#CrimeTips: Don’t let the fraudsters steal Christmas

The festive season has officially begun and for many people, this is the time of the year where we become more relaxed and less vigilant as we wind down to enjoy time off with family and friends.

However, this is the time of the year where we should be more vigilant than ever. According to Kalyani Pillay, CEO of the SA Banking and Risk Information Centre, “Criminals are masters of social engineering and know just how to exploit human vulnerabilities to perpetuate crimes, particularly over the festive season when victims let their guard down.”

Fraudulent activities may include:

• Being told that you’ve won a Christmas lottery because you bought something from a retailer or online shop.
• Being entitled to a year-end lump sum payment from a financial service provider. All you need to do to receive the money is pay a deposit to cover the administration or other costs. There;’s often a deadline to pressure you to respond quickly.
• Being asked to donate to charity or provide a loan to a friend/distant relative.

Most scams fall into two categories, according to Alet Griesel who is the chief risk officer at DirectAxis. There are those that try to get your money directly such as the lucky windfall or appeal to help and those that try to get your personal banking details so that they can impersonate you or access your bank account at their leisure.

“Technology such as the Internet and cell phones have made banking, making payments, shopping and other financial transactions much easier, but have also provided more opportunities for criminals, both in terms of the scams they devise and the number of people they can reach,” she said.

Types of fraud

1. Phishing

Phishing refers to any attack by which fraudsters impersonate a legitimate company or e-commerce site and attempt to steal people’s personal information or login credentials. Once on the website, which generally looks and feels much like the valid eCommerce/banking site, you are instructed to log in to your account and enter sensitive financial information such as the bank PIN. This information is then used to engage in credit card and bank fraud – or outright identity theft. Depending on the information they’re able to obtain, criminals then either clean out your account or pretend to be you and apply for loans or open retail accounts.

2. Greeting card scams

Greeting card scams are designed to look like it’s from a  friend or family member in an email format. Once the unsuspecting receiver clicks the link to view the card, it usually leads to a booby-trapped web page that downloads Trojans and other malicious software onto the systems of the targeted victim.

3. Cold calling technical support scam

With this scam, fraudsters call an unsuspecting victim, claiming they are from a reputable computer or software company and that they need the victim to ‘sort out a problem’ with their PC. The scammer then guides the victim through a process to fix the so-called ‘issue’ and as a result, allows him remote access to the targeted PC. With the remote access, the scammer loads malware and harvests the victim’s banking and financial details.

4. Typosquatting

Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., ‘Gooogle.com’ instead of’ ‘Google.com’). When users make such a typographical error, they may be led to an alternative website owned by a hacker that is usually designed for malicious purposes. In order to protect yourself, you must pay close attention to the spelling of web addresses or websites that look trustworthy but may actually be close imitations of the online retailer you are looking for.

5. Fake software updates

Fake software updates quite often masquerade as Adobe Flash Player installers but there are others including Microsoft Office updates. It’s important to know how to tell what’s legit and what’s not. As with fake antiviruses, these software updates can compromise your computer, allowing cybercriminals to access all your data. The threats listed above are worth understanding and looking out for in order to avoid being a victim.

Griesel warned that if you are lax about being scammed or believe that you’re too clever to fall for a scam, you’re most likely a good target for online criminals. All it takes is one error in judgment.

“Everyone is at risk, from financially savvy company directors to tech-phobic pensioners,” Griesel said.

“The fraudsters identify and exploit vulnerabilities. They may pretend to be a big, new client that could ensure the company meets its budget targets for the year or a helpful bank employee trying to facilitate a pension payment.”

Some scams are so sophisticated and the fake emails or web pages so realistic that afterwards the victims are adamant that they never revealed any personal information.

“If you think criminals are hiding behind a well-known brand to try and defraud you, it’s important to report it, even if you have no intention of responding to the attempted fraud,” said Griesel.

“Most financial services companies have fraud departments and will act immediately to shut down websites, bank accounts and other mechanisms used as part of the fraud. Reporting scams is the best way to fight back. Even if you have spotted the scam, reporting it may prevent others falling victim.”

Tips for avoiding common scams include:

• Be suspicious of news that you’ve suddenly won or been left a large amount of money, especially if you haven’t entered a lottery or competition or don’t know the person who’s giving you the money. If it seems too good to be true, it is.
• Don’t provide your banking or card information to anyone. Your bank will never contact you requesting your pin number or a one-time password.
• Don’t give personal or financial information to anyone who contacts you and who you don’t know. Sometimes scammers pretend to be from government agencies asking you to update personal information.
• Don’t click on hyperlinks in an email, particularly one from an unknown sender. If you want to transact online type the bank or company name into your browser.
• Only shop online on reputable websites.
• Don’t download software from pop-up windows.
• Instal anti-virus software and update it regularly.