Subscribe

Absa warns of festive phishing

By Leigh-Ann Francis
Johannesburg, 15 Dec 2010

The South African Banking Risk Information Centre's Commercial Crime Office estimates that R50 million is lost to phishing in SA each year, prompting big four bank Absa to warn online bankers against an upsurge of banking fraud attempts expected over the festive period.

Online safety tips

Begin your Internet banking session by manually typing the Web address into your browser.
Keep your access information secure - this includes all account numbers, user numbers, as well as all PIN numbers and passwords.
Ensure you see an icon resembling a lock, either at the top of the Internet browser window or at the bottom (depending on your browser).
Install and regularly update the latest anti-virus software.
Refrain from banking at public terminals, like Internet cafes, as you can never be fully aware of what programs are installed on these public PCs.
Only provide credit card details to reputable companies - ensure you look for the lock and key icon and security certificates when shopping online.
Change your PIN number and password regularly and delete all suspicious e-mails soliciting personal and security information.

“Ultimately, the objective of phishing scams is to fraudulently intercept and obtain account-holders' Internet banking login details in order to steal funds from their bank accounts,” explains Absa Digital Channels' managing executive, Christo Vrey.

About 10% of Absa's 11 million customers bank online, and about three million of SA's entire banking population make use of online banking. Research by World Wide Worx show SA has finally hit the 10% penetration level, with five million people having access to the Internet.

Arthur Goldstuck, MD at World Wide Worx, says phishing will become more of a problem as Internet penetration grows, as not everyone is familiar with such scams. This is exasperated by the constant evolution of more sophisticated scams in the face of user ignorance.

Vrey warns the latest and increasingly sophisticated phishing techniques are presented in a way that makes them look really authentic.

“At times, these e-mails fraudulently duplicate the bank's logos and use content snippets from the financial institution's official Web site. All of this is geared towards deceiving unsuspecting victims into divulging their logon, security and other banking details that could be used to compromise their bank accounts.

Absa warns that, while these scammers use very sophisticated technology to facilitate their crimes, it is often the psychological tactics used that make the scam successful.

Phishing psychology

“Most of these phishing scams impress upon the recipient a sense of urgency that suggests immediate risk exposure to bank accounts if the recipient (that is, the potential victim) fails to respond accordingly. Such pressure tactics coerce customers into providing the requested information,” explains Vrey.

He points out that, in recent times, scammers have become highly sophisticated, and incorporate phrasing and wording within their phishing e-mails that the bank's customers would readily identify and be familiar with from previous authentic bank advisories and communiqu'es.

“Mostly, these phishing e-mails employ emotive psychological tactics, which may include shocking, luring, scaring and threatening customers to fall victim to their fraudulent ploys,” warns Vrey.

“Customers are advised to delete such e-mails immediately,” he adds.

Vrey also emphasised that most banks will never send out random or unsolicited e-mails requesting confidential information such as passwords, PIN numbers, access codes, credit card and account numbers.

“Also, we will never ask customers to validate or restore account access through e-mails or pop-up windows,” concludes Vrey.

Related story:
SAPS busts phishing scam

Share