Bank warns against new wave of ‘vishing’ scams
By Jacquiline Pack
Bank Windhoek’s Executive Officer of Marketing and Corporate Communication Services.
In the past, the physical cloning of bankcards was one of the most prevalent methods fraudsters used to steal money from bank accounts. The introduction of chip cards forced fraudsters to seek other ways and methods to gain access to bank accounts.
These days, fraudsters have noticed that humans are the most vulnerable link in the security chain. As a result, fraudsters have shifted their focus to exploit this weakness. This has led to what we now call “vishing”, which is used on a large scale by fraudsters to target banking customers country- and worldwide.
Vishing takes place when the fraudster contacts a victim and pretends to be a bank official. The fraudster uses social engineering techniques to convince the unsuspecting customer to confirm their identity and disclose other confidential information. The customer willingly cooperates because he or she is under the impression that they are actually talking to a bank official.
Statistics indicate that fraudsters focus mostly on persons older than 60, but this can vary. The reason for targeting senior citizens is the notion that they are believed to be not technologically savvy and that they are easy to manipulate.
How vishing occurs
It is suspected that fraudsters gather information on their victims before they make the first call. Information includes name, address, telephone number and, in some instances, the branch where an account is held. The fraudster then calls the victim, mostly to a landline.
The social engineering marker that the fraudster uses to convince the customer to cooperate, includes a tone of urgency, which convinces the customer to take action immediately. An example that fraudsters may use is that there can be financial losses with fraudulent card transactions which have been identified on the customer’s account and that transactions can easily be stopped if the customer gives their cooperation.
Another popular way to convince the customer to cooperate is to inform them that software upgrades are required or their account will be blocked. In some instances, the fraudster pretends to be a police officer who arrested a person for possible card fraud and that they require from the customer verification of card numbers and accounts to confirm the fraud.
When the trust of the customer is gained, they are asked to supply their account’s username and password to access digital banking services. At this stage, the customer believes everything the fraudster says and gives their full cooperation.
Armed with the confidential information obtained from the customer, the fraudster now has full access of the account. With this information, customers will also unwittingly be registered for other digital services such as banking apps and electronic money services such as EasyWallet, making it easy to withdraw money immediately at any Automatic Teller Machine (ATM).
In such instances, it is rare that funds are recovered because the customer willingly shared the information with the fraudsters, and banks will not be held liable for losses incurred in this manner.
How to protect yourself
Never reveal or share personal information or information relating to your accounts with anyone over the phone, through an email, or via the internet unless the party is known to you and is reputable. Below are a few tips to protect yourself:
• Know that banks, such as Bank Windhoek, will never ask you to confirm your personal information over the phone.
• If you receive a transaction notification that was not done by you, call your bank and stop all transactions. If you act swiftly, your money may be recovered.
• As a general rule, do not have high transaction limits.