This week, my mother was nearly a victim of banking fraud. The scam was so well executed that she would most likely have fallen for it. I am hard-wired to look for scams due to the nature of my work, but the reality is that scamsters are becoming increasingly clever and have more access to our personal information than ever before.
This particular scam involved an email from what appeared to be the SA Post Office.
My mother was expecting a package to be delivered from overseas and received this email explaining that the parcel could not be delivered because an import duty of $2.99 was outstanding.
They wanted her to fill in her credit card details, including her card’s CVV number, so they could deduct the funds.
READ: Hundreds fall victim to loan scam
This all made sense to her as she was waiting for a package, but her only concern was how the post office had obtained her email address. When I looked at the email, several red flags popped up.
Firstly, while the sender’s email was titled “post office” the domain was @online.nl. It also made no sense why the post office would want my mother to pay the duty in dollars, and I know from experience that you usually only pay the duty when you collect the parcel.
How the fraudsters knew my mother was expecting a parcel, and the fact that they had her email address, could only mean that either her emails or those of the person she was corresponding with had been hacked.
Manie van Schalkwyk, CEO of the Southern African Fraud Prevention Service (SAFPS), says it is estimated that 17 billion cyberattacks take place around the world every day.
Over the past two years, South African companies have reported that they have been victims of cyberattacks and data breaches. Among them were Experian (July last year), Absa (November last year) and Transnet (June this year).
In the Experian and Absa breaches, consumers’ personal information was compromised. The department of justice recently announced that it was also a victim of cybercrime, as was African Bank.
According to SAFPS, Debt-IN Consultants, a professional debt recovery solutions partner to many South African financial services institutions, announced on September 22 that a ransomware attack by cybercriminals resulted in a significant data breach of consumer and employees’ personal information.
READ: Banking fraud: tips to avoid becoming a victim
It is suspected that consumer and personal information of more than 1.4 million South Africans was illegally accessed from Debt-IN servers in April.
It seems that we are reaching a point where we cannot trust anything that lands in our inbox, and our identities and personal information are constantly being compromised.
One of the most important services, and the core of SAFPS’ service offering, is protective registration – a free service protecting individuals against future identity fraud.
Consumers apply for this service and the SAFPS alerts its members to take additional care when dealing with that individual’s details.
Protective registration provides an added layer of protection and peace of mind, regardless of whether the identity of the applicant has been compromised.
If you have already been a victim of fraud, you can also apply for fraud victim registration. The SAFPS will assist applicants in preventing fraud that is a result of identity theft and impersonation.
This will protect applicants from associated financial implications. The SAFPS will issue applicants with a victim of impersonation letter, which they can share with future credit providers to assist in any verification processes.
Consumers are urged to visit the SAFPS website at safps.org.za, and click on protect your identity.
It is recommended that a smartphone is used in this process and that the applicant has a copy of their identity document with them. Alternatively, applicants can follow the manual process as explained on the website.
How to protect your bank account if your phone is stolen
Close to 41% of South Africa’s population has a smartphone and scores of people have banking apps loaded on their cellphones.
If your phone is stolen, this what you should do:
The device must be delinked from the banking profile as soon as possible. The victim of the crime must break the handshake. This is vitally important.
The next step is to change their password or sure phrase – the phrase that allows you to access your account. Clients should then consider adding an extra layer of encryption to their account, making fraud less likely.
Block the actual bank account that the stolen phone accesses, as well as the profiles related to this account.
Once the account is secured, the victim should notify the cellphone service provider to block the SIM and the unique 15-digit IMEI code of the stolen device.
“There are a number of other steps that the public can take,” says Van Schalkwyk. “Be aware of your surroundings. If you are sitting in an outdoor café or restaurant, know that if your phone gets stolen, the thief can make an easy getaway.
READ: Over half a billion rand lost in debit card scams in SA last year
“Try to use your phone discreetly. In addition, be very wary of public Wi-Fi networks, as they are unsecured. Finally, once you have reported the stolen device to the relevant authorities, contact the SAFPS.”