Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Don’t let social engineering compromise your financial security

Home Business Don’t let social engineering compromise your financial security

We live in times where fraudsters look like neighbours and sound like friends. When it comes to private- and payment card information, make sure you understand how social engineering can be used to compromise your financial security. 

Fraudsters are masters in social engineering and know how to engage people in a way that creates misguided trust. It involves manipulating individuals via various channels such as phone calls, email, SMS and social media to divulge confidential and / or card information. 

Some social engineering scams involve sending emails that seem to come from a legitimate source, i.e. your bank, requesting confidential information, like card numbers, passwords etc. (often as part of a required ‘update’ exercise). This is called phishing. Neither Bank Windhoek, nor any other financial institution, will ever request information or prompt a response in this way. Pay close attention to the sender’s email address. It is likely a falsification of a known email address or domain which might include subtle spelling errors such as 3nquiries@your.bnak.com or yourbankname@strangedomain.com 

Spear-phishing is similar to phishing, however, the attack is targeted at a specific company or person / group, and has a more personal feel to it.

A mail would seem to be coming from a company head or department manager, requesting users to urgently click on a link or open an attachment. (Again, pay close attention to the sender email address and spelling). Such attacks often first acquire personal information via company web sites or social media platforms such as Facebook, to create a sense of familiarity with the intended victim. 

Vishing is the voice equivalent of phishing, and is the act of fraudsters engaging victims in a friendly and helpful conversation, claiming to be from your bank and asking assistance with a mobile app upgrade, or security enhancement. These calls will also have a sense of urgency attached to them. I.e. “Your account might be compromised if you do not upgrade right now.” Fraudsters will pretend to know staff or inside information from your bank. This is the quickest way victims are lulled into trusting the authority and mandate of the caller. Victims are requested to enter information on the mobile app, to share or forward information or to respond to a text message. Never obey instructions from a random phone call. Don’t ever share the OTP (one-time PIN) you receive on SMS in such a conversation with the caller. These PINs are triggered only when a transaction is taking place on your account. If you did not initiate a transaction, do not help to complete a transaction! As far as your card information is concerned, and only if you initiated the call, only ever share the first 6 and last 4 digits of the card number. SMShing involves requesting victims to follow prompts on SMS or social media. This can happen independently or as part of Vishing attacks. Again, no legitimate contact from any bank will request confidential information in such a manner.  If you receive a suspicious or unexpected call from someone claiming to be from your bank, especially after hours, get a name and instruct the caller that you will phone them back on the official number from your bank. Obtain this number yourself. 

Reminding oneself that fraud is a continuing science and being aware of the various methods applied to obtain your hard-earned money, you will be able to identify a fraudster easier and protect yourself against their onslaught. 

*Riaan Viljoen is an Information Security Specialist at the Capricorn Group.