Standard Bank customers in South Africa should be wary of a Financial Intelligence Centre Act (FICA) related phishing scam claiming their accounts will be blocked.

Cybercriminals have been sending SMS messages to people claiming their accounts would be blocked within two hours if they didn’t update their FICA information.

“Your Standard Bank account is scheduled to be blocked in 2hrs due to fica failure update. Please update your profile to avoid this https://url.sg/[REDACTED],” the SMS said.

There were several red flags associated with this scam attempt. Firstly, the SMS contains several grammatical errors that likely wouldn’t be included in a legitimate communication from the bank.

Secondly, one person who received this SMS had their communication preferences set to email, with all official Standard Bank communications going to their registered email address.

Knowing your banking communication preferences is essential to prevent falling victim to such scams, as institutions like Standard Bank will only send official communications via your preferred channel.

Lastly, clicking on the link in the message takes users to a webpage resembling a Standard Bank portal, where they are asked to enter their credit or debit card details.

The spoofed webpage is set up to convincingly impersonate Standard Bank and trick victims into believing that entering their details is safe.

Banks will not ask their customers to provide credit or debit card details to access these portals. Entering these details through fraudulent links will enable criminals to make payments with your card.

MyBroadband shared the scam SMS with Standard Bank, which confirmed that it was a scam and not an official communication from the bank.

“Spoofed websites usually have similar logos to the original sites and, in some cases, they may even be identical,” Standard Bank says in a post on its security centre.

“The domain name or web address is also similar to that of the original website and will often use words associated to the company’s name or products.”

However, this isn’t the case for the FICA-related SMS scam. The link included in the SMS takes users to a domain that does not resemble a Standard Bank domain — another red flag to look out for.

Below is a screenshot of the spoofed website to which the link in the scam SMS redirects users. It includes the Standard Bank logo and a similar design to the bank’s online banking portal.

Headache for South Africa’s biggest banks

Fraudsters are increasingly targeting South African banking customers, and the country’s major banks have issued various scam warnings in recent months.

These include players like Capitec, Discovery Bank, Nedbank, Standard Bank, and the Banking Association of South Africa (Basa).

Many of these entities warned that social engineering attacks through phishing, vishing, and client coaching are becoming more sophisticated in South Africa.

A common technique is impersonating a representative from a victim’s bank to try to access their funds or account.

These scams typically create a sense of urgency and say immediate action is needed, as is the case with the FICA-related SMS scam, which warned that the victim’s account would be banned within two hours.

In other cases, fraudsters may pose as another organisation or an authority to try and pressure banking customers into divulging sensitive information.

The banks also each listed numerous ways for customers to avoid falling victim to these scams. These are collated below:

Don’t process transactions when asked by someone purporting to be from your bank. End the engagement and contact your bank directly to verify.

Read any messages from your bank carefully before you act.

Don’t click on links in unsolicited messages asking for personal or banking information.

Ensure you only load applications from trusted marketplaces and that you keep them up to date.

Don’t share sensitive information. A bank will never ask for your passwords or OTPs.

Immediately report stolen cards or devices.

Don’t authorise transactions you didn’t process.

Don’t download files so anyone can view your device’s screen.

Don’t allow remote access to your computer through software like AnyDesk or TeamViewer.

Avoid using public Wi-Fi to access your banking app.

Standard Bank has warned of rising incidents of voice phishing, or vishing, in South Africa. The bank’s head of fraud risk management, Athaly Khan, said it had seen a shift from SMS-phishing to vishing.

“Through manipulation and deception, we are now seeing fraudsters employ the aid of customers to facilitate payments or unknowingly grant access to their banking app,” said Khan.

“Most customers are actively seeking ways to cut costs and spend when there are discounts.”

He warned that this gives fraudsters an opportunity to present offerings that are too good to be true, advising customers to be wary of fraudsters preying on their vulnerability.