You need to be on your guard even more so than before when you bank online or respond to emails, because fraudsters are becoming more sophisticated and harder to spot.
A Personal Finance reader became a victim of phishing (a form of internet fraud) last week, when she received an email - purportedly from Absa - that asked her to click on a link in the email and confirm her internet banking details.
"It was so real that I even received two messages on my cellphone when the link took me to what looked like the Absa website - one with a verification number usually sent to me by the bank so that I can log in and the second to tell me that I had logged on for internet banking," she says.
The unsuspecting woman updated her details, logged out and forgot all about it. But an hour later, she received a call from Absa's forensics department alerting her to suspicious activity on her account.
The account was suspended immediately, but it was too late - criminals had already taken R25 000 from her credit card account.
Christo Vrey, the managing executive of Absa's digital channels, says based on the bank's initial investigation, it would appear that the phishing email led the woman to a fraudulent website (which did not have the padlock security icon or the valid address of Absa's banking website). The criminals used the information she entered on that website to log into the woman's bank account.
The criminals began a transaction that automatically resulted in Absa sending the verification number and the notification of online banking activity to the woman's cellphone. The criminals sent the woman a second email that asked her for the verification number.
The woman thought the email really was from Absa and replied to it, providing the criminals with the number. The criminals used the verification number to increase her credit limits and to defraud her.
If you respond to such an email and provide criminals with the verification number, they have complete access to your account.
"No bank would ever send you a letter or email requesting you to update or verify your log-in details," Vrey says.
Alarm bells should start ringing if you receive an email that:
- Contains a threat that your account will be suspended or closed if you do not immediately provide your personal information.
- Solicits your participation in a survey that requires you to divulge your personal information.
- Asks you to submit your user identity, password or bank account numbers in an email or on a non-secure web page.
- States that your account has been compromised or that there has been third-party activity on your account, and requests you to enter or confirm your account details.
If your account has, in fact, been compromised, your bank will contact you directly by phone; it will never ask you to confirm your personal identification number (PIN) or security details. You should never disclose your PIN to anyone, even if they claim to work at your bank.
- Asks you to confirm, verify or refresh your account, credit card or address information.
If you are sent an email purporting to be from a bank and you follow a link in the message, check the address line in your browser before you enter any information.
The Personal Finance reader who was defrauded followed a link that read www.absa.co.za/absacoza, but when she went through to the website, the address line read http://alertnowonline.com/www.absa.co.za/absaupdate/new%20absa/ib.jsp%0d%0a
The address line should have alerted the reader that the website was fraudulent.
Fraudulent websites are often close replicas of bona fide bank websites. Criminals may even create an illusion of authenticity by including links to the privacy policy on a genuine bank website.
If you suspect that your banking details have been compromised, you should immediately change your sign-on details - your user identity, PIN and password. You can do this online from your own computer or from a terminal at your bank.
As an added precaution, you should notify your bank that you suspect that your personal banking details have been fraudulently obtained, so that the bank can monitor your accounts.