The COVID-19 pandemic has resulted in a rise in banking scams and fraud in South Africa.
This is according to South African banks, which explained that this is due to an uptake in online transactions.
“We will continue to see the likes of phishing increasing in South Africa because people are adopting online purchases in increasing numbers,” said Standard Bank head of fraud and risk Carolina Reddy.
“COVID is here to stay for quite a while, and with more people purchasing goods online, this will make them vulnerable to fake websites and emails.”
Absa’s head of fraud solutions Ally Mafunzwaini agreed with this sentiment.
“The COVID-19 pandemic has accelerated the uptake of online banking and e-commerce transactions,” said Mafunzwaini.
“With the increase in these types of transactions, cyber criminals have used the opportunity to advance their sinister behaviours to dupe customers into thinking that they are dealing with legitimate organisations or banks.”
Phishing is king
According to Reddy, phishing has continued to be prominent in South Africa – but the COVID-19 pandemic opened South Africans up to new phishing strategies.
These include emails that purport to be COVID-19 relief funds and loan providers.
“Customers were receiving emails saying that they qualify for a grant or a loan,” explained Reddy.
These users are often being asked to click on a link and the malicious parties will then install malware on the victim’s computer – which will be used to steal their banking credentials.
Mafunzwaini also noted the increase of Smishing, which is phishing via SMS.
“In some cases, fraudsters pretend to be from a bank by sending an SMS and calling customers to create panic relating to a possible pending fraudulent debit out of the customer’s account,” said Mafunzwaini.
“Customer unknowingly authorise these transactions thinking that they are assisting a bank to stop fraud.”
Reddy added that OTP phishing is incredibly common, and this involves malicious parties pretending to be banks and requesting that the victim sends the OTP to said party.
Both Mafunzwaini and Reddy also noted that a common scam in 2020 was the change of banking details scam.
With these scams, victims are sent a fraudulent invoice from malicious parties which are purporting to be a legitimate business.
From here, these customers unknowingly pay money into the malicious party’s account instead of the correct business.
Mafunzwaini and Reddy also highlighted advance fee and deposit scams, where customers make upfront payments or deposits to fake businesses for non-existent goods and services.
Reddy said customers should ensure they know who they are buying from by looking the company up to see if it is legitimate.
This can be done through most banks when making the payment, as businesses can register their accounts with banks.
Tips to avoid fraud
Both Mafunzwaini and Reddy provided tips for South Africans wanting to avoid being caught out by banking scams and fraud.
Mafunzwaini provided the following tips:
- Absa offers an Account Verification Service and therefore customers are encouraged to perform account verification before making payment to new beneficiaries.
- Keep your Antivirus software updated to avoid malicious software attacks.
- Do not approve transactions if you are not transacting.
- Avoid the “too good to be true” deals and research your suppliers before entering into relationships.
- Obtain correct contact details from your bank’s website and avoid responding to unknown numbers.
- Always login to your banking profile through a browser by typing the bank website domain address and not through a link.
Reddy added the following tips:
- If you are making purchases online, use your credit card rather than making a direct deposit. It is even better to use a virtual card or an escrow service if either of these are available through your bank.
- Key in bank and retailer URLs and check for the lock symbol next to the URL once the website has loaded.
- Read your messages – as many customers who are caught out by fraud or scams do not realise it because they have not seen the notifications from their banks regarding transactions on their account.
- If your smartphone is stolen and you use a banking app, call your bank to report it, and phone your mobile network operator to have the device and SIM blacklisted.
- Never share your ATM pin, personal credentials, or any OTPs you receive – even if the party claims to be your bank. Banks explicitly state when they send an OTP that you should not share it with anyone.