Online and mobile banking scammers’ tricks

Prabhu Ramalingam, an ICT expert at Securex Agencies shares ways cons use to dupe online and mobile banking customers.

1.  Unsecured websites

Do not access your online banking platform via a website that is not secured. Online scammers have been known to set up dummy sites that mimic legitimate platforms to dupe unsuspecting victims into keying in their log-in credentials, giving them unrestricted access to one’s account.

Tip: A secure site will have the https:// prefix to its URL as well as the symbol of a padlock and the word “Secure” next to it. This indicates that the communication between your device and the website is encrypted.

2.    Non private modes

By default, web browsers save one’s online history. Through your browser history and cache memory, it becomes easy for someone to track your online activity. To avoid this, you are encouraged to switch to incognito or private windows mode before accessing your money online. This will also prevent other websites from tracking your browsing history.

Tip: CTRL+SHIFT+N shortcut will do the trick on Google Chrome, while on Safari, all you need to do is Choose File > New Private Window.

3.    Secret cameras

It is good practise to ensure that there are no CCTV cameras overhead or behind you; as you never know who is monitoring.

The same practice should apply when making mobile money transactions. Avoid doing this in public areas like when on a matatu, where someone seated next to or behind you can see every key stroke.

4.  Laptop web camera

You might have heard that some people mask their laptop cameras particularly when they are online. This is certainly with good reason. Hackers can set up viruses which alert them when a user accesses a secure website through an infected computer. They then activate the Webcam on your laptop and simply watch as you key in your credentials.

Tip: In some models, an LED light next to the camera will begin to blink when it is enabled. Watch out for that.

5.    Remote desktop applications

A remote desktop application (eg Team Viewer) allows a user to either view or take control of a remote desktop over a network connection. Using a device with such applications installed means that someone else can watch your moves online, unbeknown to the user of course. Such devices are therefore to be avoided when transacting online.

6.    Open wiFi networks

It is now commonplace to instantly turn on your WiFi as soon as you walk into a restaurant or a hotel, or to ask your neighbour for their password to get on their WiFi network. More often than not, we view open networks (those not secured with a password) as a blessing from above.

However, criminals can just as easily set up open networks and then harvest one’s credentials after getting your MAC I.D (This is the Media Access Control address which is unique to your computer’s network adaptor). You should only access your bank via a secure network.

7.    OTP (one-time passwords)

Some platforms will send a user a one-time password which should be used to access your account. This typically happens on email. As a safety precaution, one should use a separate device to view the OTP on email. For instance, if you are attempting to access your account via your laptop, use your phone to check the OTP sent on email. This is to avoid having all your online history on a single device and to keep prying eyes out.

8.    Auto-saved log-in credentials

Once you have accessed your account, you should avoid saving your credentials on your devices. You also should not take a screenshot or print-screen the secret question you used to register your accounts.

This also applies with saving your bank account or mobile money PIN on your mobile phone. Such practices can potentially leave you exposed should you lose your phone.

9.  Text messages

Con artists have also been known to use familiar brands in the financial sector to give their scams a sense of credibility. Typically, cons use text messages to advertise sales promotions, banking services or loan application using assorted platforms. Such communications sent via a personal mobile number should be treated as suspicious and reported immediately to your mobile network provider.

10. PIN

Many forget to regularly change their PINs. You are encouraged to do this every three months as a safety precaution. Some firewalls and computer operating systems require users to change their passwords every few days; and this is a practice that we should certainly adopt on our phones.

We are undertaking a survey to help us improve our content for you. This will only take 1 minute of your time, please give us your feedback by clicking HERE. All responses will be confidential.

mobile bankingbank fraudcybercrime