Banking app fraud rockets due to phone snatching

accreditation
0:00
play article
Subscribers can listen to this article
(Getty)
(Getty)
  • Bank app fraud due to cell phone snatching has increased significantly, according to a new report by the South African Banking Risk Information Centre.
  • The report points out that there were, however, no reports of the banking app software having been compromised to commit the fraud as the correct credentials were used to access the banking app.
  • These credentials may have been previously compromised through social engineering methods, such as shoulder surfing or phishing.


Cell phone snatching led to a marked rise in banking app fraud, according to a report released by the South African Banking Risk Information Centre (SABRIC) on Wednesday.

But this doesn't mean the problem lies with the apps themselves, the report noted. There were no reports of the banking app software having been compromised to commit the fraud, SABRIC said.

"Although there are various methods and techniques used in the cell phone snatching method of operation, the correct credentials are used to access the app. These credentials may have been previously compromised through social engineering methods, such as shoulder surfing or phishing," the report states.

Rather, criminals are still making use of deception to manipulate consumers to provide confidential or personal information. Phishing and vishing are still the most commonn methods, SABRIC said. 

Phishing makes use of emails to trick the victim into entering their log in credentials by directing them to a "spoofed" website which is designed to look legitimate. 

Vishing, which has significantly increased during 2020, involves criminals making telephone calls to potential victims, purporting to be from a bank and convincing them to compromise their details. In some cases, vishing is used once the criminals have access to the victim's account as an additional step in order to deceive the victim into providing them with the verification token like a one-time-password (OTP) required to complete a transaction.  

In many cases the credentials used to access banking apps were compromised through "vulnerabilities" in the management of such information. For example, the credentials were saved elsewhere on the device or the same username and password were used across multiple apps.

Mobile banking fraud accounted for 59.7% of digital banking crime incidents reported to SABRIC in 2020. It is characterised by a high volume of lower value transactions. SIM swaps were reported in 92.7% (19 537) of mobile banking fraud incidents reported in 2020 and is the most commonly used modus operandi for committing this type of crime.

Another type of mobile banking fraud reported was where an individual known to the victim - such as family member or colleague - was able to access a device and conducted transactions without the victim's knowledge on the mobile banking platform. Examples of fraudulent transactions include the purchase airtime, electricity or the use of instant cash sending facilities.

Although Covid-19 did not directly lead to a significantly higher number of social engineering attacks reported by the banking industry, the content used within these methods shifted drastically towards the virus, associated lockdowns, remote working, personal protective equipment, and vaccinations, the report found.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
15.98
-0.3%
Rand - Pound
21.22
-0.1%
Rand - Euro
18.03
-0.2%
Rand - Aus dollar
11.29
+0.1%
Rand - Yen
0.14
-0.2%
Gold
1,771.77
+0.2%
Silver
22.37
-0.1%
Palladium
1,799.25
+0.8%
Platinum
946.50
+0.6%
Brent Crude
69.67
+1.2%
Top 40
64,807
+0.4%
All Share
71,282
+0.4%
Resource 10
68,080
+0.8%
Industrial 25
93,663
-0.0%
Financial 15
13,994
+0.7%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot