The Rapport newspaper reported that the Hawks are investigating the possibility that a syndicate gained access to ABSA clients’ online banking details, and are busy stealing millions from these accounts.
According to the report, numerous ABSA clients’ bank accounts were emptied by criminals who gained access to their account details.
In all these cases ABSA said the victims were to blame, because they fell for phishing attacks which exposed their online banking details.
However, many of the ABSA online banking fraud victims dispute falling for phishing scams.
In one case, where R2 million was stolen, the Rapport investigation showed that the theft may have taken place from an IP address located at the ABSA head office.
ABSA denied responsibility, and only refunded the client 50% as a goodwill gesture. She is now suing the bank for the rest of the money which was stolen.
Her case, Rapport said, is part of 36 similar cases which all involved the money being transferred to a Capitec account, and where SIM swap fraud took place.
How criminals steal money from your online bank account
While the methods used to steal a person’s banking details may differ, the process followed by fraudsters to steal money from online banking users in South Africa is nearly always the same:
- Get the person’s Internet banking details, typically through a phishing attack.
- Get a banking account/s to which money can be transferred to and withdrawn.
- Clone the SIM card used by the person.
- Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
- Withdraw the money from these accounts.
In each of these steps the criminals can exploit different weaknesses in the system to achieve their goal.
The infographic below provides an overview of how online banking fraud happens, and what users should do to stop their online banking details being compromised.
The full report is available in the Rapport newspaper of 2 October 2016.