SABRIC Festive Season Awareness
SABRIC, the South African Banking Risk Information Centre, on behalf of the banking industry would like to share the tactics that criminals are using to defraud people this Festive Season, to ensure that they are aware of how to protect their hard-earned cash.
Just as the Festive Season sees people relax and become more socially active, criminals utilise this opportunity to exploit human psychology by using malicious social engineering tactics to steal personal or confidential information to defraud people.
“SABRIC encourages people to empower themselves by sharing information selectively, and on a need-to-know basis only. This is why we are adding the hashtag label #NotSaying to all our messaging, to remind people to not just share any personal information without careful consideration when prompted to do so.” says Susan Potgieter, SABRIC acting CEO.
Confidential information includes usernames, passwords, OTPs (One Time PINs), PIN numbers and card security codes. SABRIC has seen a sharp increase in Vishing incidents where criminals phone bank customers, lead them to believe that they are speaking to the bank or a legitimate service provider and use these social engineering tactics to coerce them into disclosing their confidential banking information. Personal information includes identity documents, driver’s licenses, passports, addresses, full card details including the card security code as well as contact details and the compromise thereof creates opportunities for criminals to impersonate bank representatives and either take over the victim’s facilities or apply for credit using their credentials fraudulently.
“This is blatant abuse of a person’s inclination to trust.” says Potgieter.
Another scam that criminals are still deploying is to trick people into paying for holiday accommodation that doesn’t exist. This scam sees criminals preying on people’s anxiety about booking a last-minute holiday. Victims are lured with what seems to be a really good deal, pay for the holiday in full and are then unable to make further arrangements with the agent who has simply disappeared.
“An offer that seems too good to be true should make you suspicious.” adds Potgieter.
SABRIC is also cautioning bank clients to be vigilant when withdrawing holiday cash at ATMs. Criminals continue to attempt to steal bank cards and PINs by interfering with people while they are carrying out a transaction, and SABRIC urges bank clients not to accept assistance from anyone, even if they look well-dressed or seem legitimate. Interference also goes beyond accepting assistance, as it has been noted that scammers use deceitful tactics like telling people that the ATM machine needs to be programmed or serviced immediately after they have inserted their ATM card. Clients must be aware of these tricks and call security if needs be.
Bank clients are also urged not to carry large amounts of cash, and rather find safer ways to transact such as cell phone banking or internet transfers. Criminals know that people get their bonuses and that stokvels pay out at this time.
To further protect yourself this Festive Season remember #NotSaying and visit www.sabric.co.za.
[ENDS]
***Tips to empower bank clients***
Confidential and personal information
Do’s:
- Use strong passwords for all your accounts.
- Change your password regularly and never share them with anyone else.
- Store personal and financial documentation safely. Always lock it away.
- Keep PIN numbers and passwords confidential.
- Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
- To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at safps.org.za
- Ensure that you have a robust firewall and install antivirus software to prevent a computer virus sending out personal information from your computer.
- When destroying personal information, either shred or burn it (do not tear or put it in a garbage or recycling bag).
- Should your ID or driver's license be stolen report it to SAPS immediately.
- Read the messages your bank sends you to confirm or process transactions.
Dont's:
- Don’t carry unnecessary personal information in your wallet or purse.
- Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email.
- Don’t write down PINs and passwords and avoid obvious choices like birth dates and first names.
- Don't use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN).
- Don’t use Internet Cafes or unsecure terminals (hotels, conference centers etc.) to do your banking.
Vishing
- Be conscious of the fact that criminals can mask their telephone numbers seem as if a legitimate individual or company is making the phone call.
- Never share personal and confidential information with strangers over the phone.
- Also note that Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.
- If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.
- Never share your full card details with anyone over the phone.
Holiday Scams
- Do not trust websites you do not know.
- Don’t fall for offers that are available at a very low price. If it seems to be too good to be true, it usually is.
- Register for 3D Secure to secure your card details.
- Do not send emails that quote your card number and expiry date.
- If you are requested to confirm your banking or personal details via a link, don’t click on it.
ATM Card Swopping
- If you think the ATM is faulty, cancel the transaction IMMEDIATELY, report the fault to your Bank and transact at another ATM.
- Make sure that prior to transacting at the ATM, you understand the screen before entering a PIN, as it could be in “cardless transaction” mode.
- Avoid ATMs that are dimly lit or surrounded by loiterers, and never allow your children to draw money using your card, since they're the most vulnerable to perpetrators.
- Be cautious of strangers offering to help as they could be trying to distract you in order to get your card or PIN.
- Follow the instructions on the ATM screen carefully.
- ONLY punch in your PIN once prompted by the ATM.
- Report suspicious items or people around ATMs to the Bank.
- Be alert to your surroundings. Do not use the ATM if there are loiterers or suspicious people in the vicinity.
- If you are disturbed or interfered with, whilst transacting at the ATM, your card may be skimmed, by being removed and replaced back into the ATM without your knowledge. Cancel the transaction immediately and report the incident using your Bank's Stop Card Toll free number that is displayed on all ATMs, as well as on the back of your bank card.
- Know what your ATM looks like so that you are able to identify any foreign objects attached to it.
- Do not ask anyone to assist you at the ATM, not even the security personnel guarding the ATM or a bank official. Rather go inside the bank for help.
- Never force your card into the slot as it might have been tampered with.
- Do not insert your card if the screen layout is not familiar to you and looks like the machine has been tampered with.
- Your PIN is your personal key to secure banking, and it is crucial to keep it confidential.
- Key it in your in such a way that no one else can see it e.g. cover your PIN when punching in the numbers even when alone at the ATM as some criminals may place secret cameras to observe your PIN.
- Some fraudsters wait until you’ve drawn your cash to take advantage. Be wary of people loitering around the ATM and ensure that you are not followed.
- Set a daily withdrawal limit that suits your needs (the default amount is set at R1000.00), to protect yourself in an event that your card and PIN are compromised.
Online Shopping
- Be aware that the ‘s’ in the ‘https’ no longer guarantees that a website is secure.
- When registering on an e-commerce website, always choose a strong password or even better, a passphrase and never save these on any computer or mobile device.
- Protect your personal information. Online merchants don’t need your ID number or date of birth to process your order.
- Check your bank balance after making any shopping payment and report any fraudulent transactions to your bank immediately.
- Again, register for 3D Secure to secure your card details.
Carrying Cash Safely
Tips for Individuals
- Carry as little cash as possible.
- Consider the convenience of paying your accounts electronically (consult your bank to find out about other available options).
- Consider making use of cell phone banking or internet transfers or ATMs to do your banking.
- Never make your bank visits public, even to people close to you.
Tips for Businesses
- Vary the days and times on which you deposit cash.
- Never make your bank visits public, even to people close to you.
- Do not openly display the money you are depositing while you are standing in the bank queue.
- Avoid carrying moneybags, briefcases or openly displaying your deposit receipt book.
- It is advisable to identify another branch nearby you that you can visit to ensure that your banking pattern is not easily recognisable or detected.
- If the amount of cash you are regularly depositing is increasing as your business grows, consider using the services of a cash management company.
- Refrain from giving wages to your contract or casual labourers in full view of the public; rather make use of wage accounts that can be provided by your bank.
- Consider arranging for electronic transfers of wages to contract or casual labourers’ personal bank accounts.
Tips for Stokvel Groupings
- Refrain from making cash deposits of club members’ contributions on high-risk days (e.g. Monday after month end).
- Ensure persons depositing club cash contributions or making withdrawals are accompanied by another club member.
- A Stokvel savings club or burial society can arrange for members to deposit cash directly into the club’s account instead of collecting cash contributions.
- Arrange for the club’s pay out to be electronically transferred into each club member’s personal account or accounts of their choice.
- Take another person with when going to deposit club cash contributions.
To arrange for interviews with SABRIC acting CEO, Susan Potgieter, contact:
Louise van der Merwe
Tel: +27 11 847 3134
Cell: 082 070 5349
Email: media@sabric.co.za
Notes to Editors:
SABRIC is an NPF company formed by South African banks to support the banking industry in the combating of crime. SABRIC’s clients are South African banks and major CIT companies. Its principle business is to detect, prevent and reduce organised crime in the banking industry through effective public private partnerships. SABRIC co-ordinates inter-bank activities aimed at addressing organised bank related financial crime, violent crime and cybercrime, and acts as a nodal point between the banking industry and others, in respect of issues relating to these crimes. The creation of public awareness of various bank related crimes and educating the public on how to protect themselves is one of SABRIC’s key focus areas. For more on SABRIC visit www.sabric.co.za.