When it comes to the hundreds of online scams doing the rounds every day, the old adage “A fool and their money are soon parted” does not apply! No one, no matter how smart, is immune to increasingly sophisticated online fraud warns Wojtek Wierzycki, Sygnia’s Head of Systems & Development.
When it comes to the hundreds of online scams doing the rounds every day, the old adage “A fool and their money are soon parted” does not apply! No one, no matter how smart, is immune to increasingly sophisticated online fraud warns Wojtek Wierzycki, Sygnia’s Head of Systems & Development.
There are networks of professional fraudsters whose full-time job is to use sophisticated technology to identify and exploit your online weak spots 24/7, 365. This is the frightening reality anyone who interacts online faces, but there’s no need to panic. Be smart and on the offensive by following these “belts and braces” tips to add extra layers of security to your day-to-day online activity.
1. Up your password game
Your birthday and pet’s name may be easy to remember, but as a password it’s just as easy to crack. Your online passwords should always be at least 16 characters or more and should use a combination of numbers, symbols and lower and upper-case letters. Don’t use consecutive letters or numbers, and don’t repeat passwords across multiple online accounts.
Use sentences or phrases and substitute acronyms:
7he*D0gJuMpT*0vr.F3n$ – The dog jumped over the fence.
2. Protect your passwords
When your browser prompts you to save your password, always decline. Use a secure password vault or password manager to store passwords, and ensure the vault or manager is protected by two-step authentication.
If your device allows biometric verification (fingerprint sign-in or facial recognition), use it.
4. Add two-step authentication
Make the security of your social media, email, banking and any other online presence tighter than Fort Knox by installing a two-step authentication app and enabling the feature on all your accounts.
5. Always sign in directly
Isn’t it convenient when new apps, browsers or social media pages offer you the option to log in via your Google account or one of your social media accounts? Don’t do it: you may pay for the convenience by compromising your private data!
6. Protect your devices
Keeping your phone, tablet, computer or any device you use to interact online up to date with the latest security upgrades for that device’s operating system, will help protect against vulnerabilities that hackers can exploit. The same applies to any applications and browsers you use.
Ensure you use reputable anti-virus software and that you update it daily.
7. Allow verified push notifications
Push notifications can be a pain, but when it comes to online banking or any other account that relates to your personal finances, these alerts can be a lifesaver.
Firstly, you’ll be notified immediately should any money leave your account. Secondly, if there is suspicious activity on any of your accounts, a good service provider will use push notifications to alert you and verify whether or not this activity was initiated by you.
8. Never, ever give out PINs or OTPs!
A common scam is for the fraudster to call and very convincingly pretend to be a staff member from your bank, saying fraud has been detected on your account. They will then request your OTPs in real time to urgently “stop the fraud”. Of course, they’re the fraudsters, and you’re literally handing them your OTP and access to your accounts on a silver platter.
Bottom line: No matter how urgent or dire the situation may seem, never, ever give your PIN or OTP to anyone!
9. Keep contact details updated
Ensure your contact details (current email address and mobile number) are up to date with your banking and/or financial services provider so that you can be contacted immediately in the event of any suspicious activity.
10. Only use official communication channels
Always ensure that communication (emails, phone calls, WhatsApp messages, social media inbox, etc.) is from a verified provider. Details will be on the contact section of the service provider’s official website. If in doubt, contact the provider’s client services division before transacting.
11. Check every email’s origin and content
Fraudsters send emails that often look very much like those sent by official service providers. Be vigilant and conduct the following three-point checklist:
Does the email sender match the provider’s official website domain? (E.g. “@sygnia.co.za”)
Does the email contain any undisclosed recipients? If your email doesn’t show this, an easy way to check is to forward the email or reply to all. If you see more than one email address, there are some fishy “undisclosed recipients”.
Can you see the sender’s actual email address (e.g. statements@sygnia.co.za), or does it just appear to come from your service provider (e.g. “Sygnia Services”)? If you only see a name and not an actual email address, hover over the sender to reveal the actual email address, or forward the mail to view details.
Even if the email looks legitimate, a few sure-fire signs will tell you whether it’s a scam:
Spelling and/or grammatical errors;
Vagueness about the exact type of account or service you have;
Links that do not match your service provider’s domain (more on that below).
If any of the above may be applicable, treat the email with the utmost suspicion and call the service provider’s client support line to verify.
12. Always double-check the URL
Be extra cautious of clicking on any link you’re sent via email, text, WhatsApp, Telegram, social media, webchat or any other messaging application.
Even if you are fairly confident it was sent from a legitimate source, check the URL (website link) you are directed to – it must have the provider’s official website domain in the link.
Warning! The link/URL on the email, text or other message may look legitimate (e.g. www.sygnia.co.za), but remember that scammers can code URLs so that the link is named differently to what it actually is. This is why you should always check the details of the URL in the search bar.
Apply the above rules every time you log in to your banking/financial services provider’s website. Scammers have become super savvy about redirecting legitimate URLs to scam sites, so always be alert, and double-check the URL before entering any log-in details.
13. Pay direct
Scammers also impersonate financial advisors or the representatives of banks and/or financial services providers, supplying their own bank details to redirect payments. The golden rule is thus to always pay direct (usig the verified website’s payment gateway, electronic collection or direct EFT).
Always ensure the payment details are pre-approved (verified company accounts via your online banking) and/or that the account is correct per the verified payment details you’ve been provided.
14. Learn how to spot scams
From high-level OTP scams to run-of-the-mill phishing, there’s no shortage of new scams every day. Fortunately for us, underlying similarities between most scams make even the most sophisticated swindler identifiable. Train your Spidey senses by learning how to spot a scam here.
15. Stay on top of the latest scams
Stay ahead of the curve by learning about the latest/most common scams here (updated regularly).