A Fin24 user who was duped into clicking on a link for what she believed was First National Banks’s e-Wallet had her account cleaned out. She tells her story:
I have a cheque account that’s linked to a "savings pocket" account.
Every time I swipe my cheque card, the amount gets rounded off to the nearest rand and the difference goes into my savings pocket – an ingenious tool that allows you to save without having to feel it in your pocket.
The email I received alluded to loyal customers who have FNB rewards converting their rewards into cash; it spoke directly to the e-Wallet concept and everything sounded legit.
When I clicked on the link, it took me to the "FNB" website (screenshot attached). It really looked like the authentic FNB website. I entered my username and password as usual and the next moment the screen went over and asked for a one-time password (OTP) which I found very strange.
But since (I thought) the email was sent only to selected clients, the OTP is to make sure you want to participate in the rewards programme.
Just then I received another SMS saying I’m busy changing my password, and immediately after that another two SMSs showing that money had been transferred from my account to another account.
Only then did I realise that something was wrong and immediately contacted the fraud line. It must have taken between three and five minutes for them to empty my account and I was left with only R162.
The FNB fraud line couldn’t do anything on their side to stop money from going through, because in this short period the person(s) had already withdrawn the money.
The FNB fraud line was very helpful or rather polite: actually cold and clinical.
You could tell that they have to deal with similar cases on a regular basis. What upset me most is that the moment they heard I clicked on an email link, they immediately said “sorry, in that case the bank is not liable to pay the money back to you because we warn clients frequently not to click on any links”.
Admittedly, I was stupid to do so, but there are thousands of customers out there who are not internet savvy. The irony is that banks are trying to find increasingly more of their clients to do internet and cellphone banking, but it seems the security measures are (in my opinion) not so good, because then these things would not exist.
*Fin24 has asked a financial crimes and risk management expert to analyse two scam emails and the scam FNB website, and help consumers avoid the traps.
- Fin24
Have you ever been scammed? Share your experience and get published.
I have a cheque account that’s linked to a "savings pocket" account.
Every time I swipe my cheque card, the amount gets rounded off to the nearest rand and the difference goes into my savings pocket – an ingenious tool that allows you to save without having to feel it in your pocket.
The email I received alluded to loyal customers who have FNB rewards converting their rewards into cash; it spoke directly to the e-Wallet concept and everything sounded legit.
When I clicked on the link, it took me to the "FNB" website (screenshot attached). It really looked like the authentic FNB website. I entered my username and password as usual and the next moment the screen went over and asked for a one-time password (OTP) which I found very strange.
But since (I thought) the email was sent only to selected clients, the OTP is to make sure you want to participate in the rewards programme.
Click to see enlarged image
Just then I received an SMS with the OTP. As soon as I entered the OTP,
it kicked out as if I had typed in the wrong code. I read the text again
and again and twice retyped the OTP.
Just then I received another SMS saying I’m busy changing my password, and immediately after that another two SMSs showing that money had been transferred from my account to another account.
Only then did I realise that something was wrong and immediately contacted the fraud line. It must have taken between three and five minutes for them to empty my account and I was left with only R162.
The FNB fraud line couldn’t do anything on their side to stop money from going through, because in this short period the person(s) had already withdrawn the money.
The FNB fraud line was very helpful or rather polite: actually cold and clinical.
You could tell that they have to deal with similar cases on a regular basis. What upset me most is that the moment they heard I clicked on an email link, they immediately said “sorry, in that case the bank is not liable to pay the money back to you because we warn clients frequently not to click on any links”.
Admittedly, I was stupid to do so, but there are thousands of customers out there who are not internet savvy. The irony is that banks are trying to find increasingly more of their clients to do internet and cellphone banking, but it seems the security measures are (in my opinion) not so good, because then these things would not exist.
*Fin24 has asked a financial crimes and risk management expert to analyse two scam emails and the scam FNB website, and help consumers avoid the traps.
- Fin24
Have you ever been scammed? Share your experience and get published.