{"id":600601,"date":"2025-06-29T13:00:00","date_gmt":"2025-06-29T11:00:00","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=600601"},"modified":"2025-06-29T13:01:48","modified_gmt":"2025-06-29T11:01:48","slug":"discovery-bank-flight-scam-warning","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/600601-discovery-bank-flight-scam-warning.html","title":{"rendered":"Discovery Bank flight scam warning"},"content":{"rendered":"\n<p>Discovery Bank has warned its customers about fraudulent airline advertisements on social media that lure people into remote access scams.<\/p>\n\n\n\n<p>This involves a phishing attack where criminals manipulate victims into giving them access to their mobile devices and remote banking app.<\/p>\n\n\n\n<p>Phishing is when criminals manipulate targets into revealing sensitive information using links that direct them to a fraudulent website.<\/p>\n\n\n\n<p>The idea is to attempt this attack on a large number of targets, hoping that one eventually takes the bait. By posting an ad on social media, scammers can get the attention of thousands of potential victims.<\/p>\n\n\n\n<p>On the other hand, the attack also employs social engineering, which exploits human psychology to gain information from an unsuspecting victim. <\/p>\n\n\n\n<p>&#8220;Criminals know the weakest link in the security chain is a human and will pose as a bank representative to exploit the victim&#8217;s inclination to trust,&#8221; the South African Banking Risk Information Centre (Sabric) <a href=\"https:\/\/www.sabric.co.za\/stay-safe\/social-engineering\/\">says<\/a>. <\/p>\n\n\n\n<p>In the case mentioned by Discovery, it said that once victims have been lured to the fake website from social media, they make contact with someone posing as a travel agent.<\/p>\n\n\n\n<p>The attacker contacts victims after they enquire about the advertisement and attempt to trick them into downloading a fake airline app.<\/p>\n\n\n\n<p>Once they download the app, the bank said scammers gain remote access to their devices, hence the attack&#8217;s name.<\/p>\n\n\n\n<p>After the fraudster has gained access to the victim&#8217;s device, they are instructed to log into their banking app, after which the screen goes blank.<\/p>\n\n\n\n<p>The scammer now has access to their victim&#8217;s device and their banking app, allowing them to make several transactions before the bank eventually shuts them out.<\/p>\n\n\n\n<p>To protect against such attacks, Discovery Bank said the first step is to avoid ads that are too good to be true.<\/p>\n\n\n\n<p>If the ad looks legitimate, the next step is to book the flights on official airline websites or from trusted travel agencies.<\/p>\n\n\n\n<p>Scammers do their best to pass their fake websites as legitimate, making this easier said than done. However, Sabric suggests using <a href=\"https:\/\/www.yima.org.za\/\">YIMA<\/a> to verify website URLs before using them.<\/p>\n\n\n\n<p>To avoid falling victim to a similar remote access scam, the bank says users must never allow remote access on their devices or log into their banking app while screen sharing.<\/p>\n\n\n\n<p>Discovery also points to pressure tactics like limited-time offers or urgent requests as red flags to look out for.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Remote access scams on the rise<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"675\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2024\/12\/The-battle-against-spam-and-scam-callers-in-South-Africa.jpg\" alt=\"\" class=\"wp-image-575630\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2024\/12\/The-battle-against-spam-and-scam-callers-in-South-Africa.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2024\/12\/The-battle-against-spam-and-scam-callers-in-South-Africa-600x338.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2024\/12\/The-battle-against-spam-and-scam-callers-in-South-Africa-768x432.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/figure>\n\n\n\n<p>FNB also recently described a <a href=\"https:\/\/mybroadband.co.za\/news\/security\/599704-fnb-fraud-warning.html\">similar form of social engineering<\/a> used to gain access to a victim&#8217;s personal computer by offering assistance to block fraudulent transactions.<\/p>\n\n\n\n<p>Called a remote access attack, the bank said it typically starts with a fraudster contacting the target via phone, impersonating a member of their anti-fraud department.<\/p>\n\n\n\n<p>If the victim believes the caller and accepts their assistance, the fraudster tells the potential victim to download and install protective software on their PC.<\/p>\n\n\n\n<p>Although the software may look legitimate to the unsuspecting eye, it will allow the fraudster to access their victim&#8217;s computer remotely via the Internet.<\/p>\n\n\n\n<p>After being guided through the installation process, the fraudster will ask their target to log into their personal Online Banking profile.<\/p>\n\n\n\n<p>FNB said that once the person has done this, their screen will immediately go blank, and they will start receiving several one-time pins (OTPs) on their phone for transactions they have not made.<\/p>\n\n\n\n<p>The fraudster, still in contact with their victim via the phone, will then reassure them that these are fraudulent transactions and that the OTPs must be sent to them.<\/p>\n\n\n\n<p>However, they instead use these OTPs to authenticate the transactions made using the stolen banking details.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discovery Bank has warned of a means scammers are using to gain access to customers&#8217; remote banking apps.<\/p>\n","protected":false},"author":341175,"featured_media":600669,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sma_x_autopost_status":"idle","_sma_x_autopost_error":"","_sma_x_post_id":"","_sma_x_attempts":0,"footnotes":""},"categories":[27],"tags":[38880,417,100269,83791,19546,46275],"class_list":["post-600601","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-discovery-bank","tag-phishing","tag-remote-access-scams","tag-social-engineering","tag-south-african-banking-risk-information-centre-sabric","tag-vishing"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/600601"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341175"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=600601"}],"version-history":[{"count":3,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/600601\/revisions"}],"predecessor-version":[{"id":600672,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/600601\/revisions\/600672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/600669"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=600601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=600601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=600601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}