Fraud awareness update

It is always important to stay aware of the types of scams out there to avoid falling victim to these fraudsters – avoid becoming a victim of fraud by knowing what to look out for allows you to stay safe.

Fraud scams continue to plaque the general public and though they keep evolving they also remain the same in many instances. It is always important to stay aware of the types of scams out there to avoid falling victim to these fraudsters.

The following scams are quite common and knowing what to look out for allows you to stay safe.

Scam 1 – WhatsApp “Family Emergency Scam”

How it works

“Mom/Dad, I lost my phone, and this is my new number”

“Hi Mum, I dropped my phone and its broken this is my new number till I get my phone fixed.”

• The fraudster targets victims by messaging them through WhatsApp.
• This kind of message has variations of “this is an emergency and I need your assistance” .
• The message usually involves the fraudster impersonating a close acquaintance or family member with a request to send money, either to them or on their behalf.
• The reason behind the request often involves the fraudster stating that they can’t gain access to their own funds, they have a bill they aren’t able to afford or there is a current emergency that they need help with.
• The perpetrators usually pretend to be in a hurry, hoping the urgency will entice their victims to act immediately.
• More advanced fraudsters may target victims at specific times of day to enhance the urgency i.e. late evening just before banks close or on a Friday afternoon.
• The urgency will put stress on the victim and encourage them to make rash decisions they may not usually take under normal circumstances.

How to spot this type of scam

• In most cases, the phone number used to commit WhatsApp fraud is unknown, but will use a familiar profile picture, convincing the victim that they are communicating with a friend or family member.
  Criminals can easily copy a photo from other social media platforms, such as Facebook or Instagram.
• The fraudster creates a sense of urgency and pressures you to pay quickly.
• HOWEVER, fraudsters can also continue the scam over an extended period of time if they think they will eventually convince the person to pay them an amount.
• The fraudster may reference the change of phone number but quickly talks about needing assistance.
• Their message may include poor English but that is not always the case!
• The fraudster does not want to be called, always communicates through messages and finds excuses for not being able to take a call.
• The fraudster asks for money to be transferred to an unknown account often stating it belongs to a friend or someone they owe money to etc.

What to do?

• DO NOT PANIC or respond immediately.
• ALWAYS contact the person on the number you know, to confirm they are not really in an emergency.
• Do not engage with the fraudsters if at all possible.
• Report the number to Action Fraud UK, it assists them to determine numbers that belong to fraud syndicates.
• If you have got to a stage where the person has provided bank details, report those details to Action Fraud UK to enable investigations related to fraudulent accounts.
• If you have made a payment, immediately inform your bank.
• We (or any bank) will never ask for your full password
• We (any other bank or the police) will never contact you out of the blue to ask for your PIN, or to move money to another account
• Just because someone knows some of your personal information doesn’t mean they’re legitimate
• Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud
• Always call your bank back on the usual and trusted telephone number, such as the one on the back of your bank card. This is also true for anyone that contacts you out of the blue from an unfamiliar number claiming to be someone you trust.

Scam 2 – Interception fraud

How it works

• Interception fraud is when criminals steal information such as email usernames and passwords allowing them to hack personal or business email accounts.
• Email interception can happen in a number of ways including phishing, spoofing, phone cloning or hacking or putting malicious software (such as key loggers) onto a computer.
• The main purpose of the interception is to impersonate a legitimate person/business.
• It is common for this method to be used to change bank details contained in a legitimate invoice, so money is sent to a fraudster’s account.

How to spot this type of fraud

• A change in email address. In most instances the fraudulent address has a single letter difference to the legitimate address, which is not easy to spot – for example a slight spelling difference in the name using “a” instead of “o”. In rare instances the email domain name differs completely.
• Beneficiary details within the invoice have changed (if you have paid this beneficiary before).
• Spelling mistakes within the invoice, sometimes this is overt, but at other times this is not as obvious.
• The fraudster may create a sense of emergency to put the victim under increased stress
• The bank might reject the first payment – the fraudster then typically asks you to make the payment into a different account. The amount of the payment might be the same, or different.

What to do?

• Before making payments to invoices sent by email, contact the company on their publicly available phone number to confirm the bank details provided in the invoice.
• Check that bank details match previous details if you have paid the person/business in the past. Question them if the details have changed. There are times when it is a legitimate change.
• Check the email address and domain for errors.
• Consider the type of account you are making the payment to – for example the account details might belong to an individual, but you are making a payment to an organisation
• If a payment has been made to one of these accounts and it does not appear to be legitimate contact your bank immediately.

In both these types of scam, the fraudsters trick a person into making the payment. They will often withdraw funds immediately after it is received making it almost impossible to recover the funds paid.

Nedbank Private Wealth seeks to ensure we have the appropriate physical and technological security measures in place to protect your information, regardless of where it is held. These include, but are not limited to, enterprise firewalls, endpoint protection, two factor authentication, a 24/7 cyber monitoring service, annual cyber training for staff, strict access controls and a penetration testing programme.

For more information on how you can protect yourself against fraud, please click here.

Any information about cyber security may reference Nedbank Private Wealth’s products and services and should not be taken as advice or a recommendation. We may include details of products and services that Nedbank Private Wealth does not offer in your country of residence or that are suitable based on your personal circumstances. You should seek individual advice from a professional adviser before making any financial decision.