The substantial increase over the past year in the number of complaints to the banking ombudsman about ATM and internet fraud indicates that these crimes are rising significantly.
And the South African Banking Risk Information Centre (Sabric) says there is a growing trend of criminals using phishing emails to get you to divulge information about your bank cards so they can make fraudulent online purchases.
A phishing email is an email that claims to come from your bank. It usually asks you to click on a link in the email. If you do so, the link will take you to a website that appears to be your bank’s website. There you will be asked to enter your banking log-on information. Criminals use the information you enter to access your bank account and steal your money.
Clive Pillay, the Ombudsman for Banking Services, says in his annual report for last year that the increasing ingenuity and deviousness of cyber crooks have resulted in a surge of complaints to his office about internet banking. The number of cases has risen from only 45 in 2009 to 484 last year.
Kalyani Pillay, the chief executive officer of Sabric, says the banks are concerned about the link – noticeable in the content of phishing emails – between phishing and other types of crime.
“Phishing spam reported to Sabric shows that criminals are soliciting card information through these emails to make fraudulent online purchases, since these transactions do not require the presence of the card or the cardholder.
“While this is not new, it is becoming more prevalent than before. It is clear that perpetrators are now able to solicit more personal information from bank clients than was the case previously.
“These shifts in trends signal serious changes in the phishing landscape, and it is for this reason that we urge bank clients to be extra vigilant with their personal information,” she says.
The personal information that you should not share without good reason is not limited to your identity number or bank account details; it includes bank statements, CVV numbers (the last three digits on the back of your credit or cheque card), pay slips and cellphone numbers, Pillay says.
Phishing emails that target South Africans have been on the rise since late 2009, Sabric says. The number of phishing websites that were detected and closed by the banks trebled in the first quarter of last year from the first quarter of 2009, it says.
According to RSA, an international body that monitors global phishing trends, South Africa is the country with the third-highest number of phishing attacks in the world.
“The advanced local banking infrastructure, which is comparable to most of the developed world, lowers barriers to these phishing attacks,” Pillay says.
Another worrying trend is that criminals use the electronic purchase of cellphone airtime to move stolen money, Sabric says. Criminals resell the airtime vouchers for cash.
In the past, phishing perpetrators mostly used bank accounts to move the money they had stolen. These accounts were either opened fraudulently or criminals solicited legitimate account holders to allow them to use their accounts.
“The banks have implemented additional internal measures to monitor transactions, and this has made it increasingly difficult for perpetrators to effectively use beneficiary accounts to launder the money stolen through phishing.
“In addition, many bank clients are now aware of the risks of allowing strangers to use their bank accounts, and this explains the recent increase in incidents where perpetrators move the stolen money by means of electronic airtime purchases.
“There is a ready market for airtime on-selling, given the number of pay-as-you-go cellphone users on this continent,” Pillay says.
The average amount involved in phishing crimes has declined, from R20 000 in 2009 to R5 000 at present, Sabric says.
The change indicates that phishing perpetrators no longer only target people with large amounts of money in their accounts but anyone who unwisely provides their personal information, Sabric says.
Pillay says that a primary tool for preventing phishing is for consumers to be alert to these scams. “Phishing attacks will continue as long as the perpetrators find reward in their efforts.
“Bank clients need to remind themselves constantly that no bank will ever ask them for their personal information via email or SMS, or close their account if they fail to provide that information. Any such requests or threats should immediately make you suspicious,” she says.
HOW TO PROTECT YOUR MONEY
There are several things you can do to protect your money against internet fraud, the South African Banking Risk Information Centre says. These steps include:
* Never respond to emails purporting to have been sent by your bank that ask you to confirm your log-on details or your personal information. The banks do not send such emails.
* Never click on a link in an email to access your bank’s website. You should type the URL of your bank’s website directly into the address field of your browser. (If you place your cursor over the link in a phishing email without clicking on it, a pop-up bar will reveal that the website address is not that of your bank.)
* Do not save your banking password online or use software that “remembers” your password.
* When shopping on the internet, only divulge your credit card details to reputable companies. The URL of the payment page should start with “https” and a padlock icon should appear at the bottom of your browser to indicate that the site is secure.
* Do not leave your computer unattended after entering your internet banking access details.
* Always log off or sign off at the end of an internet banking session.
WHO CAN HELP YOU
You should contact your bank if you are uncertain about how to react to any requests for personal information via email or SMS.
If you suspect that you have received a phishing email, contact your bank immediately to report it. Do not respond to the email or click on any links in the email.
The contact details are:
* Absa: 0860 557 557 or [email protected];
* First National Bank: 011 632 2226 or [email protected];
* Nedbank: 0860 115 060 or [email protected]; and
* Standard Bank: 0860 123 000 or [email protected]
The Ombudsman for Banking Services is Clive Pillay.
Sharecall: 0860 800 900
Telephone: 011 712 1800
Fax: 011 483 3212