If you suspect deceit, hit delete! What you need to know about Phishing, Vishing and other threats

Rushda Ebrahim Khan & Fameeda Suleman | Compliance Division

Phishing and Vishing scams are some of the most common cyber-attacks that occur in South Africa almost every day. This means that you could be a click away from being a victim. Always remember to think before you click!

Phishing is an attack method most commonly delivered through emails that try to trick the victim by claiming to be from a legitimate company or financial organisation in an attempt to steal your personal information. Phishing emails request that users click on a link in the email which then directs them to a “hoax” website which is designed to fool users into thinking that it is a legitimate attempt to obtain, verify or update contact details or other sensitive financial information.  Phishing emails can also contain attachments with malware.         

What is Vishing?

Vishing is when a fraudster phones their victim posing as a bank official or service provider and uses social engineering tactics to manipulate them into disclosing confidential information.  The fraudster leads the victim to believe that he/she is speaking to a genuine official at the bank or service provider. This information is then used to defraud the victim.

Other Cyber Threats?

Some examples of other cyber threats include, Smishing which is short for "SMS phishing".  Similar to Phishing, except that smishing is when someone tries to trick you into giving them your private information via a text or SMS message. The user is tricked into downloading malware onto their mobile device by asking users to click on a malicious link or by simply being tricked into responding to the message and providing personal information to the fraudster.

Spear phishing - This involves very well-crafted messages that come from what looks like a trusted VIP source, often in a hurry, targeting those who can conduct financial transactions on behalf of your organization.

Drive-by-download Attack - A ‘drive-by-download’ attack is where an unsuspecting victim visits a website which in turn infects their device with malware. The website could be one that is directly controlled by the attacker or one that has been compromised.  In some cases, the malware is served in content such as banners and advertisements.

Banking customers are targeted frequently

The Ombudsman for Banking Services (OBS) in a recent article confirmed that the OBS receives complaints on a daily basis from consumers who were deceived into providing their confidential banking information to fraudsters. In just these past few months, the OBS recorded more than 640 new fraud complaints that were received despite the daily warnings about these scams.  The OBS warned that it is very clear from the cases that have been received that anyone and everyone can be a target.

Opening malicious email attachments are a simple method of attack, but it keeps proving to be one of the most effective. This leads to the conclusion that the human element of cyber security is the weakest link. 

ITPRO in one of its newsletters provided 10 quick ways to identify Phishing emails:

  1. You have no account with that company.
  2. The email account isn’t connected to the company, ie. you have never registered this e-mail address with the company that you received the e-mail from.
  3. The return email address isn’t normal.
  4. The email asks you to confirm personal information.
  5. The email is poorly written.
  6. There is a suspicious attachment.
  7. The message is super urgent.
  8. The email doesn’t use your name in the greeting.
  9. The whole email is a hyperlink.
  10. The email is from a public domain – generally the email address will be @gmail.com or @outlook.com.

Safety tips to ensure that you don’t become a victim!

At Al Baraka Bank, your safety is our utmost priority! We would therefore like to share some important tips with you that will assist you in the fight against cyber-attacks:-

  • Do not click on links or icons in unsolicited emails that suggests that it will take you to your bank’s website.
  • When in doubt always contact your bank. If you think that you might have been compromised, you most likely have been.  Contact your bank immediately.
  • Never log onto your internet banking in an internet café or where multiple people might be sharing an unsecure network.
  • Never let any caller or email content pressure you into a reaction.
  • Update your anti-virus software regularly.
  • If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically or by any other means to anyone.
  • If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop.
  • A long password is a strong password, but remember to add as much complexity to your passwords as possible.
  • Ensure that your email spam filters are activated. These filters may keep many phishing emails out of your inbox.
  • Protect your accounts by using multi-factor authentication.
  • Never share your PIN, OTP or Password with anyone.
  • Many banks offer free notifications for transactions. Activate the notifications so that you receive SMS messages every time a transaction occurs.

If something appears suspicious, verify, verify, verify!!!!! Remember, it is better to be safe than sorry!