Con artists ‘vish’ and ‘phish’ to rob you

In the review of the first quarter of 2019, the Ombudsman for Banking Services (OBS) has seen an alarming increase in credit-card fraud.

Credit-card fraud is theft involving a payment card – either debit or credit – as a fraudulent source of funds in a transaction.

The fraudster buys goods or has access to funds using the details of a legitimate credit card holder.

“Credit card fraud-related complaints increased from 12.2% at the beginning of January 2019 to an alarming 19.47% as at end March 2019. It is of great concern that the elderly are more vulnerable to this kind of banking fraud,” says Reana Steyn, CEO and Ombudsman for Banking Services.

Statistics gathered in March indicate consumers aged between 61 and 70 make up 21% of the credit card fraud complaints: and those aged between 71 and 80 26%, while pensioners older than 81 accounted for 11% of the total.

“The types of fraud identified range from vishing, phishing, fraudulent online purchasing, and bank-reward programmes used to purchase merchandise,” Ms Steyn says.

Scammers obtained credit-card information fraudulently and used it without consumers realising what was happening or without their consent.

Here are two examples of the types of cases the ombud deals with regularly.

JB received a call from a fraudster pretending to be from the bank. The fraudster advised Mr B that they had detected fraudulent online transactions in his name and asked him if knew about them.

He had no knowledge of them and made it clear that he was concerned, believing he was talking to a legitimate bank clerk.

The fraudster advised that they would reverse the transactions, when Mr B provided the SMS reference numbers to reverse the “fraudulent transactions”.

He repeated the SMS reference numbers to the caller – thus enabling the fraudster to transact on Mr B’s account – the very thing he thought he was preventing.

This is the modus operandi of a fraudster to lure a bank customer into believing that they are attempting to reverse transactions which have not yet taken place.

They advise the customer that they will send reference numbers to their phones which must be read back for the transactions to be reversed.

This is the “One Time Password” which authorises the transaction.

In the second case, a fraudster contacted LD giving her enough personal information (including account details) to convince her he was from her bank.

The fraudster advised Ms D that the bank would like to convert her rewards points into cash. They requested a previously received OTP, to complete the transaction, and she complied.

Upon receiving further similar calls, Ms D realised that something was amiss, and reported the matter to the bank the same day. By this stage, she was already defrauded out of R11 200. This crime is referred to as “vishing”.

A customer is led to believe they are being contacted by a legitimate bank employee about existing services. This is how the fraudster gains the client’s trust.

“Credit-card fraud is a growing concern as banking systems increase in speed and efficiency,” says Ms Steyn.

At the same time, fraudsters apply more sophisticated tactics to defraud and rob customers of their hard-earned money and savings.

All bank customers, and particularly the elderly, need to be knowledgeable and vigilant about their preferred banking channels.

Here are some tips to avoid becoming a victim of cybercrime:

Review your account statements regularly, and query disputed transactions with your bank immediately.

When shopping online, only place orders with your card on a secure website.

Do not send emails that quote your card number and expiry date, and to prevent “vishing”, do not share personal and confidential information with strangers over the phone; banks will never ask you to confirm your confidential information over the phone.

If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information.

Do not provide the OTP telephonically to anybody.

Contact your bank immediately to alert them to the possibility that your information may have been compromised.

If you want to avoid being caught hook, line and sinker by a “phisher” who is on a phishing expedition, do not click on links or icons in unsolicited emails, delete them immediately; do not believe the content of unsolicited emails. If you are concerned, use your own details to contact the sender to confirm. Type in the URL (Uniform Resource Locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage.

If you think your device might have been compromised, contact your bank immediately and request that your account be blocked.

Create complicated passwords that are not easy to decipher, and change them often.

Before you complain to the ombud, first write to your bank’s dispute resolution department (details on the ombud’s website; give the bank 20 days to respond and if you’re not happy with the outcome, contact the ombud. The service is free.

Email or call 0860 800 900 or 011 712 1800 for advice and help.

Previous articleSpring Awakening
Next articleA Night at the Opera