Carte Blanche recently reported that criminals stole hundreds of thousands from three Nedbank clients whose accounts were compromised.
According to the report, criminal networks are behind these attacks, making use of a wide range of tools to get a person’s account details.
While the methods used to steal a person’s banking details may differ, the process followed by fraudsters to steal money from online banking users in South Africa is nearly always the same:
- Get the person’s Internet banking details, typically through a phishing attack.
- Get a banking account/s to which money can be transferred to and withdrawn.
- Clone the SIM card used by the person.
- Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
- Withdraw the money from these accounts.
In each of these steps the criminals can exploit different weaknesses in the system to achieve their goal.
The infographic below provides an overview of how online banking fraud happens, and what users should do to stop their online banking details being compromised.
Online banking safety tips
Sabric provided the following safety tips when using Internet banking to ensure that criminals cannot steal your money.
Are you using your PIN and password correctly to keep your money safe?
- Memorise your PIN and passwords, never write them down or share them, not even with a bank official.
- Make sure your PIN and passwords cannot be seen when you enter them.
- If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch.
- Choose an unusual PIN and password that are hard to guess, and change them often.
- For your security you only have three attempts to enter your PIN and password correctly before you are denied access to your services.
- Register for your bank’s cellphone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.
- If reception on your cellphone is lost, immediately check what the problem could be, as you could be a victim of an illegal Sim swop. If confirmed, notify your bank immediately
- Inform your bank should your cellphone number change so that your notification contact number is updated on its systems.
- Regularly verify whether the details received from cellphone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately make contact with your bank.
Are you sure you’ve logged on to your bank’s Internet banking website?
- Ensure that you are on your bank’s secure website and not on a ‘spoof’ site that looks like the real website.
- Log onto your bank’s website by typing in the web address instead of accessing via Google search as it might lead you to a spoofed site.
- Do not use web links that are saved under your favourites and never access your bank’s website from a link in an email or sms
- Make sure that you are not on a spoof site by clicking on the security icon on your browser tool bar to see that the URL begins with https rather than http.
- Remember to log off when you have finished banking.
Is your PC secure?
- Never do Internet banking in public areas such as Internet cafés.
- Make sure that no one has unauthorised access to your PC.
- Be aware that there are no security cameras trained on your PC and keyboard.
- Make sure that the software loaded onto your PC is correctly licensed.
- Update your operating system and browser with the latest patches.
- Never open suspicious or unfamiliar e-mails or attachments as these often contain harmful programs.
- Never click on links or attachments within suspicious e-mails.
- Prevent harmful software such as viruses, spyware, and Trojans from infecting your PC by:
- Having the latest anti-virus applications loaded on your PC.
- Installing a personal firewall on your PC.
- Being aware of using storage devices (such as memory sticks and portable hard drives).
- Browsing and downloading only from trusted websites.