Fraud awareness & online security

​Anyone can fall victim to a scam. As our lives increasingly move online, falling prey to scams is easier and happens more often than you may think.

At Bank ABC, we are committed to protect you against fraud and scams and have stringent cybersecurity systems and operational checks in place. However, you are the first line of defence against any fraud and therefore the strongest link in the chain.

Spotting a scam

It’s important to always keep an eye out for scams. Here are some of the warning signs to look out for:

  • If it seems too good to be true - this could be an email or text message about a raffle draw, or a competition that you don’t remember entering.
  • If you’re being encouraged to respond quickly, not giving you time to think or consult with friends and family
  • If you’re being asked to urgently pay for something, like making a bank transfer or purchasing a gift voucher.
  • If you are being asked to give away personal information

Here are some common methods that are used to conduct fraud:

PHISHING

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organizational ready has. The Website however, is bogus and setup only to steal the users information.

How to identify Phishing Emails?

  1. Phishing emails will appear to come from a friend, your boss, family member, bank, or government organization.
  2. Phishing emails might include text like "Verify your account ",”You have won the lottery”, or "If you don't respond within 48 hours, your account will be closed", “urgent response”.
  3. Phishing emails might ask you to click on a link or open a file.
  4. Phishing emails might include official-looking logos, wordings, and other identifying information taken directly from legitimate websites.
  5. Phishing emails might include links to spoofed websites where you are asked to enter personal information.

What is Spear Phishing?

Spear phishing is highly targeted phishing attack. Spear phishers send email that appears genuine and come from a trusted source like a work colleague, boss, friend, family, your bank, or government organization. The aim of the spear phishing is to trick the victim in to performing actions he/she will not usually do.

​How Spear Phishing Works?

First, Criminals gather information about the target victim / and or organization. They often obtain it through websites, blogs, and social networking sites.

Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need the information.

Finally, the victims are asked to either reply to the message, click on a link inside the e-mail, or open a file.

If you receive any suspicious email:

  • don’t click on any links
  • don’t open any attachments
  • don’t reply
  • contact the organisation using a phone number you know is genuine, or visit their website
  • delete the suspicious email and empty the recycle bin on your device

VISHING

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information. The fraudsters would attempt to obtain your data and use it for their own benefit—typically, to a financial gain.

The caller may try to persuade you to make a bank transfer to a ‘safe’ account or press a number on your phone or divulge personal information.​

SMISHING

Fraud carried out via SMS is called Smishing; when you may receive fake text messages that look like they’ve come from your bank, or another trusted organisation. The goal here is to get you to reply with your personal or financial information.

Typically, the text message may include an urgent call-to-action by either clicking on a certain link or dialling a number. If you receive any suspicious message, do not click on any link or number.​

IDENTITY THEFT

Identity theft happens when someone uses information such as your Name, Address, Credit Card and Bank Account Numbers, Social Security Number, etc.) without your permission. Such theft can be used to buy things with your credit cards, get new credit cards, open a phone, electricity, account, steal your tax refund and basically pretending to be you.

  • Keep your financial records, Social Security and Medicare cards in a safe place.
  • Shred papers that have your personal or medical information.
  • Take mail out of your mailbox as soon as you can.
  • Do not give your personal information to someone who calls you or emails you.
  • Use passwords that are not easy to guess. Use numbers and symbols when you can.
  • Do not respond to emails or other messages that ask for personal information.
  • Do not put personal information on a computer in a public place, like the library.​

SOCIAL ENGINEERING

A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's bidding. An example would be responding to a phishing email, following the link and entering your banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An adage comes to mind here, "it pays to be suspicious". With socially engineered attacks, the opposite is also true - if you aren't suspicious, you will likely end up paying

NEVER give or share personal information with anyone or perform actions you would not usually do because someone asked you to. Always challenge them.

  • Beware of emails that make an urgent request for information seem threatening or too exciting. Remember, if it is too good to be true, then it probably is!
  • Do not share any banking-related credentials, card security codes, One-Time Passwords (OTP), or PINs with anyone - this is the same as signing a blank cheque. Bank ABC will never ask for these.
  • Never give in to pressure or be rushed into making a payment or giving your personal information away.
  • Sign up to security notifications and transaction alert services offered by the Bank and ensure you read them carefully.
  • Use mobile banking apps that provide secure communication through push notifications and soft-token authentication.
  • Keep your contact information with the Bank up to date, including address, mobile number, and email.
  • Ensure that your firewall, spam filter, anti-virus, and anti-spyware protection are active on your device and up to date.

ONLINE BANKING SECURITY

Bank ABC, or any other legitimate institution will never ask you to provide passwords, credit card details, bank account details, personal information, or ask you to transfer cash through the email or SMS, therefore always remember to:

  • Use a strong, unique password and change it every 3 months.
  • Check your online bank account every day.
  • Sign up for email or text message alerts.
  • Type your internet banking URL.
  • Do not trust sites with certificate warnings or errors.
  • Ensure you log off properly.
  • Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting sensitive information.
  • Only do online banking on a secure, private computer.

COMPUTER SECURITY

  • Don’t download files from unknown sources
  • Lock your computer when you aren’t using it.
  • Use anti-virus software.
  • Patch and update on a regular basis.
  • Backup important files on a regular basis.

EMAIL SECURITY

  • Don’t open unknown or unexpected email attachments.
  • Don’t send confidential information via email
  • Don’t reply to unsolicited email messages (SPAM).
  • Turn off the message preview pane in Outlook or Outlook Express
  • Don’t be an unintentional Spammer
  • Don't follow links in spam messages
  • Remember that the internet is a public resource
  • Keep software, particularly your web browser, up to date
  • Use and maintain anti-virus software
  • Use strong passwords

PASSWORD SECURITY

DONTs

  • Don't use only letters or only numbers.
  • Don't use names of spouses, children, girlfriends/boyfriends or pets.
  • Don't use phone numbers, Social Security numbers or birthdates.
  • Don't use the same word as your log-in, or any variation of it.
  • Don't use any word that can be found in the dictionary —even foreign words.
  • Don't use passwords with double letters or numbers.

DOs

  • Passwords must be at least 10 character long.
  • Include one capital letter -A to Z.
  • Include one small letter –a to z.
  • Include one digit –0 to 9.

How to report a scam or fraudulent activity?

In case you suspect you’ve been a victim of fraud, contact our call center immediately or reach out to your RM or report it to your local law enforcement agencies.
Ask Fatema