Nedbank has warned that criminals are using social engineering attacks to steal one-time PINs (OTPs) from South Africans to authenticate and complete fraudulent e-commerce transactions.
Deon Louw, Nedbank’s head of card and merchant fraud, said the scam involves a client receiving a call from a criminal, who convinces them they are from a reputable company.
The criminal then tells the victim they are there to assist them with a banking-related issue.
The victims are often selected because they requested a service from a company, or because they have been a victim of a crime before.
The criminal then informs the victim they need some information to resolve the problem, often referring to a “reference number” which will be sent to their mobile phone via SMS.
This “reference number” is in fact an OTP, which banks send to clients via SMS to authenticate and complete online transactions.
If the victim falls for the scam, and provides the criminal with the OTP, the fraudulent transaction is approved and money is stolen.
Louw said there is a simple rule to combat this: under no circumstance share your OTP with any person, even if they say they are from your bank or a reputable company.