We all know we should never tell someone our banking PIN number, or allow a person behind us at the ATM to see the numbers we’re pressing. However, just as cyber security firms and banks warn us of a new scam, criminals are already working on the next.
With Black Friday, Cyber Monday and the festive season coming up, experts are urging consumers – particularly online shoppers – to be extra vigilant. While the list of scams is lengthy, here are a few to watch for while you’re distracted by potential bargains.
Phishing
While phishing has been around for a while, people still fall for it. Fraudsters send you unsolicited mails, claiming to be from a reliable organisation like a bank or a well-known service provider, asking you to update or confirm your banking or other personal details by clicking on a link or icon.
A fake website that looks like the legitimate company’s one is launched, and you’re asked to provide account details, username or password for online banking, e-mail account, cellphone number or bank card details. The minute you do this, you’ve given access to the criminals and you’re paying the price for it within minutes.
No matter how legit a mail and website look, no bank or other genuine company will request a change in your details via e-mail. Sadly, the bank or service provider is not responsible for you giving your details online. If you get an e-mail of this nature, look up your bank’s fraud division and mail it to them.
Vishing
This is when emboldened scammers phone you claiming to be from your bank and asking you for your details. They may know enough about you (full name, e-mail address) to make it sound legitimate.
All the details your bank will never ask for over the phone – account details, password, PIN or OTP – is what they’re looking for. Sometimes, the “hook” is that they have funds that have been paid to you, but they want to verify the validity of the funds.
Sometimes they claim to be from your bank’s fraud department and will even give you a phone number to call back on. When you call, you’ll get another scammer who will “verify” you’ve reached your bank.
Best way to avoid falling foul of this scam is to check your bank’s fraud department number online and phone them directly.
Remote access takeover
Here, criminals trick you into giving them access to your computer, where they download remote access software. This is particularly insidious because they may pose as an IT technician; your bank’s security department – or even the “friend of a friend who’s great with tech issues”.
You may be asked to download ‘protective’ software and then to log in to your online banking profile to pay for the download. The fraudster kindly talks you through the installation process and, once installed, asks you to log in to your online banking profile to check if it’s correct – or make a payment for software or service.
Then, your screen goes blank and then begin getting One-Time Passwords (OTPs) to confirm transactions you didn’t make, while the criminal reassures you the OTP is required to complete the software installation, and asks you to forward the OTPs so they can complete the process.
Within a few minutes, you are paying for airline tickets, kitchen appliances or family gym memberships in foreign countries. Again, do not blindly follow instructions – or download software – from any company or bank you are not familiar with.
Change of banking details
This scam has been around for years, but appears to be making a comeback. Fraudsters send an e-mail posing as one of your suppliers, or someone you need to pay, telling you their banking details have changed and giving you a new account number, usually with the same bank you regularly use for these payments.
Of course, the bank account does not belong to your service provider and the scammer has shifted it from the “new” account to another bank faster than you can say, “please send proof of payment”.
To lower your risk of being scammed this way, carefully check the e-mail address of the sender – it often appears to be legit at a glance, but there will likely be a letter, number or spelling change in it.
If any of your creditors or suppliers sends an e-mail noting a change of banking details, always call their accounts department – or a senior manager – before making a payment.
Check scam alerts online
The list of scams ready to ensure your festive season isn’t festive at all is endless. Familiarise yourself with everything from the “SIM swap scam” to the “deposit and refund rip-off”, as well as the “dating and romance scam” where you lose your heart – and all your money – to someone who really doesn’t exist.
All the major banks have a “scam alert” page on their websites, and all regularly remind clients not to click on links in e-mails or tell anyone their PIN or other banking details. No matter how professional the e-mail or phone call appears to be, always check with your bank’s fraud department before giving out any details at all. Remember, your bank may not be held liable for any losses when you have given out your details.
As 2020 comes to a close, stay alert to the con artists who will happily take your hard-earned money from you given the chance. Then, choose some great Black Friday sale treats and enjoy them – but take care when making payments online, change your passwords regularly, and do not give your PIN or other personal details to anyone.