As the South African crime rate increases over the December period so to should you be extra vigilant in everything you do – at home, in your car or at the mall. Just as you protect yourself and your possessions, you also need to secure your money. Here are some pointers to help you keep your hard-earned cash safe over the December holidays – both virtually and in the real world.
One of the first steps to take when protecting your money is to understand the risks you face in the online space. Your bank may warn you that there is a new type of phishing scam, but if you don’t know your ‘skimming’ from your ‘spoofing’ then you don’t really know what to look out for. Pay U, South Africa’s leading e-commerce payment gateway, provides the following definitions:
Phishing: this is when a fraudster contacts you by email or SMS pretending to be from a financial institution and attempts to get you to divulge your personal details, which they then use to access your account.
Spoofing: this often goes hand in hand with phishing. The electronic communication you receive from the fraudster will have a link to a fake site where you are encouraged to enter your details. Fraudsters also create fake online stores to get you to enter your credit card details.
Identity theft: the use of ID numbers, passport details, addresses and dates of birth to open fake bank accounts or shop online, placing the user in debt.
Social engineering: this is when a fraudster tricks you into handing over personal details that can be used to hack your accounts. This can be done in person or telephonically.
Spyware or malware: users can download spyware by clicking on an attachment in an official-looking email or by downloading files and apps without being sure of their source. The spyware then allows a hacker to observe or record your keystrokes as you enter PINs or passwords.
Skimming: making a copy of your credit card electronically so that it can be used later to make payments.
Scams: malware-filled apps, fake eCard sites, fake travel agencies, fake online adverts and even fake charities abound over December, all with the purpose of parting you from your money.
Only use an ATM in a well-lit, populated area. Never accept help or allow yourself to be distracted and make sure that you enter your PIN in a way that makes it difficult for anyone to see what you are doing. More advanced criminals use skimming devices which makes a copy of your card’s magnetic strip that when used in conjunction with your PIN, allows them to access your funds. These skimming devices are either handheld or inserted into the ATM so that it skims while you transact. Never use and always report any damaged ATMs.
Criminals also sometimes contract workers in retail stores to skim cards for them, so it’s important to be very aware of what a cashier is doing with your credit or debit card. Again, ensure that you cover the keypad when you enter your PIN. Crooked cashiers will also sometimes attempt to distract you (easy in the December chaos) and not return your credit card after you’ve paid. They are then able to make payments using the old swipe functionality of their point-of-sale units, so always make sure that you get your credit card back and if you do realise it’s missing, cancel it as quickly as possible.
December is the season for online shopping and unfortunately it’s also the season for scamming. Always check the URL or web address of the site you are shopping at. If you are logging in to a bank or retailer from another site or an email, make sure that the address is the same as the company’s original website. Research any sites before making a purchase. If nobody has heard of the organisation, then it is possible that the site is a front for criminal activity.
When making a payment, check that the payment section of the website is secure, by checking if the first part of the payment page’s URL says “https” instead of “http”. Don’t enter your credit card details unless the page says “https” or there is a Thawte, Verisign, 3D Secure or PCI DSS logo. And remember to check your bank statements regularly to make sure there are no suspicious transactions – and if there are, you can report them and get them reversed.
Most South African banks and payment organisations have lists of the latest phishing and spoofing scams, so visit their sites and stay informed. Be very suspicious of any emails saying that your account is about to be terminated or threatening legal action. In all likelihood, these are phishing scams designed to make you panic and reveal information. Rather call the business or bank directly on a listed telephone number to query any issues.
Also, never provide account login or other personal details over the phone. If the bank calls, get their number and call them back to check whether you are getting through to an official call centre.
Make sure that you have up-to-date internet security software (not just an antivirus) installed on all your devices to block suspicious websites, emails and downloads and prevent any hacking attempts. Norton, Kaspersky and McAfee are leaders in this field.
Use complex passwords on all devices and for online accounts, as outlined here. Download a service like LastPass to keep track of all these complex passwords.
While all of these steps may seem to take up a lot of time and concentration, most of them will easily become second nature if you understand the potential threats and remain aware and vigilant. Protect your PINs, bank cards and personal information as if they were the key to your cash – because that’s exactly what they are!