---

Avoid social engineering pitfalls

Bank Windhoek has noticed that fraudsters have increased their criminal activities by targeting senior banking citizens by persuading them to provide their login credentials, including their banking PINs.

This is a social engineering cybercrime tactic. Social engineering is when manipulation or deception is used to persuade individuals to give their confidential or personal information to be used for fraudulent purposes. Fraudsters fool the victims of their intended cybercrime by impersonating someone in a position of trust, like a bank official, or a position of authority like a police official. A fraudster’s motivation is always the same – to extract money, data or personal information from their victim.

Attackers often name-drop important and well-known personalities to intimidate the individual and to create a sense of urgency for an immediate response to the request.

Phishing is fraudulently trying to obtain sensitive information such as user accounts, passwords and credit card information from an unsuspecting victim by pretending to be a trusted entity in an electronic communication such as an email.

Vishing: A customer receives a phone call from a caller who claims to be from their bank and suggests a problem with their computer or user account. They may even ask for a customer's username and password claiming to be able to rectify the urgent problem while on the phone with the victim, during which time the customer’s account is compromised.

Characteristics of phishing
Customers should always check for misspellings and grammatical errors. The message often claims to be from a bank or some trustworthy entity and has an urgent tone, prompting an immediate response. The site linked to the message asks for identification and password, and the message asks customers to update certain personal information. There is an unusual "from" address, and the listed URL does not match the official URL of the organisation. Beware of clicking on attachments as this will give fraudsters access to the information on the victim’s computer or mobile device.

What to do and what not to do
To be vigilant, customers should always be sceptical and ask questions about unsolicited phone calls, emails, SMS and WhatsApp messages. They should also use common sense when answering messages. They can report this suspicious message to their bank or financial institution. 
Customers should always verify the identity of anyone before providing any information to them. If in doubt contact the organisation directly by using the phone number provided on the official website or telephone directory, not the number in the suspicious message. Customers should never respond to unsolicited emails or give their password to anyone. Never part with money before ordered goods were received, because the transaction may be the result of social engineering.


Hayley Allen, Bank Windhoek’s Head of Strategic Communication