Schemes and Scams

FRAUDULENT CHANGE OF BANK ACCOUNT DETAILS SCAM

MODUS OPERANDI:

The scam operates by an innocent recipient receiving an email or letter informing them that a particular supplier of theirs has changed their bank account details. The correspondence will include the details of the new account. You will be asked to make future payments into the new account. These details are fraudulent with the consequence that monies are paid to the fraudster and not the supplier.

In certain instances, the fraudsters also phone the victims informing them of the change of details and that a letter will follow. The telephone call will be used by the fraudster so that they can extract more information to make their communication more believable.

AWARENESS TIPS ON HOW BANK CONSUMERS CAN AVOID FALLING VICTIM:

  • Maintain a good relationship with existing suppliers and know your contacts so that you are able to liaise with them when required.
  • If called by a ‘supplier’, ask to speak to your known contacts and do not take instructions from staff at the supplier who are not known to you.
  • Beware of supposedly confirmatory e-mails from almost identical e-mail addresses, such as .com instead of .co.za, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.
  • Instruct staff with the responsibility of paying invoices to scrutinise invoices for irregularities and escalating suspicions to a known contact.
  • Ensure that your company’s private information is not disclosed to third parties who are not entitled to receive it, or third parties whose identities cannot be rightfully verified.
  • Rather shred your business and suppliers invoices or any communication material that may contain letterheads, than discarding these in rubbish bins.
  • Should you fall victim to this type of fraud, it is important to contact your Bank immediately so that they may assist you to stop any payments.

PS: Remember that electronic payments are based on the account number only. Any account name given is not routinely checked as part of the automated payment process. This is the same for all South African Banks. It is your responsibility to ensure the account details being used are correct, by conducting an independent verification.

DEPOSIT AND REFUND SCAMS

MODUS OPERANDI:

A criminal orders goods or services from a business and makes a payment into the victim’s account, mostly by means of a fraudulent cheque. Proof of payment is then sent to the business and goods are delivered to the criminal. When the Bank processes the cheque, it is uncovered that the cheque is fraudulent and as a result no funds are transferred to the victim’s account. The victim is thus out of pocket as they do not have the goods nor the money. In other instances the order is cancelled and an urgent refund is requested. Alternately a payment is made in ‘error’ and an urgent refund is requested.

AWARENESS TIPS FOR CONSUMERS TO AVOID FALLING VICTIM:

  • No ‘refund’ should be made without first verifying with the Bank that the deposit that has been made into your account is indeed valid.
  • In addition, you should wait for all cheque deposits to first be cleared before handing the goods over to a depositor.
  • Take great care to protect personal information and that of your company; it is through access to this information that perpetrators gain access to you and your organisation.
  • Staff dealing with finance in your organisation should be educated about such scams.

DATING AND ROMANCE SCAMS

MODUS OPERANDI

The internet is used for almost everything, including finding a lifetime partner. There are thousands of online dating sites that provide the service of matching potential partners based on specific requirements. Unfortunately there are predators that prowl legitimate dating sites for victims to scam.

Scammers often create profiles and post them on legitimate dating sites waiting for potential victims to fall bait to their scam. They may even go as far as targeting specific kinds of people by creating a profile that meets the requirements of a match for the person they are targeting. These scammers are con artists and are skilled at building trust and making victim fall in love with them as they pose as their ideal partner. Once the victim’s defence are lowered and they become emotionally vulnerable they trick to you into giving them money.

HOW VICTIMS GET DEFRAUDED

The scammer will make contact with the victim and will offer to share lots of personal information with them in the hope of building a trusted relationship. The information and profile pictures are all false and are often used over and over again with various victims. Once they feel that the victim trusts them and they have a bond with them they will often suddenly be called away on business or experience serious personal crisis. What then follows is a request for the victim to send them money to either help them out of a crisis or that the victim pays their travel expenses to visit them. They might even promise to refund the money to the victim when they meet them. Should the victim provide them with the requested money they may either disappear or request that they send more money. If the victim doesn’t give them the money their messages will often become more desperate and persistent, in an effort to convince them to give them money.

HOW TO AVOID BEING A VICTIM OF ONLINE DATING SCAMS?

  • Be suspicious of people who have out of the ordinary jobs, the most common scams involve people working in the army, navy, air force, United Nations and other jobs that require large  amounts of travelling.
  • Watch out for emails where content has been pasted into the email, the fonts and font sizes always vary, or where the emails are not personally addressed to you i.e. “Hi beautiful”. Scammers often target a number of victims at the same time and make use of the same content in their emails to all victims.
  • Never send money to anyone that you are communicating with over the internet.
  • Look out for inconsistencies in the communication that is sent to you. Syndicates often have a number of people manning their online dating sites so you could possibly be chatting to two or three different people.
  • Be wary of people who keep promising to meet you and always cancel at the last minute: don’t give someone money to come and visit you.
  • Should you arrange a meeting with someone you have met online, ensure that you meet in a public area and possibly with friends.
  • Be careful how much personal information you share on social networking sites. Scammers can use this information to target you with a scam.
  • Should you suspect that you are being targeted by a scammer, stop all communications immediately and report it to the online dating service immediately.

CLASSIFIED/ HOLIDAY SCAMS

MODUS OPERANDI

Criminals set up bogus website offering specials on certain gifts, from holiday accommodation to air tickets. The victim will then click on the website as it looks professional and the cost appears to be cheap. The victim purchases using their credit card details thinking they are buying from a genuine company. The purchase goes through but the victim never receives the goods as the website was fake. The criminals then have access to bank customer’s bank details and can use it fraudulently including stealing the identity of the victim.

HOW CONSUMERS CAN PROTECT THEMSELVES

  • Do not trust websites you do not know.
  • Don’t fall for offers that are available at a very cheap price. If it seems to be too good to be true, they usually are.
  • Register for 3D Secure to secure your card details.
  • Do not send emails that quote your card number and expiry date.
  • Never click on a link when requested to confirm your banking or personal details.

PHISHING

MODUS OPERANDI

Phishing is a scam that takes place via email. Fraudsters send out e-mails to recipients purporting to come from a reliable source like a banking institution, SARS or email service providers. The e-mail will prompt bank consumers for their information to be updated or validated through a hyperlink or icon. Once clicked on, the link will launch a fake website that resembles the legitimate website. The information requested is usually personal information and could include usernames and passwords for banking platforms or e-mail accounts as well as cell phone numbers and bank card details.  Any information that is entered on the fake website is captured by the fraudsters and can be used to perpetrate fraud.  In addition to harvesting personal information, fake websites can be used to infect customer’s machines with malicious software which can be used to gather sensitive information.

AWARENESS TIPS ON HOW CONSUMERS CAN AVOID FALLING VICTIM:

  • Never respond to emails appearing to be from your bank that request your personal details. No bank will ever ask you to confirm or update your account details via email
  • Do not click on links or icons on unsolicited email.
  • Type in the URL for your Bank in the internet browser if you need to access your Bank’s web page.
  • Check that you are on the real site before using any personal information
  • If you think that your computer might have been compromised, contact your Bank immediately.
  • Hover over hyperlinks: Hover your mouse pointer over any hyperlinks to reveal the actual URL and check that it is in fact the address stated in the email.
  • Never provide your online ID, password or PIN to anyone.
  • Avoid doing Internet Banking in public areas such as Internet Cafes.
  • Change your PIN and passwords frequently.
  • Place sensible transaction limits on your accounts.
  • Ensure that you have the latest anti-virus software applications installed on your computer.

TELEPHONIC TECHNICAL SUPPORT SCAMS

MODUS OPERANDI

The scam relies on social engineering techniques to convince the user of the technicians’ credentials. The scammers call, claiming to be a technical support assistant associated with well-known companies for example Microsoft. They will state that they have detected viruses or other malware on the user’s computer and then trick them into giving them remote access or paying for software they do not need. In most cases scammers can get names and other basic information from public directories and then guess what computer software the computer user is using.

The scammer will ask the victim to log onto their computer so that they can talk them through the fix. They convince the user to visit legitimate websites to download “Remote Access Control” software that will allow them to take control of the computer remotely and adjust settings to leave the computer vulnerable. They may also trick the user into installing malicious software that could capture sensitive data, such as online banking usernames and passwords or remotely install malware themselves. The objective is to compromise internet banking profile credentials for later use. The victim then needs to pay for the service via a credit card and is asked for the credit card details, or is asked to make an internet payment.

AWARENESS TIPS FOR CONSUMERS TO AVOID FALLING VICTIM:

  • Keep your software up to date, using the latest security patches available.
  • Do not give control of your computer to a third party who call you unexpectedly.
  • Do not rely on call line identification (CID) alone to authenticate a caller. Criminals spoof CID numbers. They may appear to be calling from a legitimate company or a local number, even when they’re not in the same country as you.
  • Never provide your password, credit card or other financial information to someone who calls and claims to be from tech support.
  • If you’re concerned about your computer, call a reputed security software company directly and ask for help.

GET RICH QUICK SCAMS

According to the SARB’s Supervision Department 2015 annual report (25 May 2016) 19 illegal schemes are currently being investigated, left over from a total of 41 that were under review in 2015.  This proves the prevalence of how easy members of the public fall for these schemes and scams; and the effectiveness of social engineering in duping the public to part with lifetime savings in pursuit of quick gains and wealth. These include WorldVentures, Kipi (also known as Mydeposit241), Make Believe, NMT Investments, Instant Wealth Club, MMM South Africa, DIPESA, Sikhese (Pty) Ltd as well as the Wealth Creation Club, as previously reported. SARB has voiced their concern not only about the high level of illegal money schemes in the in the country but also the willingness of members of the public to participate in such schemes. 

MODUS OPERANDI

An ‘investor’ will lure their victims by guaranteeing high profits that promise little or no financial risk.  In most instances the investor will be vague about the nature of the investment, but will stress the rate of return.  These investors hype their high-level financial connections; the fact that they’re privy to inside information through social engineering techniques and that they’ll guarantee the investment. To close the deal, they often come up with phony statistics, misrepresenting and stressing the uniqueness of their offer.

SIGNS TO LOOK OUT FOR THAT IT IS A “GET RICH QUICK SCAM”

  • It claims to pay out double-digit returns.
  • It claims to be an opportunity of a lifetime.
  • You can’t understand how it generates money.
  • It is not a registered product or a product offered by an authorised financial services provider.
  • Returns or profits earned are dependent on recruiting more members to the scheme.

AWARENESS TIPS ON HOW NOT TO FALL VICTIM TO “GET RICH QUICK SCAMS”

  • If it sounds too good to be true, its most likely a scam.
  • Be sceptical of any investment’s insistence that you act NOW.
  • Be careful of investments that guarantee you high profits with little or no financial risk.
  • Exercise due diligence in selecting investments and the people with whom you invest- DO YOUR HOMEWORK BEFORE INVESTING YOUR MONEY.
  • Consult an unbiased third party- like an unconnected broker or licensed financial advisor before investing.