According to the recently released SABRIC Annual Crime Statistics 2020, social engineering (phishing, vishing and SMishing) continue to be the primary method employed by criminals when targeting victims across digital channels.
As cybercrime continues to rise, SABRIC is encouraging South Africans to be more aware when engaging online, sharing any personal information, or clicking on links.
Below are some of the different types of online scams, and what the public should look out for to avoid becoming a victim. These scams are usually mentioned separately, but they are often used together. Being aware of these is the first step toward keeping your money safe.
Phishing
This is one of the best-known fraud techniques. Phishing emails and SMSs are cleverly disguised to look like they’re from a legitimate organisation. This communication is designed to mislead people using convincing but fabricated information to manipulate them into clicking on a link or opening an attachment.
- Never click on email links – even if they contain concerning information (such as a blacklisting, fraud on your account, etc.). Address your concerns with the organisation directly.
- If the email claims to be from your bank, type in the URL (Uniform Resource Locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage. Check that you are on the authentic/real site before entering any personal information.
- If you did perhaps click on a suspicious link and think that your device might have been compromised, contact your bank immediately.
- Create complicated passwords that are not easy to decipher and change them often.
Vishing
This occurs when a fraudster phones a victim posing as an official from a bank or insurance company, for example, to get personal and confidential information with the intent to defraud someone.
- Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- Not all vishing calls come from unknown numbers. Often, the numbers will look legitimate. Rather call your bank back directly – on a number that you know is theirs.
- If you receive an OTP – and have not transacted yourself – make sure that you report it to your bank immediately.
SMishing
Also known as SMS Phishing, SMishing occurs when victims receive SMSs requesting personal information or confirmation via a link click in the SMS. Clicking on the link could lead install malware on your device, such as ransomware or spyware or open a spoof (fake) website that looks like your bank’s website or other legitimate organisation.
- Take a closer look and scrutinise an SMS before you act on it. Don’t click on links or icons, and don’t believe the content of the SMS. Using threats such as blacklisting is a tactic to get people to react, and, if you are concerned, contact the company mentioned independently.
- Never reply to a SMishing SMS – delete it immediately.
- Don’t store your credit card or banking information on your smartphone in case malware is installed on your phone.
Business email compromise
This occurs when a criminal illegally accesses an email account and communicates as though they are the actual user. Criminals do this by stealing the account holders personal and confidential information through phishing and other means.
- Make sure your PC has the most up-to-date OS updates and antivirus software.
- Use a strong password for your email account, one that is at least six characters long, with a combination of letters, numbers, and capitals/lowercase.
- Never list your main email address publicly anywhere online. Use a separate email address for the internet which is not linked to your personal or business email account.
- Don’t use public computers to check email; there’s virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.
Identity theft
Identity theft is a combination of personal information – such as your passport or ID document – as well as confidential information such as a PIN, to assume your identity and defraud you.
- Check your bank statements regularly.
- Do not use any information that may have been compromised.
- Register for SMS notifications to alert you when products and accounts are accessed.
- Conduct regular credit checks to verify whether someone has applied for credit using your personal information and if so, advise the credit grantor immediately.
While these are just a few of the many scams that are out there, it is important – especially in this age where we are spending more and more time online – to be more vigilant and aware of how to avoid being a victim of cybercrime.
For more information, visit the Stay Safe page on the SABRIC website.