Johannesburg - First it was phishing. Now it's smishing - phishing by SMS.
Just when banks thought their account holders were sufficiently well-informed to protect their personal information against email phishing, a new SMS scam is rearing its head.
The South African Bank Risk Information Centre (Sabric) has issued a circular warning clients to guard against smishing scams. This entails sending personal information to criminals by cellphone, allowing them to withdraw funds illegally from an account. There has been a serious increase in the number of these cases recently.
Sabric CEO Kalyani Pillay said it's not unusual for criminals to change their methods as soon as they realise consumers have become aware of their activities, such as phishing. "That's why the focus has changed to smishing."
In this new scam, SMS messages are used to trick bank customers into divulging information. The original messages are sent at random to clients to see how many respond. Clients are often unaware that this information is for fraudulent purposes.
For normal transactions by cellphone, banks usually use one-off passwords that are constantly changed and which only the client knows.
What to watch out for
Pillay said the SMSs she has seen always put pressure on the client to provide certain information quickly. This would be in response to some apparently serious situation which has arisen in connection with the client's bank account.
Pillay said it was only natural for a concerned bank client to be "ready to provide the requested information".
What you don't realise is that the person at the other end is not a bank official, but a criminal who is planning to use the information to withdraw your money for his own use.
"If such a message is received, the client must not respond to it, but must immediately contact the bank [not the number provided in the SMS]."
Under no circumstances must personal details be divulged. Only the contact numbers that were provided with the original transaction should be used.
This latest warning by Sabric follows a similar warning earlier this month against a renewed wave of phishing attacks. That followed a sharp increase in email messages to clients requesting confidential information.
Even the South African Revenue Service (Sars) has been drawn into phishing scams, so much so that a warning has also been issued that any requests for information, especially in regard to tax refunds, must first be verified by Sars itself.
Taxpayers must be on their guard against false Sars websites that have been created. They sometimes look perfectly genuine, but there are small differences.
Sabric said the latest attacks are cause for concern, and is especially worried about the possibility of a sharp increase in criminal activity coinciding with the Christmas period.
- Sake24.com
For more business news in Afrikaans, visit Sake24.com