Cyber Crime

MODUS OPERANDI

Cybercrime is a socio-technical problem which is increasing at an alarming rate, and will eventually replace many ‘traditional’ bank crimes as it transcends time and physical proximity due to its virtual nature. In addition, the convenience and anonymity of the internet make it easy for criminals to perpetrate these crimes. These digital attacks include unauthorised access to devices, identity theft and online bank information theft. Even more concerning, is its potential to infiltrate networks, resulting in mass data breaches.

TIPS - MOBILE DEVICES AND TABLETS

Device and Software Management

  • Secure your smartphone by enabling the lock screen and security function, be it a pattern password or fingerprint screen lock.
  • Where possible, don’t save any sensitive personal information or bank account details on your electronic devices.
  • Think before you download apps to your mobile or tablet devices:
    • Do not bypass built in security measures by “rooting” your device.
    • Only download mobile apps from secured and trusted sources.
    • Read the access requirements before you accepting the software installation (android permissions) of new apps.
  • Install mobile security and antivirus software from a trusted security vendor.
  • Disable the “Sharing” function on your mobile device if not needed.
  • Enable the settings to remotely locate and restore factory defaults on your electronic devices.
  • Keep your mobile device and antivirus software up to date with the latest security patches.
  • Encrypt the data on your device where possible.
  • On a secure PC, log into your email and then check if any of the settings have been changed by a hacker. If any of the settings have been altered, delete these new settings.
  • Once you have changed the settings, create a new password, and add your secondary e-mail account as your alternative address

Connectivity

  • Disable any wireless connection settings (e.g. Bluetooth, WiFi and NFC) when you're not using these.
  • Disable your push notification settings on your mobile devices if not needed.
  • After completing your transactions, ensure that you sign out of your Online Banking session and close your browser. If possible also power off your PC, this is especially important when you share the device with other people and at public locations.
  • Clear the browser cache on your PC and Mobile device regularly.
  • Do not log into a computer with administrator rights unless you must do so to perform specific tasks. (Practice the Principle of Least Privilege (PoLP).)
  • Ensure that all personal WiFi network are password protected and that all the necessary security settings are enabled.
  • Do not use easily hacked security configurations like WEP, use the more recent and secure configurations.
  • Avoid sensitive transactions on public WiFi networks.
  • Don't send passwords or account login credentials over public or unsecured WiFi networks.
  • Change the wireless network hardware (router/access point) administrative password from the factory default to a complex password.

 Behaviour

  • Never list your main email addresses publicly anywhere. This includes online advertisements; blogs or any place where your information can be harvested by spammers.
  • Use strong passwords for all your accounts.
  • Change your password regularly and never share it with anyone else.
  • Don't use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN).
  • Be wary of email attachments and free software from unknown sources.
  • Be mindful of how much personal information you share on social media (e.g. Facebook, Twitter etc).
  • Always set the privacy settings on your social media profiles to the highest level possible.
  • Use more than one email address for different contexts (e.g. different email addresses to receive online media or advertisements and another for personal correspondence).
  • If you use a public webmail such as yahoo and Gmail, ensure that you enable two factor authentication services
  • Don't ignore reports from friends about mysterious emails coming from your accounts.
  • Never log in to your Online Banking through a link in an email. Either type the address into your browser or use your bookmarks.
  • Register for SMS notifications so that you are notified of any transaction on your bank account.
  • Monitor your bank accounts to check that no irregular activity has taken place without your consent or knowledge.
  • Don't respond to emails that claim to be from your bank (or any other company) requesting your account details.
  • Never leave your computer unattended once you have signed on to your online banking profile.
  • Do not leave sensitive documents like bank statements in your inbox. Rather save them elsewhere and delete the original email with annexures.
  • Banks will never call you and ask you to transfer money to a new account, so ignore such calls.