Episode Transcript
[00:00:00] Speaker A: O'. Clock. I want to talk to you now about some scams because this is a big one and I've been a victim of that myself about two months ago.
Spoofing and smashing scams are on the rise in South Africa with criminals using increasingly sophisticated tactics to impersonate trusted institutions like banks, courier companies and even the SAPS.
So these days, fraudsters manipulate caller IDs to make phone calls appear legitimate, while SMS scams often include agent warning and fraudulent links designed to pressure consumers into acting quickly. So today we're joined by Nick Harris, who's the head of financial crime at Capitech, and Jean Rosso, who's the head of CSI and financial education at Capitech, to unpack just how these scams work and how to spot the warning signs and what practical steps you as a South African can take to protect yourselves. Nick and Jean, thank you so much for speaking to us. Welcome back to the show.
[00:00:58] Speaker B: Cool. Thank you very much.
[00:00:59] Speaker C: Thank you.
[00:01:00] Speaker A: Yeah. And let me start with you, Nick. Nick, because these frosters for some reason managed to make it appear as if it's the bank or the saps that is calling. How are they able to do that?
[00:01:13] Speaker B: Yeah, absolutely. So, I mean, they're using what we call in the industry, caller ID spoofing.
And really that's what they do is they use inexpensive technology and they are able to add a network layer, actually fool the network into believing that number that they're calling from is the legitimate numbers. So this happens, unfortunately, because the telcos can't really verify the calls at a network layer, so they accept the number that's presented to them.
And really I think these, these tools that they use and voyage services are available online, are relatively inexpensive and the, it allows the, the fraudsters to choose a number that they wish so they can present themselves to a bigger bank's fraud department or even worse, saps.
And this perfectly imitates. So even if you're using something like True Caller, unfortunately it's at a network layer. So it fools even those sort of call verification services.
And really what they do is once, once that number comes in, they've now creating this fear and urgency. And once you answer, they're really going to use things that trigger strong emotional responses from you to try and get you to stop thinking. And there's going to be things like, hey, there's a fraud, fraud in transaction account, your account is about to be closed, your money is at risk. We found drugs or passports, customs and, and then really they're going to try and get that fear factor of your raised in your mind.
[00:02:35] Speaker A: So Jean, why should people not rely on caller ID applications then to verify calls? Because at some point we thought that's what's going to help us.
[00:02:44] Speaker C: Yeah, many people believe that if a call appears as so and so bank or the saps or a courier service or a fraud line, it must be genuine. But what, what we must remember first and foremost is that caller ID apps are, they're a convenience feature so it's not a security tool. So firstly it's designed to show you who you think is calling, not to verify identity. So it's really to avoid spam calls and to know or to help you decide whether you want to take the call or not. So we as banks don't use it for verification.
Secondly, caller ID apps used unverified user supplied information or data. So the name that is linked to the number is often based on public available sources, people's public partnerships or their profiles or the name that appears on your screen often comes from other users who've saved the number on their phone. So if enough people have saved the number as so and so bank fraudline, even incorrectly, the app will also display that name. And then the third important reason is that these caller ID apps cannot detect or stop spoofing that Nick just explained.
[00:03:56] Speaker A: So Nick, what are some of the fake SMS scams that are, that are currently common that listeners need to be aware of?
[00:04:02] Speaker B: Yeah, so if you like me, unfortunately there's every second day some other unmarked parcel arriving from Buffalo Couriers or and it's another team machine parcel that my wife's ordered and really they've, they've hooked onto this. So a lot of consumers would be getting SMS's from particularly Buffalo Logistics.
And in the SMS it's going to look like it, it's going to say hey, you've got outstanding value. It's normally R18 99 or 19 bucks roundabout there, your pass is ready for delivery, you just need to make payments. And this is so common because we are receiving those legitimate messages all the time via WhatsApp and via these apps as well.
And this then takes you to the payment page and they're basically just harvesting your credit card details and you'll start seeing card not present fraud taking place in your account. The second one really is the fake FICA and account suspension estimates. So this is very common, your accounts about be frozen, that's non FICA compliance and again it's got these links in there and I suppose quite common is that all these things contain A link. And we always study, don't click on the link, right?
[00:05:08] Speaker A: Yeah.
[00:05:09] Speaker B: So click on this link again. They're going to look for card details. They might even be taken to a fake Internet banking website. And again it's about intercepting your PINs and passwords. And really the last one is around the fake security alert, so you might even get an sms, hey, there's fraud in your bank account and then immediately followed up by a spoofing call from the bank's fraud departments. And really, I mean the goal is to make you panic and make it to click these links before thinking and then they're going to start taking you through, taking you into urgency and starting to make you do things like hey, you need to make payments or give us your card details to secure your account. So really these are the three broad categories, but these things change all the time. So the first protocol is that if you get any SMS with a link, rather go to the official website or to the app where you've actually purchased the goods from and from there you can actually then go through to the safe accounts.
[00:06:00] Speaker A: Yeah Gene, let's help our listeners here with protecting themselves. You know, what can consumers do to protect themselves from spoofing and smishing?
[00:06:11] Speaker C: The first clip never gets old and it's really as simple as never to share your PINS passwords one time pins, even your card number, expiry date or CBB or CBC number with anyone.
If someone asks you this, you should know it's a scam. So don't be tricked to anything like that. The second thing is do not click on links in SMS's or emails that Nick just explained that request you to update your information or to make a payment. Always type in the official web address in your browser. So do not click on those links to update information.
As he explained, it's out there to harvest your information, then end the call and phone back yourself. So this is a critical step.
Many of the banks nowadays offer you the ability to, to verify who is calling while you're on a call in their banking app. So if someone is telling you they're phoning from the bank's fraud department, you can actually sign in on your banking app with some of the banks, including Capitech, and you can actually verify whether it is really Capitech on the call. But if you can't do that, if you can't verify and anything sounds suspicious or they start asking you for information or start asking you to access the app to do something in your app, that's, that's not verifying that it's them, hang up immediately and then call the bank back on their official number, the one on the back of your car, the one on their official web address. Do not all then end up calling, but do not use the callback function on your phone because remember, they can even spoof that. So it's very important that you, you call the bank back on the official numbers and not pretend to call on that number. And then I think the last critical one is, is really to familiarize with your bank's built in security features. So the ability to freeze or stop your card if you see anything suspicious or suspicious transactions that start going off your account that most of the banks enable you to do in their app. So you can, you can act immediately and then call your bank definitely to take further action.
Enable transaction alerts proactively so ensure that you, you get those money in money out messages so that you know what's happening on your account and that you can track.
Then familiar, familiarize yourself with your bank's unique security features.
So do not ignore when your bank informs you of something new that they have just launched to protect you. Try to really get up to date and remain up to date about the security features.
[00:08:47] Speaker A: Yeah. Jin Rosso and Nick Harris, thank you so much.
