By BUKOLA IDOWU |
In 2020, social engineering was a major tool used by fraudsters to steal funds of bank customers and 68 per cent of the banking industry fraud recorded last year was traced to social engineering, according to data by the Nigeria Inter Bank Settlement System (NIBSS).
Social engineering is when fraudsters trick individuals to reveal personal data that could be used to access their bank accounts. These criminals manipulate individuals into giving them passwords or bank information, or access computer to secretly install malicious software that will give them access to passwords and bank information, as well as the individual’s computer.
The fraudsters use methods such as phishing (pronounced fishing) and pharming (pronounced farming).
Also known as “spoofing,” fraudsters impersonate banks contacting the customers by text message, email or phone. These scams are incredibly effective because fraudsters often use legitimate bank logos to add authenticity to their attack, and create links and email addresses that look genuine.
Criminals may call the customer pretending to be from the bank, asking for details such as the numbers on the debit or credit card. They may also ask that the customer give them a code that was sent to the phone of the customer. In most cases, they start off by making the customer panic, saying there had been a suspicious debit request on the account before proceeding to ask for sensitive information such as passwords, date of birth among others.
Oftentimes, phishing comes in the form of an email alerting the customer of an impending debit, subscription for an obscure publication, updating account details, blocking of account or deactivation of token. It is always accompanied with a link that takes the unsuspecting customer to a website used in harvesting sensitive information.
Although similar to phishing, pharming is more covert in that it clones the IP address of a legitimate website to trick individuals into divulging sensitive information that can be used to clean up their bank accounts. An example is when fraudsters cloned the N-Power website last year to defraud people.
Your bank or card provider such as Mastercard, Verve or Visa will not call, text or email you to ask for sensitive information such as your card details, passwords or internet login details. Your bank will not send you an email with a link. Never open any email unless you know who the sender is. The very act of opening an email can infect your computer with malware. Be skeptical of every email you get, and never click on suspicious links, or download suspicious attahments.
When online, always watch out for the browser URL to ensure that you are on an authentic website and not a fraudulent one especially when you are redirected to a payment gateway. Do not divulge bank details and sensitive information to websites you do not trust.