F5.5G Leap-forward Development of Broadband in Africa The Africa Broadband Forum 2024 (BBAF 2024) was successfully held in Cape Town, South Africa recently, under…
6 things you need to know about protecting yourself from the latest online scams
With credit card fraud and internet scams an ever-present threat across the globe, as with other types of crime, incidences of banking card fraud tend to increase over the festive season. For this reason internet users should be particularly cautious during the run-up to the 2014 festive season.
And while there is ongoing coverage in the media of the various scams taking place locally and internationally, in my experience many internet users are still at a loss as to the various methods hackers may use to gain access to confidential banking information, and how best to keep their personal information safe online.
So here is the lowdown. At a high level the three most common ways hackers gain access to confidential information within the South African context is via phishing, SIM card swaps and in a few incidences, Trojan Horses.
Here phishing remains by far the most common way that many South Africans continue to erroneously disclose their personal information online. This occurs when fraudsters pose as a financial institution and circulate an email that looks like it comes from an official site such as your bank, but in fact it comes from an external party masquerading as the financial organisation.
Usually the email will ask you to visit a site, or provide some information which looks very official and proper except that the site is not what you think and the information that you give them allows them to steal your online identity and banking details.
When it comes to SIM card cloning, there are various steps the fraudsters need to go through, exploiting different weaknesses in the system to enable the SIM swap process. Most banks use SMSes for two factor authentication to reduce instances of fraud, however, unfortunately it does still happen by SIM card cloning.
Here the person will get hold of someone’s Internet banking details, usually through a phishing attack and set up banking account/s to which money can be transferred and withdrawn. Once the SIM card has been cloned the fraudster will create beneficiaries and then transfer money to these beneficiaries, finally withdrawing the money from these accounts. Because SIM swap fraud almost always works hand-in-hand with phishing, users should apply the same protection mechanisms.
While Trojan Horses are not that common in South Africa, instances of Trojans – Zeus and Kronos in particular – have impacted the local market.
Trojans pose as innocent programmes but in actual fact are designed to steal computer users’ private data. These Trojans tend to be compatible with all major browsers like Internet Explorer, Mozilla Firefox and Google Chrome and are able record all information that the users enter into their browser, including bank account details.
To do this Trojans make use of web injects to alter legitimate banking web pages. Once the user logs into his or her account the web injects look for data about the user, generally searching for information that is required to answer security questions. When the malware acquires that data, the Trojan horse sends it to a remote server where it can be used by the cyber criminals.
So with these threats still a reality within the local market, here are my top tips for keeping personal information secure online:
- Make sure you download the latest banking apps directly from the official websites of the financial institutions or from reputable online stores. The official apps will have built-in security mechanisms.
- Beware of using Wi-Fi hot spots in hotels or restaurants. If you’re travelling and using internet hotspots or free Wi-Fi, extra precautions must be taken. Rather use 3G or trusted infrastructure when using banking apps in these environments.
- Ensure your username and passwords are unique to the banking site and change these regularly. Never provide your online ID, password or PIN to anyone and never write them down or save them on your desktop. Also do not make passwords too personal. Preferably create passwords that have letters, numbers and symbols in them that cannot be attributed to you.
- Don’t ignore SMSes or emails from the bank but also be wary of using contact details supplied. Rather go directly to the website or independently look up number. Also, don’t open attachments or click on links in emails. Always bear in mind that no bank will ever ask you to confirm or update account details via e-mail, SMS or telephone.
- Keep antivirus software and patches up to date. Lots of virus infections need not occur. Software vulnerabilities that malware exploits often already have fixes available by the time the virus reaches a computer. It is thus essential that the user installs the latest updates that could have prevented these infections in the first place.
- Be vigilant regarding your mobile phone’s network connectivity status. If you realise you are not receiving any calls or SMS notifications, something may be wrong and you should make inquiries to be sure you have not fallen victim to a card swapping scam.
The bottom line is that internet users need to actively educate themselves and keep up to date with the latest online scams. Fraudsters are always on the lookout for new and clever ways to prey on the unsuspecting public when it comes to gaining access to your confidential online information.
It is also important to be alert and share information regarding any possible scams. Ultimately it’s always advisable to be overly cautious when it comes to using banking apps or disclosing confidential information.