The Sunday Independent recently reported on a scam which allows fraudsters to clean out your bank account in seconds – dubbed the “cold calling technical support scam”.
Fraudsters call an unsuspecting victim and tell them they are from a reputable computer or software company, and that they need the victim to “sort out a problem” with their PC.
The scammer guides the victim though a process to fix the “issue”, which results in the criminal gaining remote access to the target PC. The scammer then asks for payment for their services via EFT, and asks the victim to add them as a banking beneficiary.
The scammers then use the remote access to load malware and harvest the victim’s banking details. Once this is done, the victim’s bank account is cleaned out, said the SA Banking Risk Information Centre.
Besides the “tech support” call fraud, here are other scams South Africans need to watch out for.
“Broken credit card machine” scam
This scam involves a person with a company’s card machine – for example, a waiter – telling a customer the device is not working, and that they need to fetch another one.
The criminal then fetches their own device, which looks the same as the previous point-of-sale unit, but is programmed to steal bank card information.
Skimming software is installed in the device, which records the victim’s card information and PIN.
ATM – card skimming and thermal imaging
ATMs are a popular target for scammers and fraudsters, with multiple methods of attack used to steal banking information.
Advanced card skimming devices, which are thin enough to fit into any ATM slot, allow criminals to clone bank cards when a customer draws money from the machine.
These devices are usually used in conjunction with a small camera, which records a user’s PIN entry.
Thermal imaging technology can also be used to discover a user’s PIN – and all the criminal needs is a smartphone with a thermal imaging attachment.
Users leave behind a thermal signature when pressing ATM buttons, and criminals can use a smartphone with a FLIR ONE thermal imaging attachment to figure out a user’s PIN.
Handheld card skimming devices
Handheld card skimming devices are widely used by criminals to steal bank card information from victims.
The criminals use social engineering tactics – such as telling a person waiting in an ATM queue that they work for the bank – to obtain a victim’s bank card.
The card is then swiped through a skimming device and its details captured. It is then up to the criminals to discover the victim’s PIN to use in conjunction with the stolen card.
Microsoft phone scam
The Microsoft phone scam is similar to the “technical support call” scam, where a fraudster phones a victim and pretends to work for Microsoft.
The criminal states that there is a problem with the victim’s PC, and that they need to follow a set of instructions to rectify the issue.
If a victim follows the instructions, they end up giving the fraudster remote access to their PC – which allows the perpetrator to monitor what the person does online.
This includes the accessing of banking and email accounts.
Microsoft has stated it will not cold call a customer, nor will it sell software or services over the phone.
Bank phishing emails
Bank phishing emails are widespread in South Africa, with criminals posing as bank employees in an attempt to gain access to a victim’s account.
The phishing emails typically contain a threat or a promise – such as: “Click here to reactivate your online banking”, or “You have a pending payment waiting, click here to access it”.
The emails may also come from an ostensibly-legitimate email address – “email@example.com” – and look like an official communication from the bank the victim is a customer of.
Clicking on a link in these emails may install malware on a victim’s PC, or take them to a fake banking website – which will capture their bank account details when entered.
Once a victim’s bank account has been accessed, money is paid out to an account set up by the perpetrator.