RISK MANAGEMENT

Don't become a victim

1.Information security

Criminals are constantly looking for ways and means to make an easy buck. They use anything from information dumped in waste bins to the latest and greatest technology. They often rely on the things that we take for granted. The techniques that criminals employ vary from the most simplistic to the most sophisticated.

Techniques and recommendations on how to avoid them are:

a) Dumpster-diving

Each employee should take care when using waste bins. Information such as phone lists, calendars or organisational charts can be used by criminals for social engineering techniques to gain access to networks. In addition to this, information such as bank statements, meeting minutes, client contracts and employee notebooks provide criminals with insight that can be used to defraud businesses and their clients or service providers.

To protect your business, ensure that:

  • Confidential information is stored in a secured environment and disposed of in a secure manner. Shredding is recommended.
  • If you employ the services of a third party for waste management, ensure that they use effective disposal practices.
  • Make use of locked waste bins for the disposal of ALL PAPER (notes, calendars, notepads, bank statements, contracts, bank statements, organisational charts, presentations, etc.)
  • Avoid writing down PINs or passwords. Memorise it.

b) Wi-Fi hotspots

Be careful when using free or unsecured Wi-Fi. It offers the convenience of being able to login to your banking, send an email, read the news or download a game all while you have a few free minutes. A major risk that exists, is that hackers can position themselves between you and the connection point. If this happens, they may see your banking or network security credentials, emails or other sensitive information. It also provides the opportunity for malware to be downloaded onto your device.

Protect your business by:

  • As a minimum, making sure to use a virtual private network (VPN). Even if hackers manage to position themselves between you and the connection point, information will be encrypted.
  • Always enabling the use of the HTTPS option for websites that you visit often or require some kind of credentials. This offers a layer of encryption.
  • Using different passwords for different websites.
  • Keeping your Wi-Fi on your devices off when you don’t need it.
  • Keeping your device security updated at all times.

c) Malware

i. Trojans (on Absa website)

Trojans are a computer virus that can be installed on your computer without your knowledge. It gathers critical information which is then used to aid the approval of fraudulent payments.

Below is an outline of how the virus affects your online banking:

The user's computer is infected with the virus. This is often presented as an authentic email from a trusted source with an attachment that is opened by the user. Unaware, the user then enables the installation of the virus files onto their computers.

Unaware of this virus installation the user then signs on to their internet banking application. While the user is logged in, the Trojan collects important information such as user codes and password(s), enabling the attackers to access your client profile and perform fraudulent transactions.

In some instances, the fraudsters can take remote control of the computer the user is logged in to or access it remotely with the collected user code and password(s).

While a user is logged in or logged off, fraudulent payments can be generated and approved by the fraudsters and only discovered later.

A user may sometimes be presented with a message saying they are currently logged in to the system or receive a message during the sign-on process that their user code or password is no longer valid.

While the latest Trojan versions are sophisticated, users can still protect themselves by ensuring that the antivirus software on their computer is regularly updated, not opening attachments from emails if they are not completely certain that they are legitimate and immediately reacting to and reporting unexpected/unusual internet banking behaviour.

Protecting your business

  • Keep your antivirus software updated.
  • Do not open emails or attachments from unknown senders. Take extra caution and do not download any attachments unless you are confident that they are safe.
  • Immediately report unexpected behaviour – while the example above relates to the login process, any unexpected behaviour or screens that are not usually displayed must be reported at your relevant client service centre.
  • Regularly change your password(s).

ii. Key logger malware

This malware is installed on the computers of unsuspecting users in various ways. Popular means of distribution are email, file downloads or even memory sticks.

This malware records keystrokes and allows criminals to receive this information. Information is collected and stored on a device that is recovered by the criminal at a later stage. However, more advanced key loggers allow information to be obtained by criminals remotely.

Protecting your business

  • Keep your antivirus software updated.
  • Do not open emails or attachments from unknown senders.
  • Do not download any attachments unless you are confident that they are safe.
  • Immediately report unexpected behaviour – while the example above relates to the login process, any unexpected behaviour or screens that are not usually displayed must be reported at your relevant client service centre.
  • Regularly change your password(s).

iii. Spyware (from Absa website)

Spyware is a type of malicious software that can infect computers and collect pieces of information about the computer user without their knowledge. The spyware typically collects personal information that you may enter into a website (such as your banking details and login information) but can also retrieve sensitive files that you may have saved on your computer.

The information is then used to login to your bank accounts and defraud you or make fraudulent online purchases. Depending on the circumstances surrounding such cases, the customer could be considered legally liable for such losses due to insufficient protective measures taken.

On shared computers – such as those used in internet cafes – it is easy for someone to install spyware software due to the fact that so many people have access to the machine

On your home or business computer, it is slightly more difficult for fraudsters to install the software, which is why spyware is most often sent via email, much like phishing scams. Within this email, fraudsters will include an attachment or link to a file that will automatically install the spyware onto your computer when clicked and will then send the information captured to the fraudster when you access your bank accounts. Also be aware of browsing or downloading information from untrusted websites and infected portable storage devices such as memory sticks or portable hard drives that may contain spyware or viruses.

The latest spyware attacks that fraudsters are using is also via email. The only difference is that the executable file is included as an attachment named Proof of payment and has cleverly been disguised as a PDF (which people generally consider to be harmless and can therefore be trusted).

This latest spyware is more advanced than ever and is exceptionally difficult for many virus protection programmes to detect.

How do you avoid becoming a victim of spyware?

  • Ensure that you have the latest antivirus software installed. Absa offers our Internet and Cellphone Banking customers free antivirus software each year.
  • The following are the steps:
  • Go to absa.co.za
  • Search for Safety and security on the landing page and click on the link
  • Search for Online security and click on the link
  • Scroll to Software to enhance your security and click on the relevant Windows or OSX download link.
  • Never click on links or attachments on emails unless you are sure about their source.
  • Be aware of using untrusted/infected storage devices (such as memory sticks) that may contain a virus or spyware.

Always browse trusted websites, and only download from sites that you are sure are safe. Reckless browsing behaviour can result in your personal information being placed at risk and opening you up to becoming a fraud victim.

d) Spoofed websites

Spoofed websites appear to be legitimate business websites but are actually created with the intention of obtaining customer information. To illustrate this, imagine doing a Google search for Absa and a few links come up. You then click on a heading that appears to be that of Absa. This then leads you to a website that looks exactly like the Absa website with which you are familiar. You then proceed to login and insert your bank account number, PIN and subsequently your password. Only, you are actually now providing your login credentials to a criminal. In other instances, you may receive a link purporting to be from the bank and click on it to login to your banking. This also then takes you to a spoof website. Through hacking, criminals are also able to redirect your favourite bookmarks to a site (spoof site) created by them.

The bank makes every effort to ensure that it closes any spoof websites immediately.

How to protect yourself

  • When logging in to the Absa website, type absa.co.za into your Uniform Resource Locator (URL)/address bar. Customers can then click on the appropriate service that they require once on this webpage.
  • Do not access your banking website by way of an email link received.
  • Do not login via links on any webpages.

e) Phishing, smishing and phishing

The abovementioned exist for the same purpose, which is to obtain sensitive information. Common ways in which phishing occurs is through emails where you are requested to click on a link that then requires you to supply personal information. Other means include redirection to a spoof website where your personal information is required. The result is always the same. Criminals obtain personal information to commit a crime against you.

Smishing is very similar to phishing. The main difference is that in this case, you receive a text message. The message either obtains a link that may lead you to a spoof website or a link that requires that you insert and provide certain sensitive information. The latter also sometimes mean that you download malware that may result in criminal being able to access details on your phone.

Vishing is slightly different to phishing and smishing but has the same intentions. Vishing is normally preceded by an SMS or email stating that someone, such as a banking official will call you. You may be expecting such communication after you have logged a complaint on a public platform such as Hello Peter or your bank’s Facebook profile. Once you are called, the caller will request certain personal information, which, once obtained, will assist them to commit fraud against you or to commit fraud by using your details.

How to protect yourself

  • Absa will never send you an email requesting your personal details. Treat any emails that require your personal details with suspicion.
  • Absa will never send you an SMS that requires you to provide personal information. Treat such SMS messages with suspicion. Do not respond or click on any links.
  • Do not provide personal details to callers. Absa will never ask you for PINs or passwords.
  • Always ensure that you are on the Absa website before you start typing in account details, PINs or passwords.
  • When in doubt, delete the email or SMS message that you’ve received.

 

2) Types of scams

a) Account detail change scams (ACDC scams)

These scams are typically initiated through the use of emails or documents that confirm that a service provider has changed their banking account details. This communication is often preceded by contact with service providers where information is obtained to facilitate the scam. These communications often go unnoticed as staff is led to believe that information is required for valid business reasons.

The emails submitted by fraudsters often match those of the service provider closely and in some cases, the service provider emails are hacked or spoofed.

The documents confirming that account details have changed always bare details of the service provider as well as accompanying confirmations purportedly from the relevant bank confirming the new account details. Fraudulent statements are on occasion also attached to further convince victims.

Service providers are urged to take precautionary steps when making payments to new accounts.

Some suggestions to avoid falling victim to ACDC scams include:

  1. Always take care when receiving a request to change the banking details of an existing service provider. Ensure that correspondence is received from an email address that you are familiar with and can verify to be correct.
  2. Scrutinise the request for change of banking details by checking for any errors, irregularities and changes to the type of communications that you normally receive.
  3. Ensure that you confirm the change of banking details with a person whom you are familiar with at the service provider. Use contact details that you already have and do not call numbers from the communication (account detail change request) that you have received.
  4. Protect your company’s intellectual property through good governance. Ensure that financial information and client information are well protected.
  5. Maintain a clear line of communication with senior stakeholders at your service providers – if you have any suspicions, rather arrange a meeting or video call to discuss your concerns.
  6. Always report suspicious account detail change request to the bank where the suspicious account exists. This will ensure that the bank deals with the suspicious account adequately.
  7. Once you become aware that you have been the subject of a scam, ensure that you report the matter to your nearest SAPS.
  8. Destroy all documents relating to service provider or your company in a secure manner and do not dispose of confidential information in dustbin where it is easy accessible to unauthorised individuals.

b) Deposit/Refund scams

Criminals often defraud business by placing orders for goods or services and they (criminals) present fictitious proof of payment documents or they make payment with cheques that are later unpaid.

In the interim, the business would have delivered or handed over the relevant goods to the criminals. By the time the business realises that it did not get the payment due to them, it is in most cases already too late. However, the criminals sometimes employ a different tactic. Instead of waiting to receive the goods, they request that the order is cancelled. In these instances, they often apply pressure on the business for a refund, even though the business has not had the funds cleared in their accounts. The business pays the money to an account nominated by the criminals and the business ends up being out of pocket.

Businesses should be cautious when they are dealing with new clients. They should take particular care to understand when monies have been cleared in their account and they should take care not to accept fraudulent proof of payment documents.

c) Advance fee scams

We would like to highlight an advance fee scam (not 419), which is common against both businesses and individuals. The scam referred to here differs from the normal 419 scam in that it relates to a requirement for goods or service. When an individual or business requires new good or services, they often do internet searches to identify what is perceived to be the best product at a good price. Criminals use this as an opportunity. They advertise goods and services at below market prices that are often attractive for any individual or business. Very often, they will distribute flyers, business cards or promotional emails that will potentially yield some interest. They have websites that make them even more believable and they are always available on the contact details that they provide on the websites, flyers or business cards.

Once they have a potential client (victim), they offer service and advice that entices their audience to urgently make a purchase. They often suggest that they are a reputable company and that their goods or service are limited due to high demand. Their policy often includes full or part payment upfront. Once payment is made to them, they either disappear or end up with one or other issue that requires further payment. Since an initial payment has already been made, victims are then faced with the prospect of losing their initial payment or making additional payments, which is purportedly to ensure that goods and services are delivered.

In this regard, we suggest awareness through the principles below:

  1. Do not make any payments to a service provider due to pressure.
  2. Do enquiries to obtain comfort that you are dealing with a reputable company.
  3. If you have any doubts, arrange a meeting at the service provider premises to determine whether they indeed exist and have goods to supply, if they have business premises and if business is known to other businesses nearby. Please ensure that it is in a safe environment and make sure you are accompanied by a colleague.
  4. Ask yourself how they get to offer goods and services so cheap versus other market players. What are they doing differently? Is it perhaps a scam?
  5. If it’s too good to be true, generally it is.

 

d) Money laundering

Businesses should always ensure that their accounts are used for legitimate business purposes. Criminals often use this to launder the proceeds of crime. The businesses end up being pursued criminally while the fraudsters are in most instances unknown. Never allow other individuals to use your account. If you receive funds that you did not expect, do not simply refund it to the first person who calls for a refund, it may be proceeds of crime. Talk to your banker to assist to determine the source of the funds and to assist in refunding the monies to the source account.

 

3) Reporting channels

In respect of reporting channels, for CIB refer to the below:

As a way to secure funds urgently, it is recommended that matters are reported to the Fraud Hotline.

 

4) Reporting requirements

To assist in investigating any fraud matters reported, please provide the following information:

  1. SAPS case number, e.g. Johannesburg SAPS case: 535/09/2016
  2. Affidavit
  3. Any relevant information that the client may have, i.e.:
    1. The email purporting an account detail change
    2. Documents purporting an account detail change
    3. Communications relevant to account detail changes, internet pages or links received.