1. PHISHING
Phishing is a method of deceitfully obtaining personal information such
as passwords, identity numbers and credit card details, by sending
e-mails that look like they come from trusted sources, such as banks
or legitimate companies.
Typically, phishing emails request that users click on a link in the email
which will direct users to a spoofed website – a site designed to fool
users into thinking that it is legitimate – to obtain, verify or update
contact details or other sensitive financial information.
This spoofed website will look almost exactly like a legitimate website of
a well-known financial institution. Phishing emails, which are a form of
spam, are typically sent by the thousands to consumer email accounts.
The bad guys hope that they can trick recipients into disclosing their
personal information in bogus online forms on the phony websites.
• Never respond to communications appearing to be from your
bank that request your personal details. Remember that no bank
will ever ask you to confirm or update your account details via
email, sms or telephonically.
• Never follow a link on a mail or sms to access your bank’s
webpage. Always access the webpage by physically typing the
name of the web address that you were given when you signed up
for Internet Banking in your browser and confirm that you are on a
secure site by looking for the little “lock” icon on your browser as
well as the “s” after http in the website address, before logging on.
• Never provide your online ID, password or PIN to anyone and
never write them down or share them - not even with a bank
official.
• Do not save your Internet Banking password on your desktop.
• Do not make your passwords too personal - rather create
passwords that have letters, numbers and symbols in them that
cannot be attributed to you.
• Do not leave your computer unattended after you have entered
your Internet Banking password.
• Always log off or sign off at the end of a session.
• Avoid doing Internet Banking in public areas such as Internet
cafés, or on any computer that can be accessed by people you
do not know.
• Change your PIN and passwords frequently.
• Place sensible transaction limits on your accounts.
• Ensure that you have the latest anti-virus software applications
loaded on your computer, and make sure that you download all
security patches for your operating system in a timely fashion.
• Only provide your credit card details to reputable companies.
• Do not open email from unknown sources – delete them
immediately, even if the title and sender details appear to be
related to your bank.
SIM SWOPS
SIM card swopping (also known as SIM SWOP) is a form of fraud where
criminals request your mobile phone service provider (MSP) to transfer
your existing cell phone number onto a new SIM card by pretending to
be you, or pretending to act on your behalf. The fraudster will produce
falsified copies of your Identity document, Cellphone number and other
FICA required document that may convince the MSP that the request
is legitimate. Once they have illegally assigned your cell phone number
to their SIM card, they will receive all your calls and SMS’ notifications,
which may include your in Contact and One Time Pin (OTP) messages.
Your phone will stop receiving any incoming calls or messages. SIM
swop fraud almost always works hand-in-hand with phishing/smishing,
so the same protection mechanisms should also apply (do not click on
links from emails, SMSs, etc purporting to be your bank and enter your
log-on information).
• The first line of defence against SIM swaps is to protect your
personal and cellphone account information from known or third
parties and websites (such as cellphone contract type, debit
order dates, ID, addresses, transaction behaviour, etc). This is the
information most Mobile Network Operators will ask for when you
are trying to conduct a SIM Swop.
• Be vigilant and always aware of your mobile phone’s network
connectivity status. If you realise that you are not receiving any
calls or SMS notifications, something may be wrong and you
should make enquiries to be sure that you have not fallen victim to
this scam
• Some Mobile Network Operators send customers an SMS to alert
them of a SIM swop instruction and customers should contact
their Mobile Network Operators if the request is fraudulent.
• Do not switch off your mobile phone in the event you are receiving
numerous annoying calls, rather not answer the calls. This could
be a ploy to prevent you from noticing that your connectivity has
been tampered with.
• Have your mobile phone services provider’s numbers written
down somewhere close by. This way you can phone to check
whether anything suspicious has taken place.
• Register for SMS notifications when there is any activity on your
bank account so that you can be alerted to any attempt to move
funds from your account.
• If you are already registered for SMS notifications, keep your
mobile phone with you and on, at all times so that you can
respond to any suspicious activity immediately.
• SIM swop fraud almost always works hand-in-hand with phishing/
smishing, so the same protection mechanisms should also apply
(do not click on links from emails, SMSs, etc purporting to be from
your bank and NEVER enter your log-on information).
• Make a habit of checking your bank statements and online
banking transaction history regularly. In this way, you will able to
timeously identify any unauthorised transactions
INFORMATION SECURITY
CYBER CRIME AWARENESS CAMPAIGN 2013
“Don’t Get Caught”
2. DANGERS OF ALLOWING PEOPLE TO USE
YOUR BANK ACCOUNT
People that lend others the use of their bank accounts to receive
money may be involved in money laundering. Money laundering is any
action that is aimed at illegally disguising the proceeds of crime and it is
a punishable offence by law.
• Do not make your bank account available for use by anyone but
yourself. People who are involved in crimes often offer money to
others to assist them to make funds seems legitimate by allowing
them to make use of their accounts to deposit and withdraw funds
from.
• Your account could be used to facilitate the proceeds of crime
• You can be prosecuted for Money Laundering if you ought to have
known that the account was being used to facilitate crime. Turning
a “blind eye” will not be accepted as a defense in a court of law.
• Do not be tricked into opening a bank account with money lent
to you by someone pretending to offer you work and then asking
you to hand over your ATM card and PIN number so that they can
recover the funds that they lent you. This is a scam to get control
over your bank account.
• Handing over your credit/debit card and PIN will assist fraudsters
to clone your card and remove your funds or the proceeds of
crime from your account without your knowledge which you can
become liable for.
COMPUTER AND MOBILE SECURITY
GENERAL
When you use a personal computer (PC) or a mobile devise such as a
phone or tablet, you need to ensure that the devise you are using has
appropriate security. This is particularly important when you are using
that devise to conduct your personal and financial business, such as
Internet or mobile banking. Cyber criminals are always on the look-out
for vulnerable PC’s and mobile devises that they can compromise for
the purpose of creating avenues of defrauding these devices’ owners.
• Ensure that the device that you use to do internet or mobile
banking has appropriate and updated security packages installed.
• Do not use public computers like Internet cafes to do internet
banking
• If your computer hangs, rather re-boot and ensure that the anti-
virus is up and running
• Ensure that your anti-virus software’s trial period has not expired
or is out of date
• Only use security packages from reputable vendors
• If you are using a Microsoft operating system, use their free tools
to detect and clean your computer should it already be infected
• Know what packages you have on your system so that you can
recognise fake messages purporting to be from service providers
whose packages you have not installed
• Use robust passwords that include letters, numbers and symbols
and are longer than 6 digits at the very least
• Do not use obvious information in your passwords like your own
name or birth date not that of family members.
• Do not share or disclose your username and password to others
• Do not write username and password down where others can see
it
• Change your PIN and passwords frequently.
• Log out or sign off the banking site after completing transactions
• Lock your computer screen when leaving it unattended
• Keep systems up to date
• Beware of technical support scams. Reputable software service
providers will not cold call you to put pressure on you to install
software on your computer.
• You should prevent illegal software from being downloaded on your
computer without your knowledge by creating administrative
rights. This will request you (the administrator) to authorise
or reject the installation.
BEWARE OF MALWARE
Malware, or malicious software, is software
that cybercriminals use to interrupt normal
computer operations so that they are able to
steal sensitive information form unsuspecting
computer users such as Internet banking logon
details.
• Don’t download software until you’ve verified its
security and privacy features.
• Install anti-malware software that’s specifically
designed for your mobile and personal computer.
• Be suspicious if you receive lots of spam e-mail or SMS messages.
It could indicate that your computer or mobile phone has been
infected with malware
• Beware of fake anti-virus software that is offered at no charge as
it could contain malware intended to infect your computer
• Don’t use unknown devices like USB flash drives, on your system
as it may transfer malware unknowingly
• Beware of deceptive downloads such as software, music and
movies from sources other than reputable vendors
• Avoid downloading pirated software as it may contain malware
• Do not respond to pop ups that ask for your personal information
CYBER CRIME AWARENESS CAMPAIGN 2013
“Don’t Get Caught”
3. whilst in a secure banking session.
MOBILE BANKING SECURITY
• Keep your mobile phone manufacturer’s software up to date
• Avoid sharing your mobile phone with others
• Don’t let people use your mobile until you’ve logged out of secure
sites such as Mobile Banking.
• Use your phone’s security features, e.g. phone lock password
• Keep your banking passwords secure.
• Do not save any personal identifiable information on your phone,
e.g. ID nr, bank account detail, etc.
• Password protect your mobile phone. It might sound basic, but
too often many people find it inconvenient to type in a password to
access information on their smartphones..
• Install mobile security software. Protect your sensitive data with
strong security software designed for a mobile device.
• Don’t install third-party banking applications. Only download
applications from trusted sources such as directly from your
bank’s website or a legitimate application store.
• If you are going to use your mobile phone to access your bank’s
website, make sure you’re actually on your bank’s website by
typing the name into your browser. Check that the website is
indeed the secure website by looking for https in the web address.
Without the “s”, the address is not secure.
• Communicate carefully with your bank. Understand that your bank
won’t send emails or texts asking for personal information. Don’t
save messages from your bank containing sensitive information in
your mailbox.
SHOPPING ONLINE
• When shopping online ensure that the website has a valid secured
certificate (closed lock at the bottom of your screen) and the
web-site address line starts with https before inserting your card
details.
• Only make purchases from reputable merchants online as they will
often take precautions to ensure safe transacting.
• Never allow merchants’ websites to save your personal and
banking details. When the option present itself, always click “No”.
• Never save the Password and Pin on your desktop - as it may
allow others to access your personal information, without your
permission
• Do not purchase anything from a website that its source is a link in
an e-mail, as it could lead to a phony website.
CYBER CRIME AWARENESS CAMPAIGN 2013
“Don’t Get Caught”
• Read the terms and conditions of the sale carefully to avoid
accepting condition that you were not aware of.
• Scrutinize your credit card statements closely to check for
unauthorized purchases. Contact your credit card issuer
immediately if you suspect that you have been defrauded.
• When receiving promotions or special deals via email, telephonically
or from online web-sites, if interested, always verify the validity of
the source prior to providing your personal and banking details for
your account to be debited.
• Protect your computer by installing and regularly updating the
latest anti-virus software applications on your private PC’s and
keyboard for
• Install a spam blocker on your system. This will ensure that
fraudsters find it difficult to send you phishing emails.