How criminals can hack into your bank account

Internet-based fraud is constantly on the rise. 

According to Nischal Mewalall, CEO of the South African Bank Risk Information Centre (SABRIC), “Cybercrime is increasing worldwide, including in South Africa. SABRIC’s Annual Crime Stats for 2020 showed an increase of 33% in digital crime incidents compared with 2019.”

It’s often through SMS or email scams that fraudsters prey on the general public. You might get a message congratulating you on winning thousands of rands, or an email saying a tax refund has been issued to you.

These common scams are methods by which criminals attempt to obtain your details to steal your money:

We take an in-depth look at email and SMS scams, and SIM swaps.

READ MORE: Don’t fall for these credit repair scams

Email scams

Mewalall explains, “Email scams, also known as phishing scams, involve criminals sending bulk emails to people in the hope of tricking them into disclosing their personal information on spoof websites.

“Criminals use these bogus sites to harvest bank card details, in order to make online purchases,” he says.

Your bank will never send you an email asking for your banking details – a fact that is confirmed on most online banking portals.

Mewalall offers some tips on how to spot a phishing email:

• The email requests personal or confidential information such as login credentials, payment information, or sensitive data. These may even be from a different institution to the bank with whom the recipient has dealings.
• The email contains spelling mistakes or poor grammar. Even small typos should raise red flags.
• The email contains branding where the logo or creative elements appear blurry or slightly “off”.
• There are inconsistencies in terms of email addresses, links, and domain names.
• There are misspelt domain names. Even one incorrect letter is a warning sign.
• The email address is generic, as opposed to originating from a specific domain. No legitimate organisation will send emails from a Gmail or Hotmail address, for example.
• The email has a sense of urgency or contains information that seems too good to be true.
• There are unfamiliar salutations or greetings in the email.

READ MORE: Be careful of credit scams – protect yourself!

SMS scams

SMS scamming, also known as smishing, occurs when a criminal sends you an SMS ostensibly from a bank or another legitimate organization. This SMS will request personal or confidential data, such as your account number or PIN, Mewalall says.

“Criminals are aware that people are spending more and more time on their smartphones, and that they are using their smartphones on the go. They are thus less likely to scrutinise SMSs containing suspicious links,” he says.

When you click on these links, malware may be installed on your phone, or you could be taken to a bogus website where you will be asked to enter personal information.

SIM swaps

When conducting internet banking, you will either receive a one-time pin (OTP), or a notification via your banking app, to verify the transaction. This is where SIM swaps operate.

According to Mewalall, “In this instance, identity theft is used to convince a mobile service provider that they are dealing with the legitimate account holder. The criminal then facilitates a SIM swap so that OTPs go to them, allowing them to transact on the victim’s account without their authority.

“This enables the criminal to create beneficiaries on the compromised account, so that money can be transferred and withdrawn at an ATM,” he says.

Mewallal affirms that you should never provide an OTP to anyone telephonically, and that you should contact your bank immediately if you believe that your information might have been compromised.

“If you suddenly lose mobile connectivity under circumstances where you are usually connected, it is wise to check whether you may have been the victim of a SIM swap,” he says.

Mewallal takes note of the prevalence of SIM swaps, saying, “SABRIC saw a 91% increase in SIM swap incidents from 2019 to 2020 across all digital banking platforms.”

READ MORE: How to protect yourself from financial fraud

Social engineering

Social engineering tactics are means by which criminals manipulate you into giving them your personal information. Mewallal notes that these tactics have become prevalent in the current economic climate.

“Because our banks deploy robust risk mitigation strategies, it has become much more difficult for criminals to use technology to hack systems to get access to data,” he says. “For this reason, social engineering tactics are often used to bypass traditional defence perimeters, as criminals know that people provide an easier point of entry.

“The advent of COVID-19 has provided further opportunities for cybercriminals to use social engineering tactics,” Mewallal says. “Here, they exploit people’s concerns for their health and safety, and pressurise them into clicking links or downloading malicious email attachments. These attachments can install malware capable of destroying data and stealing information.”