While self-isolation will keep you safe from the dreaded COVID-19 virus, it is up to you to keep yourself, your family and your company safe from digital scammers and hackers who will be looking for any opportunity to take advantage of you during this time.
The COVID-19 lockdown is still in force. Many of us still prefer to stay at home and we spend a lot of time online, as we rely heavily on online channels to work, shop and access entertainment. It is therefore vital that you are aware of the security measures you need to take to keep yourself and your company safe.
Beware of opportunistic hackers
Many cybercriminals may take advantage of your need for information and increased time online to target you with social engineering scams. Working from home can also leave your business more vulnerable, as home networks are generally less secure than your office network - office networks tend to have more secure firewalls and protection of corporate networks. So not only is your information more exposed, but your company's confidential information may also be more vulnerable to attacks.
Empower yourself to protect yourself
The best defence is a good offence. Don't wait until you fall prey before you bulk up your digital security, make sure that you know about the latest trends in cyber security and make these measures part of your daily routine right now.
But what are these "social engineering" scams you should watch out for?
We break down the latest and most common cyber-attacks and scams, and how you can protect yourself against them.
- Phishing: Criminals will send you emails that seem to be from trusted sources or companies, like Discovery, often promising a reward or refund, to deceitfully obtain your personal information including passwords, identity number, login details and credit card details. The goal is always to steal your money. If you've responded to a phishing email, change your banking login details immediately and let us know.
- Vishing: Similar to phishing in that the objective is to obtain personal information fraudulently, vishing tricks people into disclosing information over a phone call, rather than visiting a website. You may receive a phone call, SMS or email notifying you that your account has been hacked. You then have to dial a number to sort it out. Criminals use this urgency to get you to act before you've had an opportunity to become suspicious. When you dial the number, they ask you for your personal information. Don't share anything and ask for verification details.
- SMishing: Similar to phishing and vishing, this when scammers attempt to get your information via a link on an SMS. For example, you may receive an update on COVID-19 in your area with a link for more information. This page may then ask you for login details, your personal details or track your movements online to gain more information about you and your company.
- Pharming: This is a cyber attack intended to redirect a website's traffic to another, fake site which then aims to steal your information and/or money. In a pharming attack, the criminal hacks into the site you have opened and redirects you to an imposter site. Much like a phishing scam, many of us won't notice any difference in the rogue site, and will enter our username and password, or credit information as usual. The attacker then captures the information.
- Advance fee fraud: A number of factors resulting from the current COVID-19 crisis are influencing the current crime landscape. These include: a high demand for certain goods (protective gear and pharmaceutical products); the decreased mobility and flow of people; limitations to public life which may make criminal activities less visible or displace them to online or home environments; and increased anxiety and fear that leave people vulnerable to exploitation. These elements provide a platform for digital banking criminals, especially those who use social engineering tactics. Advance fee fraud is a scam in which criminals pose, for example, as a pharmaceutical company and claim to sell medical equipment (specifically masks) for an advance fee, with the promise of high returns. Beware of these kinds of scams as it's likely that criminals will continue to exploit the current situation.
- Man-In-The-Middle (MITM) Malware: Man-in-the-middle malware is a type of eavesdropping attack that occurs when a malicious "bug" is inserted in a client's device (laptop, tablet, phone). If done successfully, the fraudster will be able to view all communication sessions between a client and their bank's system, which leaves the client vulnerable to being exploited. This malware bug is typically installed to the client's device when they click on and download unknown files or folders from their email or other types of messages. Once the malware has access to the client's machine, it is able to listen in on the confidential information being passed between the client and their bank - including card numbers, expiry dates, CVV numbers, and other confidential information that can be used to defraud the client.
How to counter cyber attacks
- Think before you download. Malware can be hidden in seemingly innocent files, documents and links. Avoid downloading any file or attachment if you do not know the recipient. You should also never download or install programs to your machine unless it is from a trusted and verified source, and app updates should only be downloaded from your trusted device app store.
- Gear up. Protect your devices, including tablets and cellphones, by installing anti-malware (short for malicious software) and antivirus software.
- Watch where you surf. Be smart when you navigate the internet. Make sure you're on the site you've entered the address of and avoid suspicious websites, as much as you avoid clicking on links in suspicious email messages. This will prevent malware from accessing your computer.
- Watch out for hidden malicious URLs. Be aware of the fact that scammers can hide malicious URLs in a normal-seeming address. If you have any doubts about the link, hover over the link with your cursor to reveal the hidden URL. On mobile, tap and hold the address to copy, and then paste the URL into a notepad first to check the URL before clicking on it.
- Even when you're safe, be wary. Pharming is dangerous because you could have a "clean" computer or device and still be a victim. Taking precautions such as manually entering in the website address or always using trusted bookmarks isn't enough, because the misdirection happens after the computer sends a connection request. Watch out for when a website address looks odd, with symbols replacing letters, for example, "st@r" or if the site asks for information that it normally does not, and check to ensure there's a lock icon in the address bar which shows a website is secure. Also look for 'https://' in the web address which tells you your information is encrypted and secure.
Your security and the privacy of your personal information are our priority. If you suspect irregular activity on your Discovery Bank account, please call our Fraud team on +27 11 324 4444.
It's time to bank healthier
Discovery Bank is the world's first behavioural bank. Our main goal is to improve your financial health by helping change how you work with your money. Through Vitality Money, you'll learn more about what it means to be financially healthy and you'll get rewarded for managing your money well. Track your progress easily on our app and steadily improve your Vitality Money status. You'll get rewarded as you get financially healthier. How much you get out is up to you.
Join the world's first behavioural bank that motivates and rewards you for banking well.
Transacting from your mobile device can be tricky, but when used on a secure connection, the Discovery Bank app has built-in safety features which maximise safe banking.