Criminals use Black Friday to defraud South Africans, meaning consumers should be vigilant during this period.
This is according to SABRIC CEO Nischal Mewalall, who noted that opportunistic criminals revel in the Black Friday period.
Mewalall said that phishing is one of the most common ways criminals try to defraud South Africans during this time.
“Criminals make use of Phishing emails that request that users click on a link in the email which directs them to a “spoofed” website,” explained Mewalall.
“The spoofed website looks like a legitimate online retailer complete with beautiful images and enticing taglines. Criminals use these bogus websites to harvest bank card details which they then use to make online purchases on the victim’s account.”
He noted that even in situations where purchases are made and transactions go through, it could still be a scam.
“If a deal seems too good to be true, it most probably is,” said Mewalall.
He also noted that spoofed websites can be used to steal personal or confidential information.
“A criminal may use this information to contact the victim telephonically and gain their trust so that the victim willingly divulges any information requested,” said Mewalall.
“This information is then used to defraud the victim. This tactic is known as social engineering which exploits human psychology, as criminals know that the weakest link in the security chain is a human.”
Managing Executive of Everyday Banking at Absa Cowyk Fox also noted that phishing is a common scam that is used by malicious parties to target its customers.
Other scam techniques noted by Fox include:
- Vishing – Phone calls impersonating a bank where the criminals disclose customer personal information before requesting customers for their “keys to the safe.”
- Smishing – Text messages where the customer is requested to open the link and complete the fields.
- Stolen devices including phones – Devices used by customers to perform banking transactions are stolen for the sole purpose of defrauding customers. With these methods, fraudsters attempt to deceive customers into disclosing their “keys to the safe” including online PIN, online passwords, card PIN, card CVV number, OTP, and/or authentication messages to allow them to effect fraudulent transactions.
- Identity theft – A method of stealing customer identity documents and personal details and using such details to impersonate the real customer in applying for loans in an effort to access loan pay-outs or available funds on credit cards in the name of real customers.
“Fraudsters are getting increasingly sophisticated in targeting unsuspecting customers through social engineering,” said Fox.
“Fraudsters use personal data from incidents such as data breaches to impersonate banks and other legitimate organisations with the sole purpose of tricking customers into granting them access to their money and bank accounts.”
Fox said that Absa will never ask customers to share their PINs, passwords, or card CVV numbers for any reason, nor will they ask customers to read out the OTP number they have received to reverse or process a transaction.
“Customers are urged to always remain vigilant by reading Notify Me (SMS) notifications and verification messages thoroughly before responding to them,” he said.
“If you suspect any suspicious activity, cut the call and immediately contact the Absa Fraud Hotline via the mobile banking application “Report Fraud” functionality or 0860 557 557 or +2711 501 5089.
Capitec told MyBroadband that it is aware of various new tactics used by fraudsters to target South African banking clients.
“In some instances, fraudsters will call you claiming to be from your bank’s fraud department, warning that there was either an attempt to commit fraud on your account or that a stop order was loaded,” said Capitec.
“In order for them to block this activity, consumers are told to approve the confirmation messages sent to their banking app using their PIN.”
“The fraudsters then lead the panicking consumer through the process of performing a transaction on the app, unknowingly transferring funds to the fraudster.”
The bank noted that it will never call clients requesting personal details, their PIN, or asking them to approve transactions.
“The best way to handle calls like these is for customers to state that they will rather go to the nearest branch to resolve the issue,” said Capitec.
“Should clients suspect they have fallen victim to this scam, they are urged to contact their bank immediately to report the incident.”
Protecting yourself from fraud this Black Friday
SABRIC offered the following tips to help South African online shoppers protect their money this Black Friday.
- Shopping for cheap online specials can be an expensive mistake. Watch out for emails offering crazy BlackFriday deals. If it seems too good to be true, it probably is.
- Make sure that your mobile shopping apps are the latest available versions by updating these regularly.
- Don’t save your card details on e-commerce sites.
- Protect yourself against fraud by registering for additional security that sends a One Time Pin to your phone when making a payment.
- Watch out for spoof e-commerce sites advertising #BlackFriday specials. Criminals only need to change one digit of a web address to create a spoof website and steal your data.
- Be wary of unfamiliar e-commerce sites, especially if they do not redirect you to confirm your transaction via your banks 3D secure page or via your own bank’s mobile app before you pay.
- Never supply your OTP to anyone while conducting an online transaction.
- Change your Wi-Fi’s wireless router password as most people use the default router password provided by their ISP (Internet Service Provider). Changing the wireless router password makes the connection more secure.
- Never click on unknown links in emails, or open email attachments from unknown sources.
- Identify subtle clues – such as spelling errors – that may indicate the email they seemingly received from a retailer is actually from an imposter.
- Only shop at reputable retailers and avoid unknown ones, even if the offers seem amazing.
- Never forward emails that may contain malicious attachments or links.