Tuesday

Stay ahead of the financial scamsters

BANK robbery has come a long way from the brazen operations of the Stander gang in the '80s. Things are a lot more subtle these days and attacks are more personal - it's your money they're after.

Scams abound, and despite the banks' efforts to educate customers about how to avoid them, people are taken in regularly.

Here are some of the more common ones and what you can do to safeguard yourself.

ATM FRAUD:

How it happens:

THERE are a few ways people can rob you at an ATM. They can physically take the money you have drawn or they can copy your card and enter your pin to draw the cash themselves. The card needs to be taken from you for a mere moment to copy the salient details, which can then be cloned on to another card. Your pin, a vital detail, also needs to be discovered. Card-copying or skimming machines can be hidden in a person's palm and pins worked out through looking over your shoulder, or with a well-positioned camera. Also, your card can be stolen from an ATM that appears to have jammed or "swallowed" it.

How to prevent it:

Take the time to assess who is in the vicinity . Try to choose an ATM you are familiar with and that is well lit and make sure you are visible to people in the area. Have your card in your hand so you don't have to fiddle in a bag or wallet and possibly be distracted.

Don't let anyone stand too close to you while you are at the ATM. Also, don't ask strangers for help, not even a security guard.

Shield the keypad when entering your pin. Don't ever force your card into an ATM. If it's jammed for any reason it might have been tampered with. If you think the ATM is faulty, cancel your transaction immediately and contact the bank.

Don't ever write down your pin.

When you've finished transacting put the card and money away before you leave the ATM.

Check your balance regularly and report discrepancies immediately.

Don't let your children, even teenagers, use your card because they are often soft targets.

PHISHING

How it works:

THERE are hundreds of variations, but essentially you get an e-mail that appears to be from a familiar bank, using recognisable and apparently legitimate logos and payoff lines. You might be told a debit order has gone off - one you didn't authorise - and if you have any queries you should "click on the link"; you might also be told your account will be frozen in the next 12, 24 or 48 hours if you don't open an internet banking session and update your details. The e-mail might also tell you the bank has installed new security software and they need you to log on to the banking site to test the functionality. Once you click on the link you are taken to a dodgy website where your details are recorded.

How to prevent it:

Assume unsolicited e-mail correspondence from your bank is a scam and check with them before you reply or otherwise respond. Don't ever enter your personal banking details into an e-mail or website - no bank will ever ask you for these to be sent through an online platform or on a telephone.

Delete suspicious e-mails immediately. Just opening the site might expose your computer to a virus.

There are differing views about how to access your online banking site most safely. Some banks say you should type in the web address physically rather than saving it as a favourite or bookmark, as phishers are able to reprogramme aspects of your browser with the right virus. Similarly, don't go to internet banking via a saved page or a hyperlink - a URL that often appears underlined and in a different colour to the rest of the page and which you click on to go to a new site.

You can ensure a site is legitimate by checking for the padlock icon in the lower right-hand corner of the banking site. By clicking on it you can verify who operates the site.

Also check the web address of your internet banking site before you enter your details. Make sure it is prefixed with https and not http, a sign the site is secure. If the address looks overly long there might be a problem.

Because of the virus threat don't ever access your bank from a public computer such as an internet cafe.

When you finish your online banking session, click the log off tab and close the browser window.

Most banks offer antivirus and anti-spyware software free to online customers. Make sure you have yours installed and up to date.

CARD SKIMMING

How it works:

AS with ATM fraud, your card needs to be taken from you for a moment so it can be passed through a skimming device. Skimming might happen when you voluntarily hand over your card to make a payment or when your waiter carries your card to the point-of-sale device in another part of the restaurant. Common scenarios are where the cashier moves the card below counter height to where the POS device - and the skimmer - are kept, or where they appear to be cleaning your card by rubbing it on a piece of their clothing. In a matter of seconds the information on the magnetic strip is copied, allowing your card to be replicated.

However, most cards nowadays require a pin to be entered before funds are released, and getting this detail often requires a second person to watch what you key in, or a camera might be positioned to record your pin.

How to prevent it:

Never let your card out of your sight. If the POS device can't be brought to you, get up from your table or out of your car and walk to it. Shield the keypad when you key in your pin and make sure you aren't distracted and that no one is peering over your shoulder.

Most banks now send you an SMS every time a transaction occurs on your card. It's a facility worth getting if you aren't already on this system so you are immediately aware of transactions not effected by you. Also, regularly and diligently assess your posted or online bank statements for anything you don't recognise. Get hold of your bank immediately if this is the case.

SIM-SWAP FRAUD:

How it works:

THIS scam is usually used in conjunction with phishing because your banking details are vital for the operation to succeed. Once fraudsters have your cellphone number they can approach your service provider and request a replacement sim card. Once they have this they are able to get the security messages and one-time passwords your bank sends to your cellphone when you add beneficiaries or transfer money out of your account.

How to prevent it:

Unless you are a rock star it's virtually impossible to limit the people who have access to your cellphone number, especially with companies actively selling our personal information to each other. But you can make sure you are alert to information coming in on your phone and immediately opt out of unsolicited advertising. Just SMS a reply using the words "quit" or "stop".

If you get an SMS warning that a sim swap has been conducted on your cellphone number and you have nothing to do with it, immediately contact your cellphone service provider and your bank.

If you suspect illegal activity is going on, change your internet banking log-on credentials on your internet banking site. This will make access to your account virtually impossible.

Never disclose your ID or cellphone numbers on a website unless you have verified the legitimacy of the site. Your bank already knows this number and won't ask you to give it again unless they need to verify your identity for an activity you have specifically requested.

Make sure your contact details are up to date at your bank and on your internet banking profile.

419 SCAMS

How it works:

YOU get an e-mail or fax, or even a posted letter, asking for your assistance in the movement of funds, for which you will be compensated.

The content of the correspondence can differ but essentially you are offered money to provide access to your account.

You might be asked to travel to meet the person, possibly even to a neighbouring country.

How to avoid it:

Use your common sense: if it sounds too good to be true, it probably is.

Never travel to meet the person. According to the South African Banking Risk Information Centre, victims who have been lured to foreign countries have been robbed, held for ransom and even murdered.

Never provide blank letterheads, invoices or your banking details unless you are sure of the recipients.

Be careful with your pin

Choosing a pin you can remember isn't easy, which is probably why thieves have about a one-in-11 chance of guessing it.

The Guardian newspaper reports that a study by cryptographers at Cambridge University found that one in 20 people use numeric patterns such as 4545.

One in 10 use a pattern on the entry keypad, like 2580 or 0852 (down or up the centre of the keypad). About 23% of users choose an important date, a third of these choose their own birthday. Since most of us keep evidence of our birth date somewhere in our wallets or bags, this sequence of numbers is clearly not a great choice.

Cambridge researcher Joseph Bonneau said if a thief finds the cardholder's date of birth, the chances of successfully guessing the pin are about 9%.

Another study reported by the Daily Mail revealed that nearly one in nine of us goes for 1234, with 1111 and 0000 close behind. These three make up nearly 20% of all pins.

The rarest code of all is 8068.

* This article was first published in Sunday Times: Money & Careers