Don't become a victimIn today’s fast-paced digital world, criminal tactics have grown more sophisticated, affecting individuals and financial institutions alike. Don't become a victimWhether you’re a long-standing client or just beginning your financial journey with us, your financial well-being is our top priority. Don't become a victimOur tips and resources are designed to keep you informed about the latest fraud threats and fortify you in the fight against fraud. Absa | Corporate and Investment Banking > Don’t become a victim In today’s fast-paced digital world, criminal tactics have grown more sophisticated, affecting individuals and financial institutions alike. Whether you’re a long-standing client or just beginning your financial journey with us, your financial well-being is our top priority. Our tips and resources are designed to keep you informed about the latest fraud threats and fortify you in the fight against fraud. We will cover various aspects of fraud awareness, including: The tricks and tactics fraudsters use to deceive individuals and financial institutions. Recognising red flags of fraudulent activity. Prevention strategies if you suspect fraudulent activity. Who to report fraud to. If you suspect you may be a victim of fraud, contact our team of experts here: Fraud Hotline Number - 0860 500 703 Email - cibfraud@absa.africa Social Engineering Expand Social engineering refers to the techniques used by cybercriminals to manipulate their targets into sharing sensitive information or taking actions that allow attackers to perform account takeovers or commit identity fraud. Prevention tips: Practice vigilance Double check URLs, email senders and phone numbers. Do not click on suspicious links or download files from untrusted sources. Trust your intuition If something feels off or too good to be true, trust your instincts. Be sceptical of unsolicited offers. Regularly monitor accounts Keep a close eye on your online banking transactions, checking for any unauthorised activity or unusual behaviour. Strengthen security Use strong, unique passwords for online banking accounts. Use secure and up-to-date DNS settings. Employ robust security software. Sign into the Absa Antivirus Centre and download the free antivirus programme. Use email filtering and authentication mechanisms. Phishing Expand Phishing is a social engineering technique that involves the theft of money or data using links sent via email or SMS. Phishing heavily relies on fear tactics, curiosity or a sense of urgency to compel recipients to open attachments or click on links. Cybercriminals may send fake communication that appears to come from a legitimate and trusted source, tricking the target into taking an action such as downloading malware, visiting an infected site or divulging login credentials. With this information, attackers can access permissions to modify or hijack entire cloudconnected systems until the victim pays a ransom. Spear phishing Expand Spear phishing attacks are difficult to detect because they target a specific group or organisation. The attackers do extensive research and send personalised communication via email or SMS, posing as a legitimate and trusted source. Vishing Expand Short for voice phishing. A scammer will make a phone call, posing as a legitimate company representative and trick the target into sharing personal information, making a payment or installing a malicious program or app on a device. Smishing Expand Short for SMS phishing. Scammers will send an SMS claiming to be from a reputable company to trick representatives into revealing sensitive information or visiting spoof websites. Quishing Expand Short for QR phishing. Hackers use QR codes embedded in an email or displayed in a public space to redirect victims to malicious websites or prompt them to download harmful content. Baiting Expand Baiting is a social engineering technique, where natural human curiosity and the promise of irresistible deals are used to trick targets into compromising computer and cloud systems. Baiters may steal login credentials, granting them unauthorised access to user accounts and the ability to facilitate fraudulent transactions. Pretexting Expand Pretexting is a social engineering technique used by cybercriminals posing as trusted authorities such as bank representatives or IT support personnel. Pretexting can compromise online banking security because it takes advantage of trust and authority, leading to unauthorised access to sensitive information and financial losses. For example: An attacker might pretend to be a bank employee and contact the victim, claiming there is an issue with their account that requires verification. They may request information such as account numbers or security codes under the pretext of resolving the issue. Pharming Expand Pharming is a social engineering technique where cybercriminals redirect internet traffic from a legitimate website to a fraudulent one. Targets are unknowingly intercepted as they attempt to login to their online or mobile banking service, leading to unauthorised access, dentity theft and financial fraud. Trojan Expand A Trojan is a computer virus that appears as an authentic email with attachments from a trusted source. Opening these attachments installs the virus onto a computer without the target’s knowledge and the virus disguises itself as a legitimate computer program. Scammers use the malware to collect user codes and passwords, as well as well as make fraudulent payments, whether the user is logged in or not. Users may also receive a message during sign-in that their user code/password is no longer valid or that they are currently logged into the system. Prevention tips: Do update your computer’s antivirus software regularly. Don't open attachments from suspicious emails. Do sign into the Absa Antivirus Centre and download the free antivirus program. Do report any unexpected or unusual internet banking behaviour. Key logger Expand A key logger is malware that records keystrokes. Installed via email, file downloads or memory sticks; cybercriminals store the information on a device to use the information at a later stage. Advanced key loggers allow information to be obtained remotely. Prevention tips: Do keep your antivirus software updated. Sign into the Absa Antivirus Centre and download the free antivirus program. Don't open emails or attachments from unknown senders. Don't download any attachments unless you are confident that they are safe. Do immediately report unexpected behaviour or screens that are not usually displayed. Do change passwords regularly. Spyware Expand Spyware is malicious software used by cybercriminals to collect information about a business’s computer. Sensitive information stored on a computer is collected by scammers and used to log into bank accounts to make fraudulent online payments or purchases. The software is automatically installed via email with an attachment or link when clicked. Customers could be legally liable for such losses due to insufficient protective measures. Prevention tips: Do browse and/or download information from trusted websites and portable storage devices. Don't click on links/attachments you don’t trust or from an unknown source. Do install the latest antivirus software. Sign into the Absa Antivirus Centre and download the free antivirus program. Do sign into the Absa Antivirus Centre and download the free antivirus program. Fraud Scams Expand Account details change An Account details change is initiated through fraudulent attachments sent by a scammer via email. This includes: Documents confirming that a service provider has changed their banking details. Documentation with the details of the legitimate service provider. New account confirmation documentation. Occasionally, bank statements. Employees often believe the information is required for valid business reasons. Prevention tips: Do maintain a good relationship with existing suppliers. Do confirm any change of banking details with someone you usually deal with before making any changes to beneficiary accounts. Don't use the telephone number you received on the letterhead or email to confirm the changes to banking details. Internal Fraud Expand Internal fraud occurs when employees make false representation or abuse a position of trust for personal financial gain. This includes fraudulent misconduct or deceptive actions carried out by individuals or employees within the business against their own clients or customers. Prevention tips: Do implement and maintain strict security measures, internal controls and employee monitoring to prevent and detect fraud. Business email compromise Expand Cybercriminals frequently use hacked or spoofed (fraudulent) email addresses to target companies and pose as a senior executive. The imposters usually request a large payment made into a fake account. This email is often followed by a call telling the employee to respond immediately. Prevention tips: Do install the latest antivirus software. Do type www.absa.co.za into your Uniform Resource Locator (URL)/address bar when logging into the Absa website. Do click on the appropriate service you require. Don't access banking websites by way of an email link received. Don't log in via links on any webpages. Deposit and refund scams Expand Criminals defraud businesses by placing orders for goods or services and supply a fake proof of payment. Fraudsters may also request cancellation of the order and pressure the business for a refund. A refund will then be processed without the funds having cleared in the business account. Prevention tips: Do be cautious when dealing with new clients. Don't process refunds before payments reflect in your account. Don't release any goods before a payment is cleared. Don't accept fraudulent proof of payments. Do educate employees dealing with finances in your organisation about such scams. Advance fee fraud Expand Different from a normal 419 scam, criminals advertise goods or services through promotional emails, websites, flyers or business cards at below market rates. Once identified, the potential victim is offered a deal to entice them to urgently make a purchase. Their policies often include full or partial upfront payment, leaving victims faced with losing their initial payment or making additional payments to ensure that “goods and services” are delivered. The criminals disappear once a payment has been made or request further payment. Prevention tips: Don't make any payments to a service provider due to pressure. Do research to ensure that you are dealing with a reputable company. Do arrange to meet at the service provider's premises to determine if: they indeed exist and have goods to supply. they have business premises. the business is known to other businesses nearby. Do meet in a safe environment and be accompanied by a colleague. Invoice fraud Expand Criminals will pose as a genuine supplier and email fake invoices to the company along with fake account details for payment. Prevention tips: Do instruct staff responsible for paying invoices to scrutinise invoices for irregularities and escalate suspicions to a known contact. Do shred your business and supplier invoices or any communication that may contain letterheads. Remote desktop protocol attacks Expand Remote desktop protocol attacks involve attackers finding weaknesses in security hygiene, network or operating systems to access user computers remotely. These attacks pose a significant threat to business, because they can also emanate both from within the organisation. This includes tech support employees abusing the remote access they have to employees' computers. Deep fake attacks Expand Deep fake technology allows criminals to impersonate individuals. Criminals use artificial intelligence to mimic the voice of an individual to bypass an organisation’s voice recognition security measures. To ensure the safety of their clients, organisations should implement multiple layers of security. Incorrect and fraudulent bills of lading Expand Certain trade documents used in the delivery and payment of goods may be used and abused to hide illicit activity. Fraudsters often forge or use improper documents to cover the theft of cargo in the following ways: A counterfeit bill of lading can be used to impersonate the consignee and illegally receive the cargo from the carrier. A scammer may falsify a bill issued in favour of the bearer to claim the right of delivery. A scammer may falsify the bill and an endorsement from the consignee to himself. Prevention tips: Do keep all up-to-date copies of your bills of lading safe. This makes it difficult for fraudsters to keep up with any changes. Do check the spelling and grammar on all documents. Official documents contain no spelling mistakes. Do look for a watermark to check the authenticity of the bill. Fraudulent Guarantees Expand Fraudulent guarantees are fake assurances of financial backing or support presented to a bank or financial institution as part of a financial transaction. This scam often involves misrepresenting the financial strength, collateral or creditworthiness of a party to access financing or other financial services. Prevention tips: Due diligence - Conduct thorough due diligence to verify the authenticity of any guarantee presented in financial transactions. This may include auditing financial statements, confirming the legitimacy of collateral and checking the credibility of the guarantor. Legal and compliance – Ensure that all transactions adhere to applicable legal and regulatory standards. Consult legal experts and compliance professionals to navigate complex financial arrangements. Internal controls – Establish internal controls and policies to detect and prevent fraudulent guarantees. This may include employee training, document verification processes and risk assessment controls. Reputable partners – Work with reputable banks, financial institutions and partners when engaging in financial transactions. Communication – Maintain open and transparent communication with banking partners and financial institutions, sharing expectations and requirements regarding guarantee and financial arrangements. Letters of Credit Expand A letter of credit is a financial instrument issued by a bank that serves as a guarantee of payment from the buyer to the seller provided the terms and conditions of the LC are met. Prevention tips: Conduct due diligence – Perform due diligence on the issuing bank and verify the LC’s authenticity. Ensure the LC conforms to industry standards and follows best practice. Document verification – Examine the LC documentation carefully, cross-referencing details with the sales contract and shipment terms. Be cautious of inconsistencies or unusual requests. Use reputable banks – Work with reputable banks and well-established banks when requesting or accepting LCs. Choose banks with a strong track record in international trade finance. Training and awareness – Educate employees about potential risks associated with fraudulent LCs and provide them with knowledge and tools to detect red flags. Regular communication – Maintain open and transparent communication with banking partners and keep them informed about your expectations and requirements for LCs. Seek legal counsel – In case of any doubts or concerns, consider seeking legal advice to navigate the complexities of international trade transactions. CIB Reporting Channels: Fraud Hotline Number - 0860 500 703 Email - cibfraud@absa.africa To assist in investigating any fraud matters reported, please provide the following information: SAPS case number, e.g. Johannesburg SAPS case: 535/09/2016 Affidavit Any relevant information you may have, i.e.: The email purporting an account detail change Documents purporting an account detail change Communications relevant to account detail changes, internet pages or links received.