These two keywords ‘Fraud’ and ‘Phishing’ have become very common at this time due to the rise in fraudulent activities. Many organisations and businesses have been at the forefront of educating their customers and the general public about the tactics used by these criminals and how to safeguard themselves and their funds.
One of such organisations is Access Bank, a leading financial institution, who has demonstrated that the customers’ financial security is a top priority.
Attackers often turn to phishing tactics to get unsuspecting individuals to divulge sensitive information, pretending to be someone or something else to get them to take action. Phishing attacks can be difficult to stop as it relies on human curiosity and impulses, hence, individuals need to administer a good dose of self-restraint so as not to fall victim.
Here are some of the most common phishing attacks and how to avoid them:
An attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. In the email, there will be an attachment to open or a link to click which may send you to a legitimate-looking website that will require you to input sensitive information such as your password, to access an important file. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. In order to combat phishing attempts, understanding the importance of verifying email senders and attachments/links is essential.
Spear phishing emails are targeted towards a specific individual, government, or business with the intention to steal data for malicious purposes or install malware on a targeted user’s device. Before this can happen, the attacker will already have some of the victim’s information like their name, place of employment, BVN, POB, job title, Email address, and specific information about their job role.
There’s a popular misconception that banks are the only ones who have such personal information, however, individuals may have at some point filled various forms for other purposes such as loaning and saving platforms, etc. One of the ways attackers get ahold of victim’s private information is by data-mining them from databases from all kinds of sectors.
Attackers may camouflage as a senior player at an organization and directly target other important individuals of the organisation with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes. For organisations not to fall, victim, staff members should maintain a healthy level of suspicion when it comes to unsolicited contact, especially when it pertains to important information or financial transactions. They should always ask themselves if they were expecting the email, attachment, or link. Is the request unusual in any way?
More and more organisations now maintain social media presence to relate with their customers and this has triggered a new type of attack known as angler phishing. Criminals clone these corporate social media accounts to obtain sensitive information from unsuspecting customers. An example could be a customer who posts a complaint about account-related issues. Fraudsters, through the clone accounts, may reach out to the customer masquerading as a customer care representative. The customer may fall, victim, when he or she divulges any of such information. Before you respond to anyone on social media when you request help online, check the account that’s responding to ensure they are verified (blue tick). You can also always take your customer service issues directly to the Bank’s website or contact center for a resolution rather than risk falling into an angler phishing trap.
Unlike other phishing schemes which involve emails, smishing and vishing involve telephone communication. In smishing, the attacker sends a text message, and vishing involves a telephone conversation. An example is an attacker posing as a customer representative from a bank and telling the victim his or her account has been blocked and personal information such as the BVN is required in order for it to be rectified. It is never a wise choice to give out your private banking information to anyone, whether you know them or not.
You need to stay vigilant so as not to fall victim to any of these phishing tactics. Remember Access bank will NEVER ask for your complete ATM card details, PIN, and One Time Password (OTP). Ensure you follow only the bank’s verified social media accounts, Facebook, Twitter, and Instagram, to stay updated on more ways to protect yourself from fraud.
Your bank may not be the only one with your banking information
There’s a popular misconception that banks are the only ones with account holders’ banking information such as their Bank Verification Number and card details. No doubt, they become the first to be held accountable when a leak occurs, with customers blaming them for revealing their financial information to a third party. The truth, however, is that your bank isn’t the only one with your banking information as a lot of other platforms request for this too.
- Mobile apps: One of the ways your details can be obtained is through mobile apps. You may be wondering how this is possible, but, some apps are malicious in nature and after downloading such apps, and allowing them access to your contacts, camera, and so on, you’re no longer 100 percent secure. Most people are in the habit of saving their BVN on their phone contacts, making it easier for fraudsters to pick up and use it for a fraudulent act.
- Saving and investment platforms: In the past years, there’s been a surge in saving and investment platforms offering individuals eye-catchy interest rates and helping them balance their finances. Before one can begin saving or investing in these platforms, BVN and card details must be provided. Additionally, loaning platforms too require such information from individuals. It is very important to be extra vigilant when using these platforms. Always use reliable companies.
- Government organisations: Government organisations such as the National Identity Management Commission (NIMC), and a host of others require citizen’s Bank Verification Number (BVN) to get them registered.
Subsequently, let’s keep these in mind and not only blame the banks responsible when there is a data leak. In fact, one of the ways scammers get such information is by data-mining their victim’s data from databases from all kinds of sectors. When it comes to protecting customers’ financial information, Access Bank is one of the banks that hold this at top priority and will never disclose your information to anyone.
Read the original article on The Nation