The internet is rife with scam artists and most people are aware of this, but that just drives the fraudsters to get more creative with their deceptions. FNB recently issued a warning to clients about an email-based scam doing the rounds that tricks people into giving up their banking information. And they’re not the only ones - most banks have been hit with similar or other fraud attacks, with Standard Bank receiving the most recent - totalling around R300m last month.
There are many ways in which modern thieves steal this money. Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity in an electronic communication. Keep in mind that the following scam isn’t specific to FNB and is just one of the latest variations of the scam.
The email appears to come from an official FNB email address and states that your OTP (one-time PIN) service has been turned off, providing you with a link for reactivation. The link then takes you to an exact replica of the FNB website, which asks for your authentication credentials. Once you enter your details into the site the swindlers will have everything they need to access your banking profile.
Our banks will never ask you for your username, password or PIN by email, SMS or phone call. It is also important to remember that should you require to go to a banking website, it is safer to type the web address into your browser rather than following a link.
Some other variations on phishing scams include:
Using online company biographies and profiles, cyber criminals specifically target executives and board members of companies. They then send emails that appear to be coming from the CEO or CFO of the company. This method has proven effective in convincing junior employees to make payments at the instruction of senior managers.
SMiShing is a phishing attack that is sent via SMS. Who hasn’t received an SMS stating that they have won R100 000 in a lottery? But it can also be in the form of traffic fines or bank deposit notifications or something else that sounds legitimate. If you happen to respond to the SMS, the scammer demands a “registration fee” or similar payment to extract cash from you.
It is remarkable seeing the amount of effort that is put into these shady undertakings. You should always take extreme care when divulging any sort of personal information over the internet and under no circumstance should you reveal your banking PIN.