with anyone.

» Again, never give your personal details to anyone without making sure that they are who they say they are. A bank representative will never ask you for personal or banking information in an SMS.

» Never reply to their SMS or get into a conversation with them. Never provide your personal details – for example, your PIN or account details – by SMS.

» Subscribe to your bank’s SMS-notification service, like MyUpdates, which will notify you of transactions on your accounts.

SIM-swap fraud

Aim

Take control of your SIM to access your one-time passwords

Another modus operandi of fraudsters is to have a SIM swap fraudulently conducted at your cellphone service provider on your number.

What this means is that the service provider disables the SIM card in your phone and allocates your cellphone number to fraudsters.

Fraudsters then use your replacement SIM card to acquire security messages and one-time passwords (OTPs) sent to you by your bank.

Using the OTP, fraudsters are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing.

If you receive an SMS from your cellphone service provider warning that a SIM swap has been conducted on your cellphone number, you should call them immediately.

If the SIM swap is prevented, the fraudsters will not be able to receive your OTP and will not be able to make fraudulent payments. Immediately change your internet banking login credentials until an investigation into the SIM swap can be completed.

The changing of your login credentials can be done on the internet banking website and takes a few minutes.

Protect yourself

» Always protect your personal information.

» Do not disclose your identity document number on websites unless you have verified the legitimacy of the site. The bank already knows your identity number and will not ask you to give it to them again. » Do not disclose your cellphone number on websites unless you have verified the legitimacy of the site. Phishing websites often ask for information such as identity number, email address and password, physical address and so on. » Always make sure that your internet banking contact details are valid and correct. By doing this, you will know when your details change. You can update your online banking information by either logging on to internet banking or by going in to your branch.

AIM
To obtain account and login details
Fraudsters need your account and logon details to defraud you. To obtain these, they will send you an email or SMS that appears to look legitimate and which requires you to click on a link. For example, it could be an email apparently sent from the SA Revenue Service, claiming your refund is ready to be paid. You are asked to just click on a link and verify your banking details. This takes you to a “spoof” website that looks just like your bank’s site where you are required to enter your account number and PIN.
A “spoof” website appears to be the legitimate site of a particular company or organisation and is configured to look like the original. It is usually created for online fraud and is controlled by fraudsters to obtain your internet logon credentials, which are then used to defraud you.
PROTECT YOURSELF:
In order to limit the chances of falling prey to phishing attacks, take note of the following information:
»?Email greeting: The greeting line of a phishing email is typically generic, such as: “Dear Sir/Madam”. Legitimate mails are usually personalised.
»?The sender’s address: The sender’s email address is not a good indicator of the true origin of an email. This field can very easily be forged.
»?Tone of the mail: The content would normally ask you to update, validate, and/or confirm your personal data, often with a sense of urgency and with dire consequences if you ignore it. For example:
»?We are updating our accounts and need data fast;
»?An unauthorised transaction has recently occurred on your account;
»?You may lose your account if you don’t update information; and
»?Click here to verify your information.
Recent examples have had a more authenticated feel, such as:
»?Dear customer, thank you for registering for e-statements. Please click here to view/receive your statement;
»?Dear customer, to redeem your cash rewards, please click on this link; and
»?Dear customer, a debit order will be processed against your account on mm/dd/yy. Click here to confirm or cancel the order.

Also take note of the writing style that commonly includes poor spelling, bad grammar, missing words and logic gaps.

LINKS AND URLs
Fraudsters use deception to create the illusion of legitimacy. Scrutinise the link carefully. A common form of trickery is where the @ in the URL appears, near the end of the web address.
Your browser might ignore all characters preceding the @ symbol in determining the actual address. The real web address follows the @, which may be hidden at the end of a very long URL. For example:
http://www.company.com:crafty... ...long... ...string@www.scammer.com
You see the company.com part. This URL really goes to www.scammer.com, which you can’t see because the URL string is so long.
»?Connection security: Make sure you are not on a spoof site by clicking on the security icon on your browser toolbar and ensuring the URL begins with https not http.
»?Attachments: These are dangerous. Do not open them and delete the email after reporting the scam.

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
0 comments
Comments have been closed for this article.

Inside News24

 
/News
 

10 gorgeous plus-sized models who aren't Ashley Graham

Here are just ten of our favourite plus-sized models:

 
 

You won't want to miss...

WATCH: Pornhub is giving users free access to premium content these holidays
5 top leg exercises for men
10 best dressed men of 2017
How to open a beer bottle without an opener
Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.