The timing was not good. My daughter, who’s just completed her degree and is about to move out of her private res, informed me that the microwave in her unit had stopped working. I shot off a series of Whatsapps. Tell the management about it, as soon as possible. How old is the microwave? Is it still under warranty? If you didn’t do anything negligent, you’re not liable and they can’t deduct a wear-and-tear issue from the deposit.
A short while later she forwarded me the message the manager had sent her: “Will ask (the resident handyman) to attend to it. You won’t be held responsible.” Followed by hug and flower emoticons. I felt both relieved and silly. That’s what decades of doing this job has done to me — I’m primed to expect the worst because that’s what I deal with daily on behalf of consumers.
Mind you, expecting the worst has saved me from a bad situation more than once. A couple of months ago I was the target of the e-mail hacking scam. I was due to make a payment to a firm of attorneys, when I got an e-mail from the woman I’d been liaising with, supplying the firm’s bank account details. I’ve interviewed too many traumatised people who’ve lost money to this scam not to be paranoid. So I called the woman (from the number saved in my phone, not the one in the e-mail) to ask whether she’d sent the e-mail. No, she hadn’t; and she was mortified.
What happens is fraudsters hack into the e-mail systems of companies which receive large payments from clients — firms of attorneys, caterers, contractors, you name it — and monitor e-mail correspondence between the company and its clients. When the invoice is sent, they intercept it, and insert their own bank details, then alter the e-mail address ever so slightly, before sending it on to the unsuspecting client. This is why I never pay an invoice sent via e-mail without first phoning the company to check. And nor should you.
It’s been a while since someone from my bank’s fraud division called me to check if a payment I made with my credit card was in fact made by me. But should it happen again, I’ll hang up and call the bank back on the number saved in my phone.
If your phone is stolen, the first call you must make is to your bank, so that they can safeguard your account.
Here’s why: vishing — fraud committed via voice, specifically a phone call — is particularly rife at the moment. I’ve been warning people about it for a while now, but I’m still hearing from victims or their families every week.
How it works: the fraudster calls the would-be victim on their cellphone saying several fraudulent transactions have been detected on their credit card, and they need the cardholder’s help to stop them.
“Please read out the codes that you will be sent via SMS ...” Of course what those who fall for it end up reading out to the fraudster are the One-Time-Pins sent to them via SMS by their banks. Armed with those precious OTPs, the fraudsters can then embark on a shopping spree at their victim’s expense. It’s mostly elderly people who fall for that scam, and usually it’s their sons or daughters who approach me for advice.
A day ago, as I write this, Marc e-mailed to tell me that only after his 76-year-old mother died suddenly last month, and the family was dealing with her estate, did they discover that she’d fallen for a vishing scam. Within a single day, the scamsters emptied her bank account by means of 88 separate transactions. Despite the fact that she barely used that account, the bank in question did not contact her about that most suspicious activity on a pensioner’s account.
Oh, the awful irony. “It boggles the mind how there was no security or fraud alert raised on something so completely extraordinary and unusual, not only for a pensioner’s account, but for probably over 95% of the personal banking account population,” the son said. And he has a point. I’ve asked the bank about that — it has offered the woman’s estate a 50% reimbursement of her losses — and will report back in full in due course.
Meanwhile, please have this conversation with older folk who have credit cards. They must never read out any codes over the phone, even if they believe they are talking to someone from their bank, and no matter how panicked they are about losing their money. Hang up and call your bank.
Many people have claimed that the fraudsters must be getting those client’s details from bank insiders. Not so, says Standard Bank’s head of fraud, Carolina Reddy. People leave their personal details all over the place — for example, on Facebook, because they don’t make their settings private, and on Covid forms — name, cell number, address,” she said.
I can’t end this sad tale about the ways people raid our bank accounts without repeating the stolen cellphone scenario. If your phone is stolen, the first call you must make is to your bank, so that they can safeguard your account. For good measure, go to another device and delink your phone’s banking app from your account, via your settings. If you bank with Nedbank, you can’t do this yourself, yet. Then check that your banking passwords are not saved on your phone. You may not think they are; many have been surprised.
On Android devices open the Chrome application and select settings and then passwords; on IOS devices, select settings, then passwords and accounts, then website and app passwords. “If you have passwords for other apps saved there, be aware that fraudsters know that most people use variations of the same password on multiple apps and accounts, so with a little trial and error, they can figure out your banking app password,” Reddy says.
Trust me, it pays to be paranoid when it comes to safeguarding your bank account. And to use a series of random passwords unrelated to the names and birth dates of your family and pets.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.