There are many benefits to operating in a digital world. It is fast, convenient and saves a lot of time. However, with every positive there is always an accompanying negative. Unfortunately, the digital landscape is filled with criminals who are looking to make a fast buck by finding weaknesses in the system. As technology become more advanced, so do scammers.
Here are some important cyber security insights:
Vishing for a bigger phish
Phishing has been around for many years, but scammers are getting more innovative and vicious by the day. Phishing scams involve the use of emails to defraud people. These days criminals use the names and logos of reputable financial services organisations to lure people to click on links which either ask for personal details, such as passwords and pin numbers, or contain malware.
As an add-on to phishing, scammers have taken to calling individuals (voice phishing). They pretend to be representatives of a bank or financial services company and offer to enhance your investment experience through consolidated accounts, better interest rates or lower fees, to list a few examples. The call is used to build trust with the mark. Once they feel they have your trust, they will then either ask for your information directly or send through the phishing email.
These are incredibly professional scams. The callers often have a lot of your personal and account information. They are looking for details like pins and passwords so that they can access your accounts.
Don’t get caught
When you get a call from a financial institution, please do not take the person at face-value and believe they are a representative of your bank or financial services provider.
Here are tips on how to deal with a potential vishing call:
- Ask from which institution they are calling.
- Get their name and the department for which they work.Tell them you will call them back via the main switchboard of their represented organisation.
- Log onto your institution’s secure platform, like Citadel’s My Secure Zone or your banking app, to check for legitimate notifications.
- If you are not comfortable with the technology, call the organisation’s main switchboard and either speak to your advisor or ask the switchboard for the person who called you by name and department.
- Inform your financial services organisation or bank immediately if you get a call from a representative of their company asking for personal information over the phone.
Multifactor Authentication (MFA)
My Secure Zone is encrypted, which enhances its security features. The platform also uses Multifactor Authentication (MFA). This requires users to enter a pin number, which has been SMSed to them, to complete their log in. The pin number prevents third-party users from accessing your account as the pin number is sent directly to your phone. Ideally MFA should be implemented for all your personal profiles.
- Keep your software up to date, using the latest security patches available.
- Ensure that you have the latest anti-virus software applications installed on your computer.
- Do not give control of your computer to a third party who calls you unexpectedly.
- Do not rely on call line identification (CID) alone to authenticate a caller. Criminals spoof CID numbers. They may appear to be calling from a legitimate company or a local number, even when they’re not in the same country as you.
- Never provide your password, credit card or other financial information to someone who calls and claims to be from tech support.
- If you’re concerned about your computer, call a reputed security software company directly and ask for help.
- Never respond to emails appearing to be from your bank that request your personal details. No bank will ever ask you to confirm or update your account details via email.
- Do not click on links or icons on unsolicited email.
- Never provide your online ID, password or PIN to anyone.
- Change your PIN and passwords frequently.
- Place sensible transaction limits on your accounts.
Written by: Citadel Information Security Manager, Marlany Naidoo