Cybercriminals are targeting consumer bank accounts this festive season

South Africa had 230 million cyber threat detections between January 2020 and February 2021. File Image: IOL

South Africa had 230 million cyber threat detections between January 2020 and February 2021. File Image: IOL

Published Dec 14, 2022

Share

South Africa had 230 million cyber threat detections between January 2020 and February 2021.

This is according to a 2021 Interpol report. Additionally, the country recorded a 100% increase in mobile banking application fraud and is estimated to have suffered 577 malware attacks an hour in 2020.

It should be noted that given these results, the country is considered to have the third-highest number of cybercrime victims worldwide.

According to a statement by Capitec, criminals don’t often commit digital crimes by hacking a product or tricking the client of that product. So, although banks can implement stringent cybersecurity protocols to protect clients and make digital banking safer, cybercriminals will still devise new ways to leverage data to defraud victims just as quickly by exploiting clients’ vulnerabilities.

The bank gives the following example: earlier this year, the South African Banking Risk Information Centre’s (SABRIC) Annual Crime Statistics revealed an increase in calls from fraudsters impersonating bank officials, in an infamous type of fraud referred to as vishing (or voice phishing). In this instance, the cybercriminal poses as a bank official to persuade victims to divulge sensitive information they can use to defraud them.

How does it work?

Capitec states that if vishing attempts are successful, the fraudster uses the unlawfully obtained data to impersonate the victim, access funds, or make purchases in the victim’s name.

“As we approach the festive season, criminals are aware that people have received their year-end bonuses and will spend extra time and money on online shopping deals, making cyber scams more lucrative. As a result, criminals will be on high alert, waiting to exploit banking clients’ vulnerabilities," says Mark Sturrock, Head: Cyber Security at Capitec.

“That’s why we encourage people to proactively take the initiative to protect their hard-earned money, especially as we approach the holiday season. By playing their part, they can help bolster the security measures banks have in place and reduce the risk of becoming a victim of cybercrime.”

Here are four security measures South Africans can take to protect their bank accounts:

Avoid becoming a vishing victim

Capitec says that, like phishing or smishing, vishing relies on cybercriminals convincing you that they’re calling you from your bank. They may even use threats and persuasive language to get information from you, like threatening to close your bank accounts.

“In most instances, cybercriminals will pretend they’re calling from your bank to report unusual activity on your account. They’ll then ask you to confirm your bank account details, including your email, physical address, and proof of identification. This information allows them to commit identity theft.”

The bank advises that you should never provide your personal information over the phone or clink on suspicious links in SMSs or on social media.

“Pay attention to the suspicious language used by the caller, and be wary of threats and urgent requests.”

Activate two-factor authentication for your banking profiles

Capitec argues that internet banking allows you to manage your money when it suits you, but do you know how to add an extra layer of security to keep it safe from prying hands?

“One way to achieve this is through two-factor authentication (2FA). This safety feature helps prevent unauthorised access to your accounts if cybercriminals access your login details and passwords in a data breach”, argues Capitec.

“2FA is often an authentication message sent to a secondary device linked to the main account. Examples include a verification PIN that will arrive via an SMS or an in-app prompt which you must access from your trusted smartphone”.

Remember, your pet’s name isn’t a secure password

The bank says that another line of defence from cybercriminals is choosing a strong password (usually between six and 18 characters in length) that includes letters, numbers, and symbols.

“In addition, ensure you select a password that's not easy to guess or obvious to those who know you, such as the name of your pet that appears in every second picture on your Instagram feed”, advises Capitec.

“Frequently changing passwords is also an effective cybercriminal deterrent. Remember to never share your password, or 2FA verification PIN, with anyone, not even your bank’s employees, because they are not allowed to ask you for it”.

Add biometric or password protection to your phone

Capitec also said that besides scammers tricking you into revealing your banking password, did you know that your phone is susceptible to hacking too?

In 2021, cyber security company Kaspersky detected nearly 3.5 million malicious attacks on mobile phone users.

Capitec said that protecting your phone and, as a result, your bank account from hackers isn’t complicated.

You should use a pattern, numeric code, a lengthy secure password, a fingerprint, or even your face ID to safeguard your smart device against hackers and thieves.

“One of the best lines of defence South Africans can put in place to protect themselves against cybercrimes is education and vigilance. Most importantly, banking clients need to familiarise themselves with security procedures they should follow if they suspect they’ve been a victim of cybercrime. These include immediately reporting the crime to the South African Police Service (SAPS) and contacting their bank’s fraud line,” concludes Sturrock.

BUSINESS REPORT