What is an Internet café?
A simple cafe in which customers pay to use computer terminals to access the Internet as well as telephone, photocopying and fax facilities.
Safe banking at Internet cafés
Internet cafés can often be a convenient place to do your Internet banking, but beware, these computers are used anonymously and are often targeted by criminals who load spyware onto them.
What does the spyware do?
Spyware (key logger) records keystrokes typed on a keyboard and takes screenshots at regular intervals. It can record private login details for Internet banking profiles, email account profiles, Facebook profiles etc.
It then forwards the recorded details to the attacker(s), enabling them to log in to your profiles. They could use this information to steal your identity or for other criminal intent such as accessing your bank account online.
Where should I do my banking?
If you cannot reach your own trusted computer to make that urgent payment or check your balances, rather use a mobile banking app (Android, Blackberry, iOS or Windows Phone), telephone banking, an ATM or your closest branch.
Obtaining your information with a stroke of luck
There are software and hardware key loggers. They log all the keystrokes entered on a particular computer. The keystrokes are then retrieved by criminals and used for their own purposes.
Software key loggers
A software key logger, once installed on your computer, makes a copy of all your keystrokes. Details of the keystrokes are saved to a file on your computer's hard drive where they can be retrieved by the criminal. In some cases, the key logger will send the file to the criminal’s anonymous email address.
In some cases the key logger will automatically send your credentials to the criminal, over connected networks.
How are they installed?
The key logger could be hidden in an email attachment sent to you, or the criminal can install it when working on your computer via a memory stick. Key loggers can also be installed via rogue apps and via links to malicious websites.
Hardware key loggers
Hardware key loggers are units that are usually installed between your keyboard and the computer. There are certain hardware key loggers that fit within your keyboard and are difficult to detect. They also log your keystrokes and store them within the hardware key logger device. The criminal will retrieve the key logger device to access the stored keystrokes.
Tips to assist you in preventing keylogging
Do not do your banking on a public or unfamiliar computer.
Ensure effective access controls on your computer.
Be alert to computer hardware changes.
Ensure that the computer has the latest version of antivirus and antispy software installed.
Do not open emails from unknown sources.
Criminals need physical access to your computer so they can plug the keylogger in or replace your keyboard or cable with a keylogger enabled one.
Criminals are phishing for your information
We're all used to getting some pretty strange emails asking us to ‘click here’, send information about ourselves or claim a great prize we’ve won. Unfortunately, the Internet holds many risks to the security of your personal information and money. One of these is called phishing.
What is phishing?
Phishing happens when a criminal sends you an email claiming to be from a recognised organisation, for example, a bank, to mislead you into disclosing sensitive information for identity theft. This may be in the form of visiting a fake website or clicking on an email attachment.
Some fake websites will also request you to disclose your One Time Password. Once you have supplied this information the fraudsters are able to access and transact on your accounts.
What are we doing to protect you?
We are committed to protecting your banking details and are always on the lookout for sites that pretend to represent Olympus Mobile or any of our
subsidiaries. We take immediate measures to close down fake websites and create awareness about the latest criminal activities.
Olympus Mobile ensures that your one-time password is a unique, compulsory and time-sensitive one-time password as added security on selected Internet banking transactions. The one-time password will be sent to you by email or SMS depending on your preferred choice of delivery and is required for every sensitive transaction, The one-time one-time password message will contain information about the transaction you are processing. This service is free.
Clients will receive notification messages when the following transactions are performed on Internet Banking: Profile amendments; new beneficiary additions; amendments to existing beneficiaries; and once-off payments.
How you can protect yourself
Never give your personal details to anyone without verifying their identity. You should view emails and pop-up windows asking for your personal information with the same amount of suspicion you would the person behind you in an ATM queue.
Treat emails that appear to be from us asking for personal details with suspicion.Never provide your personal details, for example, your PIN or account details
Do not follow any links or open attachments in emails that directs you to our Internet Banking website. Always enter our website address (www.olympusmobile.co.za) in the address bar to connect to our Internet banking site.
Do not create shortcuts on your desktop to Internet Banking. Malicious software could redirect the shortcut to a fake site.
Always read the content of the One Time Password message sent to you
Ensure that all your contact details are correct
Please forward any suspect phishing emails to email@example.com and we'll investigate. Do not respond to the email.
If you've given out your details
If you have compromised your details, call us immediately on 086 044 4149.
Smishing is a close cousin of phishing that uses text messages on cellphones and smartphones instead of e-mails. The name comes from SMS (Short Message Service), which is text-messaging technology.
There are two main types of Smishing scams:
- You receive a text that seems to come from a trusted source, like your bank or credit card company. The message is usually about something urgent -- your credit card has been stolen, for example, and instructs you to go to a certain Web site or call a phone number to verify your account information. The thieves on the receiving end then use your information to steal money from your account or open new credit cards in your name.
- You receive a text; again from a seemingly legitimate contact with another urgent request, that contains an attachment. The attachment downloads a virus or malware that allows the scammers to access everything on your phone -- and possibly even control it
Now that you know what Smishing is, tips on protecting yourself against it.
A text message looks even remotely suspicious; delete it right away without reading it.
Never reply to or follow the instructions of a text that asks you for personal information. A legitimate business will never ask you to reveal your account number, user name, password over the phone or online.
If you're not sure the message really is from your phone's service provider, for instance, type the company's URL in your browser instead of clicking on the link or attachment. Call the customer service number listed on its Web site instead of using the number provided in the text.
Bottom line, use common sense: If something seems shady, it probably is.
Smishing is getting more and more dangerous with the increased popularity of mobile banking. People use their phones for everything these days, and if you bank or conduct financial transactions on your cellphone or smartphone, you've got a lot of sensitive information at risk if it's exposed to malware or spyware.
SIM Swap Scam
A SIM Swap scam allows criminals to intercept the SMS One Time Password facility.
How does it work?
The SIM Swap takes place after the fraudsters have received a client’s logon details as a result of the client responding to for example a phishing email.
Once the fraudster have the clients cellphone number and other personal information, the fraudster can pose as the client and requests a new SIM card from the cellular service provider.
The cellular service provider transfers the clients SIM card identity to the new SIM Card cancelling the clients SIM card in the process.
The result is that there is no signal on the old SIM card , which means that the client cannot receive /,make phone calls or send SMS messages.
The One Time Password which is normally sent to the customer reaches the fraudster and the fraudster is then able to make once off payments, issue instant money vouchers ,add beneficiaries or amend beneficiary information fraudulently.
What should you do if you suspect unlawful SIM Swap?
Contact your mobile network service provider. Contact our call centre to request that your mobile banking profile be suspended with immediate effect . This will prevent fraudsters from gaining access and transacting on your accounts
Don’t be fooled. Access the real thing, not the fake
A spoof website claims to be the legitimate site of a particular organisation and is set up to look like the original.
Spoof websites usually have similar logos to ours, and in some cases, they may even be identical. The domain name or web address is also similar to ours and will often use words related to our name or products.
How it works
The intention of a spoof website is usually to associate a scam with a reputable institution. Spoof websites are set up to ‘validate’ 419 scams. By creating a website that appears to be Standard Bank, criminals provide login passwords to their victim. The login details are to a false website's Internet banking page which shows inflated balances. The hope is that if the target sees a bigger balance in the account, he or she will be more likely to fall victim to the 419 scam.
Phishers are also able to reprogram a browser's bookmarks or favourites to redirect them to a spoof website. The safest method of accessing an authentic site remains checking the URL or typing it in every time you visit it.
Deposit Refund Scam
Getting to know the deposit refund scam
The deposit refund scam is one where criminals contact you to tell you that an amount of money was ‘mistakenly’ deposited into your account.
How it works
The perpetrator deposits a fraudulent/stolen cheque and or does an electronic payment into your account and then calls you and claims that funds were mistakenly deposited into your account or the incorrect amount was paid into your account and you have been overpaid in respect of an order which you had in fact received.
The caller will ask you to refund the amount and will fax a proof of payment to you. The ‘proof’ is either a copy of a deposit slip or an altered Internet banking payment confirmation.
Your bank statement will show the transaction as a ‘Cheque Deposit’ and not an ‘Internet Banking Payment’. So after you have refunded the money electronically, you will never see it again following the reversal of the fraudulent deposit by the bank.
- Always make sure that deposited cheques are legitimate.
- Request a special clearance on cheque deposits.
- Verify with your bank whether the transaction is valid.
- Delay the refund until such time you can obtain confirmation as to its legitimacy.
- Do not refund any monies until the cheque is cleared.
- Check that the proof of payment and your statement details add up and reflect the same reference details.
‘Nigerian 419’ Scams
What are ‘Nigerian 419’ scams?
A ‘Nigerian’ scam is a form of upfront payment or money transfer scam. They are called 419 Nigerian scams because the first wave of them came from Nigeria, but they can come from anywhere in the world. The ‘4-1-9’ part of the name comes from the section of Nigeria’s Criminal Code which outlaws the practice.
These scams are also known as the Advance Fee Scam. The reason being invariably, the victim is requested to make a payment in advance in order to process the release of the funds from the foreign country/bank.
The scammers usually contact you by email or letter and offer you a share in a large sum of money that they want to transfer out of their country. They may tell you about money trapped in central banks during civil wars or coups, often in countries currently in the news. Or they may tell you about massive inheritances that are difficult to access because of government restrictions or taxes in the scammer’s country.
Scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges or taxes to help release or transfer the money out of the country through your bank. These ‘fees’ may even start out as quite small amounts. If paid, the scammer will make up new fees that require payment before you can receive your supposed ‘reward’. They will keep making up these excuses until they think they have got all the money they can get out of you. You will never receive the money that was promised.
Banks all over the world are targeted not only by phishers, but 419 scammers have also spotted the potential for drawing in victims using the name and details of well-known banks. The scam usually involves an account that has become dormant, due to its (non-existent) owner having died. The “scammers “ mission, should they accept it, is to pretend to be a relative of the account holder and claim the money.
You receive an offer out of the blue to ‘help’ someone from a foreign country to transfer money out of their country.
The offer sets out a long and often sad story about why the money cannot be transferred by the scammer. This usually involves an inheritance or profits from natural resources that the scammer might say they are trying to protect from taxes or a corrupt government.
You are offered a percentage of the total amount transferred in return for your assistance. The amount of money to be transferred, and the payment that the scammer promises to you if you help, is usually very large.
The email or letter is in a very polite tone, but often in broken English.
How to protect yourself from Nigerian 419 scams
If it looks too good to be true, it probably is. Remember there are no get-rich-quick schemes, the only people who make money are the scammers. Do not let anyone pressurise you into making decisions about money or investments. always get independent financial and/or legal advice.
Do not open suspicious or unsolicited email (spam): delete them.
Never reply to a spam email (even to unsubscribe).
Never send your personal, credit card or online account details through an email.
Money laundering is a criminal offence: do not agree to transfer money for someone else. Don’t let the fact that a letter sounds enticing or genuine trick you.
If you still think the letter may be genuine, make sure you seek the advice of an independent Professional (lawyer, accountant or financial planner) before committing any money.
Should you wish to read up more on these scams and have access to the internet, you can search the websites of “Advance Fee” or “419 scams”.