Never enter your credentials via a link in an email or give your details to anyone who asks for it over the phone – your bank will never ask you to do this.
Cybercriminals find it much easier to hack a human than to break through sophisticated security technology.
This human hacking technique is called social engineering and is the art of manipulating or deceiving you into taking action or disclosing sensitive information using flattery, urgency, pressure, or greed. Hackers can steal money and defraud you only if they have your account credentials, ie your username or profile number and your password. They can get these details only if you give it to them, either by entering it into a fraudulent site through a phishing email or over the phone through a vishing call.
Rule of thumb: Never enter your credentials via a link in an email or give your details to anyone who asks for it over the phone – your bank will never ask you to do this.
If you get a call from your bank with an offer that sounds too good to be true or from someone from the Fraud Department reporting a fraudulent transaction and they need you to verify your details, offer to call them back and then log in to your account to verify the call. To enhance security, enable two-step verification (also called two-factor authentication) options. If possible, use facial recognition if this is an option.
Please watch out for the common tactics below and understand your role in preventing these attacks.
Phishing (hacking via email) is the most frequently used form of social engineering and everyone is a target.
|Check the sender’s email address||Always check the sender’s details carefully and ensure it's from the right domain, eg @nedbank.co.za or @nedbankprivatewealth.co.za.|
|Check spelling||Look out for spelling errors.|
|Approach links and attachments with caution||
|Beware of urgent requests||
|Trust your gut||If an email makes you feel anxious, fearful, curious or sounds too good to be true, rather follow your gut, stop and verify before clicking on anything.|
Vishing is also known as voice phishing or over-the-phone phishing.
|Be aware of your emotions||Has the phone call made you feel panicked, fearful, worried, curious or flattered?|
|Never disclose sensitive information over the phone||If you get a phone call from someone asking for your banking, confidential or personal information, do not respond and end the call immediately.|
|Verify the caller||
Smishing (short for SMS phishing) is phishing via a text message on your cellphone. Cybercriminals trick you into handing over personal information via a link in an SMS.
|Beware of an unknown source or number||Never act on any incoming texts messages that come from an unknown source or phone number.|
|Beware of urgent requests||Regard urgent security alerts and you-must-act-now offers or deals as warning signs of a hacking attempt.|
|Don’t click on links asking for your login credentials, PIN etc.||No financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card PIN, as shown below:
|Trust your gut||If a text message makes you feel anxious or threatened or sounds too good to be true, STOP, LOOK and THINK before clicking on any links.|
The next time you feel anxious, worried, flattered or rushed by an email, a phone call, a text message or an interaction with a stranger, imagine a big red STOP sign. Ask yourself: could this be a trick to hijack me and steal my personal or company information?
What do you think of the new site?