Standard Bank has warned that the banking industry in South Africa has seen a spike in clients being “duped” by fraudsters posing as bank or tax officials, or pretending they work for investment firms.

The bank said it is responding to this new threat by investing in new technology aimed at cautioning and protecting “vulnerable customers”.

“Data from the South African Banking Risk Information Centre (Sabric) shows that ‘vishing’ – where scammers use phone calls and social engineering skills to manipulate victims into disclosing confidential information – has become the biggest contributor to application, digital banking and card-related fraud,” Standard Bank said in a statement on Tuesday.

“Unlike phishing scams, which deceive people into clicking on links in texts and e-mails, vishing calls trick people into sharing sensitive banking information or taking actions that compromise the security of their bank accounts.”

Scammers, it explained, are targeting older people who are approaching retirement or have recently received their cash payouts. They propose “high-return” investment opportunities and persuade victims to transfer funds into fictitious investment accounts with false promises.

In another tactic, criminals attempt to create panic by falsely claiming that the victim’s bank account is at risk, urging them to move their money to a different account for “safekeeping”.

“The bank will never call to ask you to move your money to an account that you do not know about,” said Standard Bank head of digital and e-commerce Belinda Rathogwa in the statement. “If you are going to invest your hard-earned money, verify the details of the investment company that you are dealing with. Check that they are registered with the Financial Services Conduct Authority.”

Social engineering

“These individuals encourage victims not to share details about the fraudulent transaction with their banks or loved ones, making it difficult to detect the fraud early. This social engineering tactic leaves little recourse for consumers, so that many are unable to recover all of their lost funds, and most don’t recover any of their money, even with their bank’s assistance,” Rathogwa said.

She said fraudsters have turned to social engineering because the risk controls used by the banks prevent unauthorised access to accounts. “They therefore trick clients in other ways.”

Read: Warning that growing fraud could spell the downfall of SMS

In response, Standard Bank has launched a security feature on its mobile banking app that’s designed to alert clients to potential vishing threats. Once activated and consented to by the client, the feature notifies users of suspicious calls.

“Our data shows that a growing number of older clients make use of our app. Any additional security features on the app can therefore play a big role by protecting them,” said Rathogwa.

Standard Bank provided the following tips to avoid falling victim to these and other attacks:

Be careful about unsolicited calls, e-mails or messages asking for personal information;
If you receive a call from someone claiming to be from your bank’s fraud department, remember that the bank will never ask you to share your personal information over the phone. If the call sounds suspicious, hang up and call your bank’s fraud line;
Never share your one-time Pin (OTP) with anyone. Your bank will never ask for your digital banking credentials, including OTPs, passwords or Pins, over the phone;
Avoid connecting to public Wi-Fi networks to do your banking; and
Use your fingerprint or facial recognition to secure your device and to sign in to your banking app for added security. – © 2024 NewsCentral Media