Sabric warns bank customers of rise in impersonation fraud
CAPE TOWN – The SA Banking Risk Information Centre (Sabric) has warned businesses and their employees that criminals impersonating local chief executives and other executives could not come at a better time.
Cybersecurity expert at Mimecast Brian Pinnock said Friday’s planned banking strike in which more than 50 000 banking staff were expected to abstain from work could leave consumers vulnerable and at heightened risk.
Mimecast is an international company specialising in cloud-based email management for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.
“Our latest global research found that 33 percent of South African firms experienced an increase in impersonation fraud involving CEOs and other executives over the past year, while impersonation fraud involving email-based spoofing of vendors or business partners increased by 38 percent. Attackers are gaining access to a wealth of online information to build complex social engineering activities that prey on people’s natural trust of known associates,” said Pinnock.
Bank customers have been advised to make use of digital banking services as far as possible on Friday to avoid any unplanned or illegal disruptions of branches, even though the planned banks strike has been deemed unprotected by the court.
The Banking Association of South Africa (Basa) said in a statement that banks would be operating as usual on Friday and would be carefully monitoring the situation to ensure the safety of their customers and staff.
Pinnock said impersonation fraud could be very difficult to spot. “One of the most popular ways of doing this is when criminals use non-western characters that appear similar to letters in the English alphabet to trick recipients into believing they’re interacting with a trusted partner, colleague or manager. Local companies have seen a 37 percent increase in this type of impersonation fraud in the past year.”
He advised employees to cultivate habits that would limit the ability of cybercriminals to trick them into risky behaviour. “Always double check the validity of emails by taking a close look at the email address and domain. Ensure your IT department has adequate security measures in place, and encourage your business to conduct regular cybersecurity awareness training.”
The bankers association said the global banking industry was evolving in response to economic pressures, digital innovation and, most importantly, the changing way their customers used and consumed financial services.