Phishing emails targeting online banking customers are a major problem in South Africa, with research showing that the majority of these clients are being targeted.
The 2015 Columinate Internet Banking SITEisfaction survey revealed that 55% of online banking customers had been targeted by fraud, while 12% incurred financial losses due to criminal activity.
Columinate stated that digital banking crimes in South Africa – including phishing attacks – are on the rise, which is of concern to banks and their customers.
Fortunately there are ways to combat this type of online fraud, with local banks and the Banking Association of South Africa providing guidelines on how to avoid falling victim to phishing scams.
What is a phishing?
Phishing is when a criminal sends you an email claiming to be from a company or organisation – like your bank – in an attempt to get you to hand over sensitive information.
This information can be used for identity theft, or to steal money from your bank account.
This is done through different tactics, one of which involves getting the victim to click a link to a fake website for the purpose of “updating their personal details”. The fraudulent site then prompts the user to enter passwords and login details, which are captured.
Spoofed websites look almost identical to the legitimate website of a well-known financial institution or business, according to the Banking Association of South Africa, with thousands of phishing emails sent to potential victims each month.
Once a victim’s login and password details are captured, the criminal then has access to the online bank account.
Phishing scams to look out for
Standard Bank, Absa, and FNB all provide examples of phishing emails – updating their “scam databases” on a regular basis.
Phishing emails will appear to be legitimate, with accurate logos and industry terminology, while the mail may also be sent from a seemingly legitimate email address – “[email protected]”, for example.
It is relatively easy for phishing scammers to send an attack mail from an address that appears to belong to a bank.
Phishing emails may also contain spyware attachments, which, if opened, can install key-logger software. This software then records what you type on your keyboard – including passwords and user names.
The infographic below details how you can identify a banking phishing email. (Click to enlarge)
The images below shows emails online banking customers should watch out for, as provided by Standard Bank, FNB, and Absa.
How to avoid becoming a victim
The banks mentioned above, along with the Banking Association of South Africa, provide the following advice on how to avoid falling victim to a phishing email attack.
- Never give your personal details to anyone without verifying their identity.
- Never provide your personal details, for example your PIN or account details, over email.
- Never access Internet banking websites from an email link. Always enter the bank’s website address in your browser.
- Do not create shortcuts on your desktop to Internet banking. Malicious software could redirect the shortcut to a fake site.
- Register for SMS notification services from your bank.
- Avoid using public terminals (such as Internet cafes) for Internet banking.
- Ensure that you have updated antivirus and spyware software and perform regular system scans.
- Do not open other websites while logged into Internet banking, only have a single browser window open.
- When accessing Internet banking, check for the padlock icon and “https” at the beginning of the banking site’s URL in your browser’s address bar.