SABRIC, the South African Banking Risk Information Centre, on behalf of the banking industry would like to warn bank clients about protecting their mobile devices. The theft of mobile phones is not a new phenomenon, however SABRIC is seeing an emerging trend where mobile phones that are being snatched from owners are affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.
Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment. Despite these benefits you must always remain vigilant because your mobile phone stores far more information than you may be aware of. This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account
“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously” says Susan Potgieter, Acting CEO of SABRIC.
There are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you. One way is to literally access all open applications on your unlocked phone and view your sensitive data. Another is to use social engineering to obtain your usernames and passwords stored in the cloud. Tactics used could be Vishing, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PIN’s or passwords or Phishing where you are sent an email, which you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PIN’s or passwords. Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited. In addition to social engineering, your credentials could also be compromised through shoulder surfing in public places such as restaurants.
In the event that your mobile phone is lost or stolen, borrow a phone and contact your bank immediately so that they can deactivate your banking app, block cards on other apps containing your bank card details and block your bank account. Make sure you always have your banks hotline number stored somewhere other than on your mobile phone. If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to Vish, SMish or Phish you. If you receive an email or SMS after doing this, don’t click on any links as these are not safe.
“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, however, their highest priority should be protecting their money.” concludes Potgieter.
To further protect yourself visit www.sabric.co.za.
[ENDS]
***Tips to empower bank clients***
PINS & Passwords:
- Reset/change your passwords and PIN’s often.
- Set different and complex passwords for each app or service. Ensure that these are not stored on a password manager app, browser password manager, or on the phone itself.
- Never save your banking app or internet banking username and password on your device in the contacts or notes. Never save your banking usernames or passwords.
- Never autosave your banking app username and password on your device.
- Disable the autosave function on your smart phone.
- Ensure that you have set additional security controls on your device for adding biometrics such as fingerprint or facial recognition, for instance you can enable your device to ask for the device password to add another person’s biometric to your device.
Social Engineering:
- Do not click links in SMS’s or emails stating that your lost or stolen device has been located as criminals use this to obtain sensitive personal information.
- Always be vigilant by being aware of who is around you when using your phone in public.
Device:
- Treat your mobile device the same way you would treat your bank card.
- Pickpocketing is prevalent so ensure that your handbag and/or backpacks are properly closed or zipped.
- If your mobile device is lost or stolen notify your bank immediately to freeze your banking profile and prevent the perpetrators from using your banking app.
- In addition, contact your mobile service provider to block/stop your SIM card and handset to prevent criminals from getting any One Time PINs for fraudulent transactions.
- If your Apple device is stolen, log onto to your iCloud account to restore all factory settings so that all your personal data is wiped from the device.
- Avoid using Public WiFi "hotspots". It is risky to connect your smartphone to just any available WiFi hotspot. Savvy hackers can spoof a WiFi connection and gain access to usernames and passwords stored on your smartphone.
- Consider keeping your banking app on two devices – this will enable you to block the stolen mobile from the other device and also change the log in credentials at a moment’s notice. Most banks will still ask you to call them to report the theft to ensure that all access is blocked for the stolen phone. Your bank can also advise how to get passwords changed.
- When calling the bank to report the phone as stolen, request that they place a temporary hold on your entire account to allow you the time to change, replace and update all your info.
Banking App:
- Always log out of your banking app manually once you have finished transacting.
- Keep your daily EFT and ATM limits low as some banking apps and internet banking profiles will require that contact be made with the bank before the limit can be increased on your profile.
To arrange for interviews with SABRIC acting CEO, Susan Potgieter, contact:
Louise van der Merwe
Tel: +27 11 847 3134
Cell: 082 070 5349
Email: media@sabric.co.za
Notes to Editors:
SABRIC is an NPF company formed by South African banks to support the banking industry in the combating of crime. SABRIC’s clients are South African banks and major CIT companies. Its principle business is to detect, prevent and reduce organised crime in the banking industry through effective public private partnerships. SABRIC co-ordinates inter-bank activities aimed at addressing organised bank related financial crime, violent crime and cybercrime, and acts as a nodal point between the banking industry and others, in respect of issues relating to these crimes. The creation of public awareness of various bank related crimes and educating the public on how to protect themselves is one of SABRIC’s key focus areas. For more on SABRIC visit www.sabric.co.za.