Criminals constantly update their scams as their target audience becomes aware of their methods. The fastest-growing fraud tactic is vishing, a term coined by combining "voice" and "phishing", which sees fraudsters using voice instead of phishing (when potential targets are contacted via email, telephone or text message).
According to the Ombudsman for Banking Services, credit card fraud has outpaced all other forms of bank fraud in recent months, with many older people, in particular, being duped by fraudsters posing as bank officials into revealing their one-time-password (OTP) over the phone.
Forget phishing; 'vishing' is the new bank fraud threat
When was the last time you got a phishing email? In my case, that was many, many months ago.
You know, an email that’s designed to look like it’s from your bank - or another bank - telling you that you need to upgrade your security urgently to prevent fraud on your account and instructing you to click on a link.
That links lead to you providing your bank log-in details and password, a cellphone sim swap gets your one-time-pin (OTP) sent to the fraudster’s phone instead of yours, and into your bank account they go.
Most people are wise to that one now, so the fraudsters have moved on.
According to the Ombudsman for Banking Services, Reana Steyn, credit card fraud has been rapidly outpacing all other forms of bank fraud in recent months, with many older people, in particular, being sweet-talked by fraudsters posing as bank officials into revealing their one-time-password (OTP) over the phone.
Here’s how it works.
They get your bank account number from the dark web - very easy to do, apparently.
Log in details are a bit harder for them to get, but thanks to malware, or “malicious software” - computer programs which infiltrate computers without the user’s consent - they can get them by recording your key strokes.
What they still need though, in order to use your credit card details to buy stuff online, is the OTP which your bank sends to you via your cellphone or email.
And they need to get that from you. So they phone you and pretend to be from your bank’s fraud department - complete with call centre sounds in the background, and scare you by saying they believe fraudulent transactions are about to go off on the account or have just gone off.
Then they say: “To reverse them, I need to authenticate you, you must accept a pop-up on your phone… just read those numbers…"
What they are referring to is that OTP sent by your bank. But by calling that number something else, and stressing you out about losing a lot of money, there’s a good chance you’ll read out the number without realising what you’re doing.
Especially if you are older and not too tech savvy.
Once the fraudster has that number, they can shop with your card.
A few years ago, credit card fraud was number five in the Banking Ombud's list of complaint categories, and now it’s number two, making up almost 20% of all complaints.
That’s up from about 12% in December.
“At this rate, it will soon overtake internet banking fraud to occupy the top spot,” the Ombud said.
In one case, she said, a fraudster asked a woman if she’d like to convert her bank rewards points into cash. With that benefit in mind, she read out her OTP.
Alarmed at getting similar calls the same day, she phoned her bank, but she had already been defrauded of R11,200.
What to do:
Very important - have your bank’s fraud hotline number saved in your cellphone. If you get a call from someone claiming to be from your bank’s fraud department, end the call and phone the number that you’ve saved yourself for your bank’s fraud department.
Then ask if your account has been red flagged for some reason.
Never share personal and confidential information with strangers over the phone.
Banks will never ask you to confirm your confidential information over the phone.
If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information. Do not provide the OTP telephonically to anybody, no matter what other names they call it.
Contact your bank immediately to alert them to the possibility that your information may have been compromised.