Digital wallets under attack? Here are tips to brave attacks

Phishing and Smishing Attempts Targeting Digital Wallets

There has been a recent surge in phishing and smishing scams designed to steal debit and credit card information and load them onto criminals’ digital wallets.

What are Phishing and Smishing?

Phishing: A cybercrime where deceptive emails or fake websites are used to trick people into revealing sensitive information such as login credentials, passwords, PINs, card details, or ID numbers.

Smishing: Similar to phishing, but uses text messages (SMS) seemingly from reputable institutions to elicit the same personal data.

How do these scams work?

Criminals exploit the similarity between loading a card onto a digital wallet and making an online purchase. Both processes typically require entering card details in an online portal and confirming with a one-time password (OTP).

Here’s a common scenario:

You receive an SMS requesting a small fee, perhaps for parcel delivery.

Clicking the link leads you to a fake website where you enter your card details, unknowingly allowing the criminal to load it onto their digital wallet.

When the bank sends the criminal an OTP to verify the card loading, they contact you, posing as the bank and requesting the OTP under the pretense of finalizing the fraudulent payment.

If you provide the OTP, the criminal can now use your card loaded onto their device by verifying with their own biometrics (fingerprint, facial recognition, etc.).

Staying Safe in the Digital Age

Here’s how to protect yourself:

Don’t Panic: Scammers rely on urgency and panic. Ignore threats about account blockage or immediate fraud intervention.

Banks will never request OTPs, PINs, or passwords via unverified channels. End suspicious communication and contact your bank directly.

Avoid clicking links: Approach emails and SMS from unknown senders with caution. Legitimate institutions won’t ask you to click links in messages. Never click on links or download attachments from suspicious sources, as they may contain malware or redirect you to fake websites.

Be Wary of OTP Requests: Remember, your bank will never ask you to share your OTP for someone else’s use. The wording of an online transaction OTP request will differ from a digital wallet OTP request.

A legitimate FNB digital wallet OTP notification will always warn you about linking a specific card (last four digits) and instruct you to contact FNB (phone number or app login) for verification or cancellation.

Enable Two-Factor Authentication (2FA): Whenever possible, use 2FA for an additional security layer. This typically involves a second verification step sent to your mobile device or an authentication app.

Follow the bank’s security advice: Your bank understands the latest scams. Refer to their official channels for reliable guidance on safeguarding your finances.

Keep software updated: Regularly update your operating system, web browser, and antivirus software to benefit from the latest security patches. Enable automatic updates whenever possible.

Verify contact details: If a message or request seems suspicious, contact your bank directly using verified contact information from their official website to avoid being directed to a fraudulent helpline.

By remaining vigilant and following these tips, you can significantly reduce the risk of falling victim to phishing and smishing scams targeting digital wallets.

Remember, consumer awareness and financial institution vigilance are crucial in preventing fraud.

For the latest security information, customers can refer to the Security Centre tab within their bank’s app and online banking platform.

Also read: Huawei ushers in mobile AI era at MWC Shanghai 2024