Two of the big banks, Standard Bank and Nedbank, have stepped up to the plate in the fight against phishing, the scourge of internet banking, by sourcing anti-phishing software and making it available to their clients free of charge.
The first bank to offer its clients the anti-phishing software Rapport says it is already seeing results.
Two weeks after making Rapport available for downloading from its website, Standard Bank has identified more than 5 000 clients whose computers are infected with 2 680 different viruses and has been alerted to more than 247 phishing websites to which its clients have navigated. (See "Types of fraud you should be protected from".)
A further 91 Standard Bank clients who installed Rapport ignored the software's phishing alerts and tried to log on to fraudulent websites. The software blocked their attempts and reported to the bank the clients' attempts to log on to the phishing sites.
Ross Linstrom, a spokesperson for Standard Bank, says the bank believes the software has prevented potential fraud of about R3 million.
Clive Pillay, the Ombudsman for Banking Services, says Rapport is a giant step forward in the fight against phishing, but the onus remains on consumers to be vigilant when transacting online.
"If you do ignore warnings from the new software and enter a phishing site regardless, you are unlikely to be able to hold the bank liable for your losses," he says.
The country's banks have made anti-virus software, such as PC-Cillin and McAfee, available to their online clients. However, anti-virus software has not helped clients to identify phishing emails quickly and easily.
A phishing email is an email that claims to come from your bank. It usually asks you to click on a link within the email. The link will take you to a website that looks like your bank's website, where you will be asked to enter your banking log-on information. Criminals use the information you enter to access your genuine bank account and then steal your money.
Consumers continue to fall prey to phishing scams despite repeated alerts from the banks that they will never ask you to confirm your banking log-on details in an email or follow a link in an email to enter a bank website.
Itumeleng Monale, the director of self-service banking at Standard Bank, says that last year 500 000 phishing websites were identified and an average of 294 financial institutions were targeted by online criminals worldwide.
"Phishing globally costs customers and the financial industry billions of rands annually.
"Standard Bank believes that with the introduction of the free Rapport secure browsing software it has provided our customers with an effective mechanism that will help prevent them from divulging sensitive and personal financial information to third parties over the internet," she says.
Lee Albertyn, Nedbank's head of self-service banking, says Rapport should be available to Nedbank's online clients from next week.
"We have researched other types of software, carried out a due diligence study and have also run a pilot test with our staff over the past months. So it is with confidence that we can say we are offering consumers the best protection on the market," he says.
Rapport is supplied by Trusteer, a global provider of secure browsing services. International banks use the software to secure more than six million customers' browsers from phishing attacks and fraudulent websites.
Monale says the software strengthens customers' online security by "locking down" the connection between their computer and Standard Bank's internet banking site.
The software warns you if you are being directed to a counterfeit website. Unlike conventional security software, which can block attacks only from phishing sites that have already been identified, Rapport can detect new threats.
The software can also inform Standard Bank of potential bogus websites so that the bank's security division can take steps to stop attempted fraud.
"Standard Bank sees the introduction of the secure browsing software as a major step forward in assisting customers with safe and secure online banking. Very often, customers have little recourse in claiming funds back from banks if they have compromised their personal financial details over the internet. Standard Bank believes that the introduction of Trusteer's Rapport secure browsing software will greatly reduce customer exposure to online threats, like phishing," Monale says.
You can download Rapport for free from the Standard Bank site, and you will be able to download it from the Nedbank site next week if you are a client of those banks.
Lee-Anne van Zyl, the chief executive officer of First National Bank (FNB) Online, says such software is only one option to address phishing. FNB uses a layered approach, which includes the use of one-time personal identification numbers and consumer education, she says.
Carl Louw, the head of Absa's internet banking, says the bank has offered its online clients free anti-virus software since 2003, and recently it introduced free anti-virus software for clients who bank using their cellphones.
Phishing criminals are now moving into the social networking space, targeting accounts on Facebook and Twitter, so you need to be security conscious when you are networking online with friends and family.
Henk Vermeulen, First National Bank's credit card fraud specialist, says criminals hack into a social media account and send a message, such as "Is this you in the video?", with a link to a website, to each person on the accountholder's friends list.
If you click on the link, you are directed to a log-on page, where you are asked to provide a username and password, he says.
Vermeulen says the criminals can then try to access your bank account using the same log-on details, because most people use the same log-on details for all their online accounts, such as social networking sites and tax filing.
Global software company Trusteer reports that 73 percent of bank clients use their online banking password to access other websites, and that 47 percent use both their banking username and password to log on to other websites.
"The key to a strong password is to increase the complexity and length of the password," Vermeulen says.
"Use a variety of characters - don't just use letters; include symbols, punctuation marks and numbers where possible. Your password should be at least 10 characters or more."
He says another rule of thumb is not to use the same password for different websites, because, should you fall prey to a phishing scam, this will prevent criminals from being able to access all your online accounts.
You should also refrain from using the "remember this password" facility on computers.
According to the Trusteer website, Rapport will protect you from the following types of online fraud:
is when a criminal creates a website (the phishing site) that looks like a website you know and trust (for example, your bank's website). The criminal sends you an email, which appears to come from a legitimate company or organisation, such as your bank, that invites you to visit the phishing website. The website will ask you to enter your log-on details (for example, your online banking username and password), so that the criminal can grab them. The criminal can then use your credentials to log on to a genuine website and conduct fraudulent transactions.
directs your browser to a fraudulent website each time you type the address of a genuine website into your browser's address bar. This is accomplished using various techniques, such as infecting your desktop with malware (software designed to infiltrate your computer's security system) or by compromising the servers in your internet service provider's network. When you try to log on to the fraudulent website, it will grab your log-on credentials. A criminal can use your details to log on to the real website and perform fraudulent transactions.
is malicious software that secretly installs itself on your computer. The keylogger records your keystrokes and sends this information to an online criminal.
is an advanced variation of phishing and pharming. You sign into a genuine website and transact, unaware that all the information exchanged between your computer and the website is being sent to a criminal. The criminal can view your private information and can alter your transactions. For example, if you request to transfer an amount of money to a payee, the criminal can change the payee's identity and have the money transferred to a different account.
refers to malware that resides inside your browser in the form of an add-on (such as a toolbar). The malware controls everything that happens inside your browser. It can read sensitive information, such as your sign-in credentials, and pass it on to a criminal. It can also generate transactions on your behalf, such as transferring money from your account.
refers to malware that takes pictures of your computer screen and sends them to a criminal. The screen shots can include your bank account details and the log-on credentials you enter using an interactive keypad.
refers to malware that steals information while you are on a website and sends it to a criminal. The criminal can use the information to take over your session on the website and to bypass the authentication process required to log on to the site.
Typical security software consists of a database of malicious software and hostile websites that the software uses to detect and remove threats from your computer.
According to the Trusteer website, Rapport uses a different technology in that it can tell when you are accessing your bank's website and are executing transactions, submitting log-on information and reading bank statements. During that time, Rapport applies layers of access control around your sensitive information and prevents malicious software and hostile websites from accessing or tampering with the information and transactions.
"Any unauthorised access attempt, such as an attempt to read your password or alter your transactions, is immediately blocked.
"Rapport's access control policies are set by your bank. Banks that work with Trusteer build and maintain policies that define which information is sensitive and which operations on this information should be restricted," the Trusteer website says.
Albertyn says that Rapport is configured for the Nedbank or Standard Bank websites, depending on the site from which you download the software. However, you can add other websites and customise the security settings.
"The software will then pick up any attempts to mimic the sites you have specified. For example, you could protect a hotmail account. The software will then alert you if you are trying to enter your hotmail details on a site that looks like, but is not, the legitimate hotmail site," he says.
Albertyn says the anti-phishing software is not a replacement for anti-virus software, and ideally you should have both installed on your computer.
"Although the software will warn you of phishing attempts and will identify bogus websites, the onus is still on the consumer to remain vigilant at all times," he says.
Here are the contact details of the major banks if you want to report suspicious activity on your online bank account or an email that looks fraudulent:
- Absa - 0860 557 557 or sup4@absa.co.za;
- First National Bank - 011 632 2226 or risk.online@fnb.co.za;
- Nedbank - 0860 115 060 or phishing@nedbank.co.za; and
- Standard Bank - 0860 123 000 or secure@standardbank.co.za