Don't become a victim

Criminals are constantly looking for ways and means to make an easy buck. They use anything from information dumped in waste bins to the latest and greatest technology. They often rely on the things that we take for granted. The techniques that criminals employ vary from the most simplistic to the most sophisticated.

Techniques and recommendations on how to avoid them are:

a) Dumpster-diving

Each employee should take care when using waste bins. Information such as phone lists, calendars or organisational charts can be used by criminals for social engineering techniques to gain access to networks. In addition to this, information such as bank statements, meeting minutes, client contracts and employee notebooks provide criminals with insight that can be used to defraud businesses and their clients or service providers.

To protect your business, ensure that:

• Confidential information is stored in a secured environment and disposed of in a secure manner. Shredding is recommended.
• If you employ the services of a third party for waste management, ensure that they use effective disposal practices.
• Make use of locked waste bins for the disposal of ALL PAPER (notes, calendars, notepads, bank statements, contracts, bank statements, organisational charts, presentations, etc.)
• Avoid writing down PINs or passwords. Memorise it.

b) Wi-Fi hotspots

Be careful when using free or unsecured Wi-Fi. It offers the convenience of being able to login to your banking, send an email, read the news or download a game all while you have a few free minutes. A major risk that exists, is that hackers can position themselves between you and the connection point. If this happens, they may see your banking or network security credentials, emails or other sensitive information. It also provides the opportunity for malware to be downloaded onto your device.

Protect your business by:

• As a minimum, making sure to use a virtual private network (VPN). Even if hackers manage to position themselves between you and the connection point, information will be encrypted.
• Always enabling the use of the HTTPS option for websites that you visit often or require some kind of credentials. This offers a layer of encryption.
• Using different passwords for different websites.
• Keeping your Wi-Fi on your devices off when you don’t need it.
• Keeping your device security updated at all times.

c) Malware

i. Trojans (on Absa website)

Trojans are a computer virus that can be installed on your computer without your knowledge. It gathers critical information which is then used to aid the approval of fraudulent payments.

Below is an outline of how the virus affects your online banking:

The user's computer is infected with the virus. This is often presented as an authentic email from a trusted source with an attachment that is opened by the user. Unaware, the user then enables the installation of the virus files onto their computers.

Unaware of this virus installation the user then signs on to their internet banking application. While the user is logged in, the Trojan collects important information such as user codes and password(s), enabling the attackers to access your client profile and perform fraudulent transactions.

In some instances, the fraudsters can take remote control of the computer the user is logged in to or access it remotely with the collected user code and password(s).

While a user is logged in or logged off, fraudulent payments can be generated and approved by the fraudsters and only discovered later.

A user may sometimes be presented with a message saying they are currently logged in to the system or receive a message during the sign-on process that their user code or password is no longer valid.

While the latest Trojan versions are sophisticated, users can still protect themselves by ensuring that the antivirus software on their computer is regularly updated, not opening attachments from emails if they are not completely certain that they are legitimate and immediately reacting to and reporting unexpected/unusual internet banking behaviour.

Protecting your business

• Keep your antivirus software updated.
• Do not open emails or attachments from unknown senders. Take extra caution and do not download any attachments unless you are confident that they are safe.
• Immediately report unexpected behaviour – while the example above relates to the login process, any unexpected behaviour or screens that are not usually displayed must be reported at your relevant client service centre.
• Regularly change your password(s).

ii. Key logger malware

This malware is installed on the computers of unsuspecting users in various ways. Popular means of distribution are email, file downloads or even memory sticks.

This malware records keystrokes and allows criminals to receive this information. Information is collected and stored on a device that is recovered by the criminal at a later stage. However, more advanced key loggers allow information to be obtained by criminals remotely.

Protecting your business

• Keep your antivirus software updated.
• Do not open emails or attachments from unknown senders.
• Do not download any attachments unless you are confident that they are safe.
• Immediately report unexpected behaviour – while the example above relates to the login process, any unexpected behaviour or screens that are not usually displayed must be reported at your relevant client service centre.
• Regularly change your password(s).

iii. Spyware (from Absa website)

Spyware is a type of malicious software that can infect computers and collect pieces of information about the computer user without their knowledge. The spyware typically collects personal information that you may enter into a website (such as your banking details and login information) but can also retrieve sensitive files that you may have saved on your computer.

The information is then used to login to your bank accounts and defraud you or make fraudulent online purchases. Depending on the circumstances surrounding such cases, the customer could be considered legally liable for such losses due to insufficient protective measures taken.

On shared computers – such as those used in internet cafes – it is easy for someone to install spyware software due to the fact that so many people have access to the machine

On your home or business computer, it is slightly more difficult for fraudsters to install the software, which is why spyware is most often sent via email, much like phishing scams. Within this email, fraudsters will include an attachment or link to a file that will automatically install the spyware onto your computer when clicked and will then send the information captured to the fraudster when you access your bank accounts. Also be aware of browsing or downloading information from untrusted websites and infected portable storage devices such as memory sticks or portable hard drives that may contain spyware or viruses.

The latest spyware attacks that fraudsters are using is also via email. The only difference is that the executable file is included as an attachment named Proof of payment and has cleverly been disguised as a PDF (which people generally consider to be harmless and can therefore be trusted).

This latest spyware is more advanced than ever and is exceptionally difficult for many virus protection programmes to detect.

How do you avoid becoming a victim of spyware?

• Ensure that you have the latest antivirus software installed. Absa offers our Internet and Cellphone Banking customers free antivirus software each year.
• The following are the steps:
• Go to absa.co.za
• Search for Safety and security on the landing page and click on the link
• Search for Online security and click on the link
• Scroll to Software to enhance your security and click on the relevant Windows or OSX download link.
• Never click on links or attachments on emails unless you are sure about their source.
• Be aware of using untrusted/infected storage devices (such as memory sticks) that may contain a virus or spyware.

Always browse trusted websites, and only download from sites that you are sure are safe. Reckless browsing behaviour can result in your personal information being placed at risk and opening you up to becoming a fraud victim.

d) Spoofed websites

Spoofed websites appear to be legitimate business websites but are actually created with the intention of obtaining customer information. To illustrate this, imagine doing a Google search for Absa and a few links come up. You then click on a heading that appears to be that of Absa. This then leads you to a website that looks exactly like the Absa website with which you are familiar. You then proceed to login and insert your bank account number, PIN and subsequently your password. Only, you are actually now providing your login credentials to a criminal. In other instances, you may receive a link purporting to be from the bank and click on it to login to your banking. This also then takes you to a spoof website. Through hacking, criminals are also able to redirect your favourite bookmarks to a site (spoof site) created by them.

The bank makes every effort to ensure that it closes any spoof websites immediately.

How to protect yourself

• When logging in to the Absa website, type absa.co.za into your Uniform Resource Locator (URL)/address bar. Customers can then click on the appropriate service that they require once on this webpage.
• Do not access your banking website by way of an email link received.
• Do not login via links on any webpages.

e) Phishing, smishing and phishing

The abovementioned exist for the same purpose, which is to obtain sensitive information. Common ways in which phishing occurs is through emails where you are requested to click on a link that then requires you to supply personal information. Other means include redirection to a spoof website where your personal information is required. The result is always the same. Criminals obtain personal information to commit a crime against you.

Smishing is very similar to phishing. The main difference is that in this case, you receive a text message. The message either obtains a link that may lead you to a spoof website or a link that requires that you insert and provide certain sensitive information. The latter also sometimes mean that you download malware that may result in criminal being able to access details on your phone.

Vishing is slightly different to phishing and smishing but has the same intentions. Vishing is normally preceded by an SMS or email stating that someone, such as a banking official will call you. You may be expecting such communication after you have logged a complaint on a public platform such as Hello Peter or your bank’s Facebook profile. Once you are called, the caller will request certain personal information, which, once obtained, will assist them to commit fraud against you or to commit fraud by using your details.

How to protect yourself

• Absa will never send you an email requesting your personal details. Treat any emails that require your personal details with suspicion.
• Absa will never send you an SMS that requires you to provide personal information. Treat such SMS messages with suspicion. Do not respond or click on any links.
• Do not provide personal details to callers. Absa will never ask you for PINs or passwords.
• Always ensure that you are on the Absa website before you start typing in account details, PINs or passwords.
• When in doubt, delete the email or SMS message that you’ve received.