classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018


Digital banking crime statistics
October 2018, This Week's Editor's Pick, News

The South African Banking Risk Information Centre (SABRIC) has released its inaugural digital banking crime statistics.

In 2017, 13 438 incidents across banking apps, online banking and mobile banking cost the industry more than R250 000 000 in gross losses. While incidents from January to August 2018 already show a 64% increase, the increase in gross losses is just 7%, when compared to the same period in 2017.

When comparing January to August 2017 to the same period in 2018, mobile banking incidents showed an increase of more than 100%, with gross losses of R23 593 631, while online banking incidents showed an increase of 44% with gross losses of R89 368 722. For the same period, banking app incidents increased by 20%, with gross losses of R70 156 364. SIM swops saw 4040 incidents from January to August 2017, and 8254 incidents from January to August 2018, an increase of 104%.

“Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by banks are very robust, so it is easier to target people, as they are the weakest link,” says Kalyani Pillay, SABRIC CEO. She goes on to say that criminals are very skilled at using social engineering to manipulate their victims into divulging their personal or confidential information. They capitalise on the fact that not all digital banking clients are digitally literate and exploit this vulnerability. Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols.

In most cases, clients are still compromised because of phishing, vishing or the installation of malware onto a victim’s device by having them click on a link, enabling the criminal to steal sufficient personal information to access their online banking profile. SABRIC urges consumers not to click on links or icons in unsolicited emails or SMSs.

Trickery and deception

Although phishing scams are not new, criminals are always finding new ways to trick consumers by taking advantage of the slickness, convenience and efficiency of digital platforms. In one such modus operandi, the criminal sends the victim an email that purports to be from a trusted organisation that the victim has legitimate dealings with. The email will display all the characteristics of customer centricity and promise to ‘optimise’ the victim’s user experience or exclusively upgrade their benefits if they click on the link provided.

In another modus operandi, the criminal plays on the victim’s fear, and sends them an email that appears to be from their bank, stating that a fraudulent transaction has been made. The victim is then given the opportunity to report the ‘fraud’ by clicking on a link, and in their state of panic, does so. When clicking on links in these phishing emails, the victim is diverted to a fraudulent website under the control of the criminal, and any information entered on this page, such as a banking profile username or password is sent to the criminal. Once they have viewed your profile, and find that there is money to be accessed, they will commit fraud on your Internet banking account.

It is critical that consumers are aware that they are their money’s best protection on all digital platforms. “We also cannot stress the importance of not sharing confidential information with anyone or clicking on links in unsolicited emails,” says Pillay.

SABRIC is working closely with the SAPS and mobile network operators to address this scourge. The organisation urges bank clients to take note of the following tips to protect themselves.

Phishing, vishing and SMishing

• Do not click on links or icons in unsolicited emails.

• Never reply to these emails. Delete them immediately.

• Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm.

• Always type in the URL (Internet link) or domain name for your bank in the address bar of your Internet browser if you need to access your bank’s website.

• Check that you are on your banks genuine website before inputting any personal information.

• Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to see that the URL begins with HTTPS rather than HTTP.

• Check for a closed green padlock next to the URL of the website. A green padlock shows that your connection with the website is secured and encrypted.

• If you think that you might have been compromised, contact your bank immediately.

• Create complicated passwords that are not easy to decipher and change them often.

• Banks will never ask you to confirm your confidential information over the phone.

• If you receive a phone call requesting confidential or personal information, do not respond and end the call.

• If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.

• If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swap.

SIM swaps

• If reception on your cellphone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately.

• Inform your bank should your cellphone number change so that your cellphone notification contact number is updated on its systems.

• Register for your bank’s cellphone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.

• Regularly verify whether the details received from cellphone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately contact your bank and report all log-on notifications that are unknown to you.

• Memorise your PIN and passwords, never write them down or share them, not even with a bank official.

• Make sure your PIN and passwords cannot be seen when you enter them.

• If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.

• Choose an unusual PIN and password that are hard to guess and change them often.

Change of bank details scam

• Maintain a good relationship with existing suppliers and know your contacts in order to know whom you should be able to liaise with.

• Ensure that you confirm any change of banking details with someone you usually deal with at the organisation before making any changes to beneficiary accounts. When calling the organisation to confirm the changes to banking details, use a number from the telephone directory and not the number on the letterhead or email as you will most likely be calling the fraudster.

• If talking to this ‘supplier’ on the telephone beforehand, they may ask about when you last sent payments to them, looking to see if you are still an active client. Again, ask to speak to contacts that you recognise and if necessary ask your contact to call you back.

• Question whether well-known companies would change their banking details without notifying people through more formal channels.

• Beware of supposed confirmatory emails from almost identical email addresses, such as .com instead of .co.za, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.

• Instruct staff responsible for paying invoices to scrutinise invoices for irregularities and escalating suspicions to a known contact.

• It is essential to make sure that you are certain of the identity of the person your business is dealing with at all times. Consider setting up designated ‘single points of contact’ with companies to which you make regular payments.

• Ensure that your company’s private information is not disclosed to third-parties who are not entitled to receive it, or third-parties whose identities cannot be rightfully verified.

• Rather shred your business and suppliers’ invoices or any communication material that may contain letterheads, than to discard in rubbish bins.

• Consider reviewing previous requests to change account details to confirm whether they were genuine or not.

• To avoid your customers acting on an instruction allegedly from you, alert them to this type of fraud.

Email hacking

• Make sure your PC has the most recent operating system updates and antivirus/malware software.

• Depending on the extent to which your account was abused, you may have to contact all email recipients who were spammed by your hacked mailbox to advise them that these communications were not legitimate.

• Set up several email addresses. Use your original email address for personal or business communication as you would normally do, and use an alternative email address to communicate with your service provider, since many now ask for a different address for added protection. Then, use yet another email address for registering for websites, newsletters, online shopping and other services. In this way, the risk of a possible compromise is spread.

• Use different and strong passwords for each account – one that is at least six characters long, and is a combination of letters, numbers and capitals/lowercase.

• On a secure PC, log into your email and then check if any of the settings have been changed. This could indicate that your email account has been hacked. Ensure that if any of the settings have been altered, you delete these immediately.

• Once you have changed the settings, create a new password, and add your secondary email account as your alternative address.

• Never list your main email address publicly anywhere online – in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers. Use a separate email address for the Internet which is not linked to your personal or business email account.

• Don’t use public computers to check email; there’s virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.

For more information go to www.sabric.co.za


  Share via Twitter   Share via LinkedIn      

Further reading:

  • NEC XON talks Industry 4.0 and disruption
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Conferences & Events, Training & Education
    NEC XON held its seventh annual summit at Sun City in October this year in which it focused on the Fourth Industrial Revolution (IR4) and how it would disrupt the status quo.
  • Optimal selection of CCTV operators
    November 2018, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    Technology is often seen as the primary factor in the success of CCTV surveillance control rooms, yet Dr Craig Donald has seen new control rooms with the most up-to-date technology fail.
  • Our dependence on cyber-connectivity
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Government and Parastatal (Industry)
    The health, safety, security, economic well-being of citizens, effective functioning of government and perhaps even the survival of the industrialised world relies heavily upon interconnected critical systems.
  • Border security: Technology or barriers?
    November 2018, Technews Publishing, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Government and Parastatal (Industry)
    While it is important to provide a visible as well as a covert patrolling presence on borders as well as points of entry from other countries, this needs to be supplemented with technology.
  • The building blocks of safe and smart cities
    November 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, IT infrastructure, Government and Parastatal (Industry)
    Hi-Tech Security Solutions asks NEC XON and Vox for insights into what some of the foundations of a safe and smart city are.
  • 2018 product highlights
    November 2018, News
    A wave at biometrics    Thermal deep learning bullet cameras    MIC IP fusion 9000i    Suprema Xpass D2    Suprema CoreStation    Suprema BioLite N2    RapidTrac Compact    Facial recognition server    Husky X2 and X8...
  • Kaspersky builds skills with SABRIC
    November 2018, Kaspersky Lab, This Week's Editor's Pick, News
    Kaspersky Lab concluded a memorandum of understanding (MOU) with the South African Banking Risk Information Centre (SABRIC) to enhance cyber skills within the banking sector.
  • Choose your surveillance technology partners wisely
    November 2018, Graphic Image Technologies, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
    Businesses and consumers alike are spoiled for choice in the surveillance market, but as with everything else in life, you get what you pay for.
  • What about the service level agreement?
    November 2018, Vision Catcher, This Week's Editor's Pick, Security Services & Risk Management
    Niall Beazley discusses the importance of a reliable service level agreement (SLA) if you want to rest assured in the long-term efficacy of your security installation.
  • Disaster Recovery 2.0
    November 2018, This Week's Editor's Pick, IT infrastructure
    Protecting your business from the unexpected can mitigate the financial and reputational risks of uncontrolled downtime.
  • Win $65 000 from Milestone
    November 2018, Milestone Systems, This Week's Editor's Pick, News
    Milestone Systems invites coders, developers, individuals and organisations to test their development skills in the Milestone Community Kickstarter Contest.
  • District Watch goes green
    November 2018, This Week's Editor's Pick, News, Security Services & Risk Management
    District Watch has invested in three BMW i3 electric vehicles to support its community and the environment.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.