The South African Banking Risk Information Centre's Commercial Crime Office estimates that R50 million is lost to phishing in SA each year, prompting big four bank Absa to warn online bankers against an upsurge of banking fraud attempts expected over the festive period.
“Ultimately, the objective of phishing scams is to fraudulently intercept and obtain account-holders' Internet banking login details in order to steal funds from their bank accounts,” explains Absa Digital Channels' managing executive, Christo Vrey.
About 10% of Absa's 11 million customers bank online, and about three million of SA's entire banking population make use of online banking. Research by World Wide Worx show SA has finally hit the 10% penetration level, with five million people having access to the Internet.
Arthur Goldstuck, MD at World Wide Worx, says phishing will become more of a problem as Internet penetration grows, as not everyone is familiar with such scams. This is exasperated by the constant evolution of more sophisticated scams in the face of user ignorance.
Vrey warns the latest and increasingly sophisticated phishing techniques are presented in a way that makes them look really authentic.
“At times, these e-mails fraudulently duplicate the bank's logos and use content snippets from the financial institution's official Web site. All of this is geared towards deceiving unsuspecting victims into divulging their logon, security and other banking details that could be used to compromise their bank accounts.
Absa warns that, while these scammers use very sophisticated technology to facilitate their crimes, it is often the psychological tactics used that make the scam successful.
Phishing psychology
“Most of these phishing scams impress upon the recipient a sense of urgency that suggests immediate risk exposure to bank accounts if the recipient (that is, the potential victim) fails to respond accordingly. Such pressure tactics coerce customers into providing the requested information,” explains Vrey.
He points out that, in recent times, scammers have become highly sophisticated, and incorporate phrasing and wording within their phishing e-mails that the bank's customers would readily identify and be familiar with from previous authentic bank advisories and communiqu'es.
“Mostly, these phishing e-mails employ emotive psychological tactics, which may include shocking, luring, scaring and threatening customers to fall victim to their fraudulent ploys,” warns Vrey.
“Customers are advised to delete such e-mails immediately,” he adds.
Vrey also emphasised that most banks will never send out random or unsolicited e-mails requesting confidential information such as passwords, PIN numbers, access codes, credit card and account numbers.
“Also, we will never ask customers to validate or restore account access through e-mails or pop-up windows,” concludes Vrey.
Related story:
SAPS busts phishing scam
Share