Covid-19 pandemic is being amplified by a financial fraud crisis

The past few months have been tough for Jack and Sarah.

While they are committed to curbing the spread of Covid-19 and have gone out of their way to protect themselves and the people around them, they co-own a popular barber shop which was closed during the first phases of the national lockdown.

The lack of income has been a huge worry. Fortunately, the couple had accumulated savings over the years which were seeing them through this tough time, but these funds were fast running out.

At 7am on a cold May morning, Jack received a perplexing call from their bank. Their business account and personal savings had just been wiped clean by fraudsters.

The day before, Jack had received a call from a representative of a Covid-19 debt relief fund targeting small businesses affected by the lockdown. Jack’s business was selected to receive a financial donation from a “good Samaritan”. Hardly believing his luck, Jack rushed to tell Sarah about their good fortune, and quickly confirmed his personal details with the debt relief fund representative.

The representative was professional and explained the need for full co-operation to avoid losing out on the opportunity. He detailed the precise requirements, which included the need for Jack to share his online banking logon credentials — his account number, password and personal identity number (PIN). He even processed the approval instructions. Unfortunately, the relief fund never existed. Jack and Sarah had been scammed.

Fraudsters, impersonating a reputable organisation, duped them into disclosing their personal details or “keys to the safe”.

We all think it will never happen to us and we know the usual advice, including “no bank will ever ask for such details”. However, significant financial pressure can make even the most vigilant person fall for scams.

Jack was desperate to improve their situation. The business had applied for support and the details shared by the debt relief representative sounded credible.

Jack and Sarah’s story is not unique.

The profound financial consequences of Covid-19, compounded by SA’s pre-existing dire economic situation, has created ripe conditions for fraud to flourish.

According to Stats SA, the official unemployment rate increased by one percentage point to 30.1% in the first quarter of 2020. The economy also recorded its third consecutive quarter of economic decline, falling by 2% in the first quarter of the year. Worryingly, the number of unemployed South Africans has again increased.

These numbers are a double-edged sword — tough financial conditions are forcing fraudsters to intensify their efforts. On the other hand, the significant financial pressure brought on by the pandemic has put many consumers in a position where any financial lifeline may sound like a solution to a dire situation.  

As inhumane as these crimes are, fraudsters are growing increasingly more sophisticated in targeting unsuspecting people through social engineering (duping customers into disclosing their personal and confidential information). Worryingly, there is an upsurge in social engineering globally, and fraudsters use personal data from data breaches to impersonate banks with the sole purpose of tricking customers into granting them access to their money and bank accounts.

In Jack and Sarah’s case, they are prolific bloggers. Their personal information was harvested through a social media platform and used by the fraudsters to deliberately trick the couple into parting with their hard-earned money. In this instance, a bit of data created the impression the caller was legitimate as the “representative” knew the couple’s personal details.

Typically, criminals will approach unsuspecting consumers via e-mail, phone or text message and present themselves as members of a reputable organisation (an accredited non-profit organisation, a bank or a professional body). This lie is made more convincing by the sharing of personal information with consumers (to convince them of their reputability). Fraudsters then attempt to deceive unsuspecting people into disclosing their “keys to the safe”, including their online PIN, online passwords, card PIN, card CVV number, OTP, and/or authentication messages (RVN/TVN/SureCheck). Usually, fraudsters offer “deals” that are simply too good to be true and package these as a “once in a lifetime opportunity”.

Syndicates trade consumer data widely and harvest information through data theft, ransomware, password guessing, data breaches and social media platforms. Consumers are often unaware of this.

Armed with this data, expert fraudsters then try to influence customers’ rational thinking by causing excitement, distress and urgency.

In Jack and Sarah’s case, the fraudsters played on their desperation, resulting in Jack urgently “doing everything possible” to access a much-needed donation to support his business. The approach will lure consumers to interact and willingly share sensitive information that will grant syndicates access to funds, or convince consumers to direct payments to the scam. In both instances consumers are defrauded.

Popular and effective social engineering themes are phishing (e-mail message where consumers respond), vishing (phone call where consumers are asked to approve authorisations) or pretexting (contact consumers using e-mails or phone calls and asking for their financial information).

To compound matters, the Covid-19 pandemic has accelerated digital adoption as many consumers seek to minimise their exposure to the coronavirus. With e-commerce on the rise, we expect to see cybercriminals targeting these electronic transaction methods with renewed zest. Consumers and the industry need to prepare for the rise in e-commerce and the associated rise in sinister, fraudulent behaviour.

The current financial context requires us to preserve as much of our financial resources as possible.

In Jack’s case, the modus operandi dictated that the fraudster asked him to disclose his online banking logon credentials. The fraud succeeded because Jack shared his confidential details (including turnover statements, company registration, tax certificates, bank statements and online banking logon credentials). To make it more plausible, the fraudsters did not merely highlight the need for the customer online banking logon details. They asked Jack for various inputs to disguise the obvious need to get hold of his online banking details.

We all need to be ahead of the game when it comes to new fraud threats, trends and leading indicators. Just as one would follow medical advice, it is vital consumers apply maximum diligence when it comes to their finances.

While the industry is making substantial investments into our safeguards, successful fraud prevention requires all parties — banks, industry bodies and customers — to play their respective roles in full.

How does one avoid falling victim to scams and schemes? For every “fraud symptom”, there is a related counter or response:

Symptom

• Out of the blue contact to offer you opportunities you have not asked for;
• You have to download software or material;
• It requires you to provide “keys to the safe” (logon credentials, card details);
• It requires your electronic approval (online approval or OTP);
• It requires advanced payments/deposits;
• It cannot be validated by a third party.

Response

• If it’s too good to be true, it probably is;
• Pause and think before you respond;
• Out of the blue contact to offer you opportunities you have not asked for;
• Always question surprise calls from unknown parties;
• Never download software or material on instruction;
• Never share your “keys to the safe” with anyone;
• Never approve anything unless you’re transacting;
• Do not make advanced payment/deposits to strangers.

In the words of David Bernstein, president of the Bernstein Agency: “For every lock, there is someone out there trying to pick it or break in.”

Falling for a scam is easy. Arming yourself with enough information to prevent this is even easier.

• Ulrich Janse van Rensburg is the head of fraud strategy for Absa’s retail and business bank