One of our editors fell victim to a banking app scam — here’s how you can avoid being ‘hacked’
A new bank scam has left victims broke and feeling vulnerable.
Fraudsters play a psychological game to make clients trust them, and then clean them out. TshisaLIVE editor Karishma Thakurdin was recently a victim, and she lost thousands.
An “Absa consultant” called her to warn about a “suspicious debit order” from a company called “Big Five”. The “consultant” said the call was to verify if she had any dealings with the company.
After she told the “consultant” she had not and had never heard of the company, the “consultant” promised to block the debit order from Thakurdin's account, and block the company from trying to access her account in future.
After a while, Thakurdin was put through to another “consultant” who identified herself as “Portia Gumede” from Absa's fraud department. Gumede asked for a reference number, which Thakurdin said she did not receive from the first “consultant”.
Gumede then asked Thakurdin to log in to her banking app to authorise a request “to block any future Big Five debit orders”.
Thakurdin believed Gumede was trying to help her, only to later learn she had been scammed.
After dropping the call, Thakurdin received SMSes from Absa confirming several transactions were made on her account, including her savings account.
“The scammers were so believable and their modus operandi made me trust them instantly,” she said.
“It was shocking that they asked me for no details, except to accept a push notification, so they had already hacked into my internet banking. They had my name, surname and cellphone number.”
Thakurdin said she logged a fraud case within minutes of the incident and was told the matter was being investigated.
“Taking the recent data breach into consideration, it's not my fault that all my personal information could have been leaked through the breach, which made me, as a client, more vulnerable,” she said.
“My hard-earned money was stolen. The scammers intercepted my internet banking on their own, so I am holding Absa liable.”
Another victim who fell for the scam was Newzroom Afrika journalist Malungelo Booi.
He shared on social media that a woman using the same name called him and warned about a travel company that wanted to debit R500 from his account.
“I got a call from a woman who introduced herself as Portia Gumede from Absa's fraud division. She said a travel company wants to debit R500. She wanted to confirm this but I said I know nothing about a travel company,” he said.
“The woman did not ask for any of my personal information and did not ask me to confirm anything besides saying I have not agreed for a travel company to debit money from my account.
“She said I would receive an SMS from the bank and should reply to the SMS by pressing 1 to confirm that I don't want the debit order to go through. I did this, and she even gave me a reference number.”
Booi said after the call he received a text from the bank saying their fraud division officials were trying to contact him and he should call them.
“I was confused because I thought I had spoken to Portia who said she was from the division. I checked my phone again and saw several messages from Absa confirming several transactions were made on my account through my internet banking, which I have not used for a while,” he said.
Absa aware of scam
Speaking to TimesLIVE, Absa's head of fraud solutions, retail and business bank, Ally Mafunzwaini, said the bank was aware of the scam.
Mafunzwaini said this modus operandi was not unique to Absa customers and was prevalent across the banking industry.
“Fraudsters pretend to be from the customer’s bank or another organisation and offer to assist customers with solutions including, but not limited to, a reversal of unauthorised transactions and payment relief options relating to Covid-19.
“During the challenging pandemic, an acceleration of the digital journey, including e-commerce transactions has been observed. It’s therefore expected these transaction methods will be targeted by cybercriminals in the future,” he said.
He said clients must be more vigilant to fraudsters’ sinister behaviour, and that fraud remained a global phenomenon fuelled by ever-evolving methods.
“As a response, and in the interest of our customers, we continuously make substantial investments into our safeguards. However, successful fraud prevention requires all parties, including Absa, customers, and the industry, to play their respective roles in full,” he said.
Asked if the bank would reimburse the victims, Mafunzwaini said; “The unique circumstances of each case and our customer-centric approach, powered by our digital fraud warranty, are contributing factors to our decision to reimburse customers based on the merit of each case.”
Capitec warns customers of same scam
Capitec warned that it was aware of a similar tactic used by fraudsters to target its clients, particularly the elderly.
“Fraudsters will call you claiming to be from your bank's fraud department, warning that there was either an attempt to commit fraud on your account or that a stop order was loaded. For them to block this activity, consumers are told to approve the confirmation messages sent to their banking app using their PIN,” the bank said.
The fraudsters then lead the panicking consumer through the process of performing a transaction on the app, unknowingly transferring funds to the fraudster.
Capitec said banks would never call a customer requesting personal details or their PIN, or ask a customer to approve transactions.
In June, the SA Banking Risk Information Centre (Sabric) released its annual crime statistics for 2019, which showed digital banking fraud incidents increased by 20%.
Tips to avoid scams
Here are tips bank clients can use to avoid scams.
- Ignore any SMS or e-mail notification that asks you to follow a link and provide your username and password.
- Do not store any banking credentials on your smartphone.
- Do not let your browser (Safari, Chrome and others) save your banking passwords.
- Ensure your banking credentials are unique and not used to log in to other websites, e-mail accounts or apps.
- When selling your cellphone, ensure all your details are removed, the banking app is uninstalled and delinked from your banking profile, and the phone is reset to factory settings.
- Never leave your smartphone unattended when you are logged in.
- Use two-factor authentication whenever possible to increase the security of your login.
- Do not jailbreak (your iPhone), use pirated software or compromise the security of the software on your device as this could easily lead to attackers spying on you without your knowledge.
- Install a reputable anti-malware solution on your device to detect and block signs of malicious activity, and remember to keep the software updated to ensure maximum effectiveness.
- If you receive a suspicious phone call, drop the call immediately.