Reana Steyn | Ombudsman | Banking Ombudsman | mail me |
The Festive Season is a time when most South Africans, like the rest of the world, will be looking to spoil their loved ones by purchasing them gifts.
Over the past few years, South Africans have been lucky enough to be able to take advantage of the discounts that are offered on Black Friday (the last Friday in November) and Cyber Monday (the Monday immediately following Black Friday). Some companies have taken this a step further and have extended their discounts for the whole of November.
We would like to warn the South African banking public about the dangers and various scams that they could fall victim to, should they let down their guard.
Heightened risk
Black Friday and Cyber Monday take place on November 26 and 29. While it may be considered the perfect time for shoppers to take advantage of these discounts, the dangers of falling victim to the various scams out there is heightened and can unfortunately not be divorced from these Black November offers.
We urge shoppers to be on the lookout for suspicious activities and/or transactions on their accounts as there is an expectation of higher volumes of phishing, vishing and ATM scams. Additionally, consumers should regularly go through their account statements in order to identify and immediately report any suspicious entries that they flag as suspicious.
Desktop research we conducted has shown that social media platforms, online marketplaces and unsecure websites are being used by criminals to execute a scam where an unsuspecting customer is tricked into paying in advance for goods or services that they will never receive consumers are reminded to take heed of the advice to guard against impulsive spending.
Rather, consumers should take their time to research the legitimacy and secureness of the merchants and/or the websites before making a purchase. This is particularly important at a time where every penny needs to be accounted for and discretionary spending is under significant pressure.
You have been hacked
A recent article by the Daily Maverick is concerning. The article points out that, according to Interpol’s African Cyberthreat Assessment Report, cyber criminals are increasingly targeting South Africa, which now has the third-highest number of cybercrime victims in the world. This costs about R2.2 billion annually.
In the first quarter of this year, South Africa was also the worst affected on the continent in terms of targeted ransomware attacks, which can affect businesses and critical infrastructure. According to the October 2021 Interpol report, there is a ‘critical absence of cybersecurity protocol, cyber resilience as well as mitigation and prevention measures for individuals and businesses’ in Africa.
This new wave of crime can have a serious impact on consumers who are eager to do Black Friday shopping. Banking accounts are one of the most targeted platforms when a consumer falls victim to cybercrime.
Online platforms gain momentum
While the country faced strict lockdown restrictions in 2020, there was a significant gravitation towards online shopping platforms.
A recent article from Business Insider points out that:
- the value of South Africa’s online retail has more than doubled in two years, says a new study.
- in 2018, online stores sold R14 billion worth of goods, representing just 1.4% of the total retail market.
- this grew to more than R30 billion in 2020, spurred by coronavirus-induced lockdowns which kept people indoors.
- while the growth rate is expected to be more subdued in 2021, online retail is still expected to top R40 billion and account for 4% of all retail in South Africa.
The popularity of online shopping hasn’t been impacted by the movement of the country’s lockdown level. Consumers still make use of online platforms, and this will only grow in the future.
Record increase
It can be pointed out that in 2020, online payment platform PayFast reported that as a result of COVID-19, there was a record increase of 50% in online transaction volumes during the 2020 Black Friday weekend when compared to the same period 2019.
According to PayFast, this is because many people, for the first time, have migrated to online shopping platforms during the lockdown period.
PayFast’s research also showed that the majority of the purchases that were made during this period were made using a mobile smartphone device and bank cards. Cyber criminals take advantage of this and aggressively attack these platforms.
Internet banking increase
It can also be pointed out that due to the growing popularity of e-commerce, we have seen an increase of 31.34% in internet banking fraud related cases in 2021. The majority of the people who fall victim to internet banking fraud are those who clicked on unsolicited links which they believed were from their banks.
Phishing emails are becoming a common way to scam victims. The victim typically receives an email that is supposedly from their bank. The email directs the victim to a proxy site to resolve an issue with their account.
Once the victim enters their personal details into the site, the fraudsters have access to all the information that they need to commit identity fraud. Only after the fraud is committed do they discover that the link that they clicked on was fraudulent.
Other unsuspecting victims were vished into giving away this sensitive information over the phone as they believed that the person that called them was from the bank. Again, this is a very sophisticated scheme as the fraudster poses as a bank representative who is helping the consumer resolve an issue on their account – usually an urgent matter to allegedly prevent fraud on their account.
Only once the fraud has been committed does the consumer find out that they were being tricked into giving away personal information. Subject to final checks, there was a decrease in the number of ATM fraud (which dropped by 15.8%), and credit card related fraud complaints (which dropped by 13.28%) when compared with 2020.
I caution that the apparent decrease in card related fraud cases received by my office should not be seen as a decision by fraudsters to abandon this type of fraud. I advise that events like Black November, as well as the festive season and holidays, have previously proven to be fertile breeding grounds for fraudsters to take advantage of consumers who let their guard down.
Consumers should not fall victim to deals that seem too good to be true. If not identified as scams, these deals will result in consumers suffering devastating financial losses.
Protect yourself – online fraud prevention tips
Always be alert to the fact that the criminals of today have become more sophisticated and are experts at convincing people into giving away their confidential banking details or letting their guard down. This can occur online, over the phone, at ATMs or even when swiping their cards at point-of-sale machines.
We advise the South African public to heed the following tips to safeguard their finances against fraud:
- only shop on legitimate websites. If you are unsure as to the legitimacy of the website, do research on the retailer-don’t rely on the company’s own reviews;
- always conduct independent checks into the seller prior to making payments, not after; and
- check the average price of a product and consider if the price is too good to be true. It may probably a scam. If it looks like a duck, walks like a duck and quacks like a duck…it probably is a duck. The same applies to a scam. If it looks like a scam and feels like a scam, it probably is a scam.
To spot and prevent ‘vishing’ fraud:
- never share personal and confidential information with strangers over the phone no matter how convincingly they try to tell you they are calling from your bank. Visit your nearest bank branch to address the query;
- banks will never ask you to confirm your confidential information (OTP, CVV or PIN) over the phone;
- never give in to pressure. If someone tries to coerce you into giving them sensitive information, hang up and immediately contact your bank’s fraud department to report the incident;
- stay calm and don’t panic. Call your bank immediately after a suspicious call and verify with them whether there is a real problem on any of your accounts held with the bank;
- if you receive an OTP on your phone without physically making a transaction, it is likely that it is a fraudster who has accessed your personal information. Do not provide the OTP to anybody. Immediately contact your bank to alert them to the possibility that your information may have been compromised;
- always be sceptical. Even if your Caller ID gives the name of a bank, or some other company or organisation, it could be a trick;
- if you lose cell phone connectivity for some time or for no apparent reason receive an SMS for a sim swap or a number port you did not request, immediately contact your bank and then your network service provider.
To prevent phishing fraud:
- do not click on links or icons in unsolicited emails;
- do not reply to these emails. Delete them immediately;
- do not believe the content of unsolicited emails. If you are worried about what is alleged, use your own contact details to contact the sender to confirm;
- if you need to access your bank’s website, you are advised to type in the entire URL or domain name for your bank on the internet browser;
- check that you are on the authentic website before entering any personal information;
- if you think your device might have been compromised, contact your bank immediately and request that your account be blocked;
- create complicated passwords that are not easy to decipher. Change them often;
- safeguard your devices. Keep your cell phones and laptop safe and discourage multiple users on your device;
- secure your networks. Set strong passwords and ensure that the sites you shop on are secure and are the legitimate websites; the padlock on the browser must be locked; and
- avoid public WIFI connections and internet cafes for your online banking and purchasing.
Fraudulent emails are typically sent to customers to obtain the customer’s confidential internet banking access codes and passwords. Customers are encouraged to pay extra attention to email addresses that may seem genuine, and with what appears to be banking identification.
To Prevent ATM fraud:
- never ask a random stranger for assistance at the ATM and be wary of strangers offering unsolicited assistance or even asking you for help;
- ensure that you are not distracted in and around the ATM area, or before and after you make use of the ATM;
- if the ATM is in a secluded area or it seems to malfunction, rather go somewhere else to transact;
- ensure that your withdrawal limits are low, so that in the unfortunate event of a phantom withdrawal you do not lose too much money;
- never write your PIN on the ATM card;
- if your card is retained, phone your bank’s toll-free stop card line listed on the ATM immediately and stop your card. Do not allow a bystander to call the toll-free stop card line on your behalf- they could be tricking you into thinking your card has been stopped; and
- ensure that you will be able to call your bank immediately in the case of an emergency. If you leave your cell phone at home, it will be too late to stop the withdrawal of the funds from your account.
Employees typically receive a bonus at the end of the year as a reward for their hard work. We encourage recipients of these bonuses to utilise these bonuses in the best possible way:
- build an emergency fund to meet unforeseen contingencies;
- reduce some of your debt. Use some of your bonus to pay for existing debt; and
- use some of the money to invest for your dreams and goals, like your children’s education, building or renovating your house.
This is the time of the year for rest, relaxation and restoration. It is time spent with family where good memories are created. Consumers should avoid starting this season off in the worst possible way by becoming victims of fraud.