Phishing e-mails get sophisticated
Internet banking scams, particularly phishing, are increasing. This was the official word from the SA Banking Risk Information Centre (Sabric) on Tuesday, in response to queries following a fraudulent e-mail which has been circulating since last week – the latest in a rising number which attempt to elicit private information from banking clients to gain access to their money.
The e-mail claims to have noted invalid log-in attempts into clients’ internet banking accounts, and to having received several complaints about similar incidents.
The “banking service message”, supposedly from the bank’s fraud prevention unit, states that it was sent from a secure server and asks that the clients confirm their identities via e-mail by clicking on the provided link.
According to research quoted by Sabric CEO Kalyani Pillay, South Africa is ranked third among countries experiencing high numbers of phishing attacks, and the number of phishing websites which were detected and shut down by local banks had trebled in the first quarter of last year.
She said that phishing e-mails had been easy to identify in the past because they were of poor quality and contained spelling errors. But the nature of the messages had improved, making it difficult for clients to easily identify them.
Banking services ombudsman Clive Pillay said that of the complaints which reached his office, one person’s loss amounted to just under R1 million. And while he said that thousands of scam e-mails were moving around, as of April this year Pillay was attending to 281 cases as opposed to 484 for all of last year.
According to Christo Vrey, the managing executive of Absa Digital Channels, the sophistication of scams was constantly evolving, and people needed to be “exceptionally aware” of safety measures and practices.
“Phishing techniques are presented in a way that makes them look authentic. At times, these e-mails fraudulently duplicate the banks’ logos and use content snippets from the financial institutions’ official websites.”
FNB’s security centre provides online clients with a detailed archive of bogus e-mail.
People were also caught out by e-mails asking them to click on links:
l To correct errors in personal information caused by an account maintenance and verification process.
l To receive a refund from Sars.
l To register for the new chip and pin cards.
A new e-mail circulating last week read: “Payment has been made to your account. To view the details of the payment, please login to view the transaction details. If you have any questions or would like more information, please contact our support centre.”
FNB Online CEO Lee-Anne van Zyl said the bank regularly closed the sites linked to the scams, rendering the links in phishing e-mails useless.
l Any request for your personal information is a phishing attempt.
l Begin the internet banking session by manually typing the web address into the browser. Do not follow any links in e-mails to reach internet banking websites.
l Ensure that an icon resembling a lock can be seen, either at the top of the internet browser window or at the bottom.
l Install and regularly update antivirus software.
l Refrain from banking at public terminals like internet cafes.
l Change your PIN and password regularly, and delete all suspicious e-mails soliciting personal and security information.
l Do not create shortcuts on your desktop to internet banking. Malicious software could redirect the shortcut to a fake site. - The Mercury