By Hanno Labuschagne for MyBroadband
Mobile users in South Africa should be wary of scammers claiming to offer data or airtime packages at suspiciously low prices.
An online-based scam which claimed to sell unlimited prepaid data, voice calls, and messaging bundles was recently pointed out by MyBroadband Forum members.
A party calling itself “Unlimited Prepaid Bundles” was selling several mobile products which it claimed worked on Vodacom, MTN, Cell C, and Telkom’s networks.
The scammers had also taken out sponsored ads on Facebook for these “unlimited” bundles.
Upon visiting the Facebook page for “Unlimited Prepaid Bundles”, we discovered several early warning signs of trouble.
The first was the suspiciously low pricing of the bundles, which included an uncapped monthly data bundle at R249 and yearly uncapped data at R799.
After MyBroadband lodged these queries, the Facebook page and website of the scammers were taken down.
MyBroadband notified African Bank of the site and provided the details of the bank account which was being used to scam buyers. The bank confirmed it had launched a forensic investigation into the account.
Speaking in a recent eNCA interview, police minister Bheki Cele said that there had been a notable decrease in crime in several areas during lockdown Level 3.
- Cash-in-transit heists;
- Bank robberies; and
- House robberies.
However, gender-based violence is currently a major concern; he highlighted the fact that more than 38 000 women were raped in South Africa last year.
He called on community members to report any abuse or violent behaviour before a crime is committed.
Cele said operations by the SAPS would be intensified during the country’s national state of disaster.
Specific measures include:
- The conducting of static roadblocks on all national routes and major routes in order to monitor, control and ensure adherence to the regulations;
- The conducting of vehicle checkpoints, on provincial routes, regional routes, rail routes, main streets in order to monitor, control and ensure adherence to the regulations;
- The conducting of high visibility patrols to monitor, control and ensure adherence to the regulations;
- Designated investigation capacity and case management; and
- Implementation of objects of policing, in accordance with S 205(3) of the constitution of the Republic of South Africa.
Be your money’s best protection by following these SABRIC tips:
Tips to prevent card not present (CNP) fraud
- Personal information includes identity documents, driver’s licenses, passports, addresses and contact details amongst others. Always protect your personal information by sharing it very selectively and on a need to know basis only
- Never share your confidential information which includes usernames, passwords and PIN numbers with anyone
- Review your account statements on a timely basis; query disputed transactions with your bank immediately
- When shopping online, only place orders with your card on a secure website
- Register for 3D Secure
- Implement dual authentication for all accounts and products, especially for financial services products
- Do not send e-mails that quote your card number and expiry date
- Do not use your information if you suspect it may have been compromised. Rather use other personal information that you have not used previously in order to confirm your identity in future
- Register for SMS notifications to alert you when products and accounts are accessed
- Conduct regular credit checks to verify whether someone has applied for credit using your personal information and if so, advise the credit grantor immediately
- Investigate and register for credit related alerts offered by credit bureaus
Tips to prevent phishing and vishing
- Do not click on links or icons in unsolicited e-mails
- Do not reply to these e-mails. Delete them immediately
- Do not believe the content of unsolicited e-mails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
- Type in the URL (uniform resource locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage
- Check that you are on the real site before using any personal information
- If you think that you might have been compromised, contact your bank immediately
- Create complicated passwords that are not easy to decipher and change them often
- Banks will never ask you to confirm your confidential information over the phone
- If you receive a phone call requesting confidential or personal information, do not respond and end the call
- If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised
- If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop
Tips for protecting your personal information
- Don’t use the same username and password for access to banking and social media platforms
- Avoid sharing or having joint social media accounts
- Be cautious about what you share on social media
- Activate your security settings which restrict access to your personal information
- Don’t carry unnecessary personal information in your wallet or purse
- Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email
- Don’t write down PINs and passwords and avoid obvious choices like birth dates and first names
- Don’t use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN)
- Don’t use Internet Cafes or unsecure terminals (hotels, conference centres etc.) to do your banking
- Use strong passwords for all your accounts
- Change your password regularly and never share them with anyone else
- Store personal and financial documentation safely. Always lock it away
- Keep PIN numbers and passwords confidential
- Verify all requests for personal information and only provide it when there is a legitimate reason to do so
- To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at www.safps.org.za
- Ensure that you have a robust firewall and install antivirus software to prevent a computer virus sending out personal information from your computer
- When destroying personal information, either shred or burn it (do not tear or put it in a garbage or recycling bag)
- Should your ID or driver’s license be stolen report it to SAPS immediately
Tips for protecting yourself against SIM swops
- If reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately
- Inform your Bank should your cell phone number changes so that your cell phone notification contact number is updated on its systems
- Register for your Bank’s cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur
- Regularly verify whether the details received from cell phone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately contact your bank and report all log-on notification that are unknown to you
- Memorise your PIN and passwords, never write them down or share them, not even with a bank official
- Make sure your PIN and passwords cannot be seen when you enter them
- If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch
- Choose an unusual PIN and password that are hard to guess and change them often
Tips for carrying cash safely
Tips for individuals
- Carry as little cash as possible
- Consider the convenience of paying your accounts electronically (consult your bank to find out about other available options)
- Consider making use of cell phone banking or internet transfers or ATMs to do your banking
- Never make your bank visits public, even to people close to you
Tips for businesses
- Vary the days and times on which you deposit cash
- Never make your bank visits public, even to people close to you
- Do not openly display the money you are depositing while you are standing in the bank queue
- Avoid carrying moneybags, briefcases or openly displaying your deposit receipt book
- It is advisable to identify another branch nearby you that you can visit to ensure that your banking pattern is not easily recognisable or detected
- If the amount of cash you are regularly depositing is increasing as your business grows, consider using the services of a cash management company
- Refrain from giving wages to your contract or casual labourers in full view of the public; rather make use of wage accounts that can be provided by your bank
- Consider arranging for electronic transfers of wages to contract or casual labourer’s personal bank accounts
By Jenna Etheridge for News24
The cellphones of State Security Minister Ayanda Dlodlo, her deputy, Zizi Kodwa, and several officials in the minister’s office have been cloned, the department confirmed on Wednesday.
“It looks like the operation is happening around Gauteng, hence the matter was reported to Gauteng police who have assured us that they have allocated high-profile investigators to look into the matter,” said department spokesperson Mava Scott.
“We are hoping it will be resolved as speedily as possible.”
Scott said the department became aware of the cloning this week and was awaiting further feedback from the investigation, adding it would then take it from there.
Earlier this month, the Hawks confirmed they were investigating the theft of money out of the State Security Agency’s offices in Pretoria.
At the time, IOL reported the perpetrators had walked into a safe at the office in Lyttelton, Gauteng, at the end of January and left with classified documents, an undisclosed amount of money in local and foreign currency, as well as CCTV cameras.
By Tom Head for The South African
If you’re a subscriber to the network, take note. At least five major DStv scams have been identified this year: here’s how to play it safe.
‘Tis the season to be cautious, folks. There are a myriad of DStv scams waiting to trip-up some unsuspecting victims this Christmas. The network have confirmed that a number of schemes have already been detected, and bosses have raced to warn South Africans about the dangers they face.
It isn’t just the technophobes and boomers that are getting duped by the sophisticated rouses, either. These DStv scams have caught-out people across the board. But what do we need to look out for?
The gift card phishing scam
Customers receive an email informing them that they’ve won a cash gift card or huge sums of prize money from a MultiChoice competition. However, targets are then asked to provide personal details in order to claim the prize. It’ll be for a competition you definitely didn’t enter, so please, don’t hand any of your information out.
The “final notice” SMS scam
Some DStv customers have received an SMS claiming to be from DStv demanding payment for a DStv Explora account. It threatens action if payment is not made today and includes banking details. However, the network do not send such crudely-worded communications. You can contact them to find out the status of your account if you feel unsure.
Recruiting for social media jobs
There are dangerous scams disguised as recruitment ads for MultiChoice. One of the most popular ones offers applicants the chance to be driven to an interview. MultiChoice does not offer such a service, under any circumstances. Use the Afrizan website to verify any offers.
The DStv Premiem upgrade scam
Opportunists are contacting customers – via email or telephone- and offering them DStv Premium for a fixed once-off fee per yea, where the customer pays the fee directly to the scammer. Customers are asked to disregard such offers, and they are asked to refrain from letting a third-party upgrade an account for them.
Say no to installation offers
Don’t let your desire for a festive bargain cloud your common sense. If someone offers you a discounted DStv subscription at a once off payment, treat this with suspicion and check it with the network. Anyone offering “free package upgrades” or “free DStv for life” in a cut-price deal will be trying to rip you off.
How to avoid these DStv scams
The network have issued the following statement, advising consumers on how they can stay safe this year:
“There are usually tell-tale signs that can help you spot if something is a scam. Like receiving an email or SMS from us claiming that you’ve won a huge prize for a DStv competition you never entered, and for which you must either pay a fee or verify yourself by sending personal details – sounds too good to be true? It probably is.”
“MultiChoice will never request your personal details via email or SMS – please do not hand over your personal information to anyone claiming to be from DStv. Always check the email address and emails containing spelling and grammatical errors. MultiChoice only use one domain for emails (multichoice.co.za).”
Retailers are increasingly coming under attack by cybercriminals, and there is little wonder why. They process payments on oftentimes unprotected Point of Sale (POS) systems, transfer large sums of money, and store and process sensitive customer information, such as banking and card information. They also process more online banking and card transactions. Cybercrime attacks on retail businesses tend to spike over the festive season, starting with Black Friday and Cyber Monday when transactions spike dramatically.
Protecting customers’ payment information at every stage of the payment process is vital. Point-to-Point encryption is becoming more critical as it facilitates secure communication channels between devices and company servers, and so protects payment data in transit. POS systems should be designed to encrypt sensitive data from credit cards the moment information is received and again when it is sent to the payment server, such as passwords, configurations and other critical confidential data. The Payment Card Industry’s Data Security Standard (PCI DSS) increases the governance around cardholder data to reduce credit card fraud. Many banks urge organisations to be PCI DSS compliant to have the right to make credit card payments. Review systems regularly to make sure these standards are followed.
“Most cyber-attacks on retail companies happen in the e-commerce space. However, in-store POS systems are not immune to the treats. With Black Friday around the corner and the festive season looming, it is a boom time for cybercriminals. Retailers must be aware and implement strategies to guard their businesses, both online and in-store,” says Charl Ueckermann, CEO at AVeS Cyber Security.
According to Ueckermann, AVeS Cyber Security has encountered numerous organisations that have limited to no protection on POS devices. This has a direct impact on cyber security for organisations because most times, the POS and corporate systems run on the same infrastructure and network. What this means is that when a POS system is compromised, a network breach can occur for the corporate network as well, leading to confidential client information breaches.
“Protecting POS systems, therefore, requires a multi-faceted and multi-layered approach. You want a highly-effective detection and protection tool to identify and remedy vulnerabilities proactively. The solution should have anti-virus capabilities specifically designed for POS systems. You also want to ensure that the POS software itself is up to date to the latest version, at all times. This is especially important for high transaction times, such as Black Friday and Cyber Monday.”
POS systems are vulnerable to attack when they are old or outdated because the software would not have been designed with today’s modern-day hackers in mind, making them vulnerable and susceptible to malicious code. Attacks on POS systems are becoming quite sophisticated, and cybercriminals are known to use both hardware and software to hijack payment card information and steal business data. Malware targeting POS systems is common and is one of the many ways to steal payment card details. Malware is used to obtain sensitive information, and in some cases, to even steal money directly from bank accounts.
“Your security technology should be able to detect malware, tampering, rooted/jailbroken POS devices, and more. The security stack should include a feature that proactively alerts retailers and POS providers when it is not safe to use the POS devices for making payments or performing other electronic transactions. If not, your system and your business will be vulnerable,” stresses Ueckermann.
Attackers also exploit mobile POS applications to steal personal and sensitive information that is used to make fraudulent purchases. This can result in big financial losses and damage to credit reputations for unsuspecting customers, and worse still, identity theft.
The backend of mobile applications can also be used by cybercriminals to compromise POS systems as well as the majority of business transactions that are processed on the server’s side. This gives them a way into internal business systems. Once the attacker gets inside the network or central system of POS vendors or retailers, they are able to access the compromised POS application as well as other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and Ueckermann says countless large-scale security breaches have been caused by this method.
He concludes: “The onus is on retailers to do the due diligence to protect their customers and data against cyber-attacks over the holiday shopping season and beyond. Strategies and measures should be in place to provide a safe and secure experience for customers online and in-store.
“Card and online payment processes should be secured and encrypted, controls should be in place to check and ensure the integrity of handheld POS devices, and mobile payment systems should be subjected to regular patches, updates, and equipment upgrades to protect against continually evolving threats.”
Source: Supermarket & Retailer
Criminals will likely target the influx of shoppers bustling to get their festive season shopping done over the next few weeks, says Charnel Hattingh, national marketing and communications manager at Fidelity ADT.
Hattingh said that shoppers should particularly cautious of follow-home attacks.
“We are urging all shoppers to be vigilant at malls and shopping centres and to be aware that we generally see a spike in follow-home incidents at this time of year,” she said.
In most cases shoppers are followed home from the malls and hijacked in their driveways.
“Criminals are aware these shoppers have a car full of newly-purchased items and are generally easy, distracted targets.”
“If you suspect you are being followed drive immediately to your nearest police station or security provider guardhouse,” Hattingh said.
Fidelity ADT said drivers should also remember general hijacking safety tips such as waiting in the road for the gate to open before driving in, and making sure the gate is closed properly behind the vehicle before getting out.
Safety tips at malls
“When in the mall or centre carry as little as possible in your handbag or pockets and rather leave unnecessary bank or store cards and large amounts of cash at home,” said Hattingh.
“A packed clothing store or supermarket is the prime hunting-ground for a pick-pocket or bag-snatcher. And, never leave a handbag, purse or wallet in a trolley.
“If you don’t use a bag or do not take one along, keep your wallet or purse in the front pocket of your jacket or trousers. Criminals are also targeting phones so make sure your phone is out of sight either in a zipped-up bag or in a front pocket.”
“If you are drawing large amounts of cash, take someone along to keep watch while you are at the ATM and to keep a lookout for any suspicious individuals or vehicles on the way home. If you can avoid drawing large sums of cash, do so. Electronic payments are the safer route,” she said.
Your safety outside the mall is just as important as it is inside, Fidelity ADT said.
“Before you exit the mall, have your keys ready so that no time is wasted to get your purchases and yourself into the car. This also means that you’ll be able to hold onto your handbag as you walk. If someone does try to snatch your handbag, let it go. Do not resist or fight back,” Hattingh said.
Lastly, she suggested avoiding shopping late at night.
“While the idea of a quieter shopping mall may seem appealing, you are more vulnerable in the car parks, mall bathrooms and the likes. If you have no other choice, be vigilant and report any suspicious individuals to the mall security.”
The National Stokvel Association of South Africa (Nasasa) is warning South Africans about WhatsApp stokvel scams which are targeting victims through social media.
These WhatsApp stokvels catch unsuspecting victims by promising them a large return on investment in a short period of time.
For a R200 upfront investment the scammers promise that people will be paid R1,200 if their recruit more people into the scheme.
Participants said that as soon as they paid their money to the “WhatsApp stokvel”, the rest of the members disappeared.
Andrew Lukhele, founder and chairperson of Nasasa, warned that these WhatsApp stokvels are pyramid schemes.
As it is a pyramid scheme, only a few people who form part of the stokvel will get paid out. The rest will lose their money.
Lukhele warned that criminals are using the popularity of stokvels to promote their scams.
The SA Police Service (SAPS) has also warned South Africans about these scams, saying that members of cash savings clubs (stokvels) must be cautious.
The SAPS said it has received multiple complaints from people who were scammed by criminals through a WhatsApp stokvel.
The police have asked the victims of the scams, or those who have knowledge about them, to contact the SAPS Crime Stop helpline on 0860 010 111.
Published by Kirsten Jacobs for Cape Town Etc
An app for citizens to use in the fight against crime has been launched by the South African Police Service (SAPS). Called My SAPS, the app was developed by Vodacom and will be available on both Apple and Android devices.
The app is described on the App Store as a way of “enabling everyone to contribute towards building a more crime free society”.
“My SAPS is a free application available for iPhones and other smartphones, provided by the South African Police Services,” it says on the App Store. “My SAPS will allow you to submit crime tip-offs (anonymously) to the Crime Stop Centre and send updates.”
The app allows users to submit anonymous tip-offs and call crime stop.
“It also allows you easy access to all SAPS Stations information using the SAPS Station finder, as well as all SAPS Social Media platforms.”
Users can find their closest police station using the app.
Download it for Android: https://tinyurl.com/y5s8z3u9
Download it for iOS: https://tinyurl.com/y5orqtou
The occurrence of ghost employees on a company’s payroll system ranks as the most difficult type of payroll fraud to detect, particularly in larger companies where no proper controls exist. Over time, this can pose a serious threat to the organisation’s profitability and sustainability, declares CRS Technologies general manager Ian McAlister.
“A ghost employee is a fictitious person on the company payroll who does not actually work for the organisation,” he explains. “It could be someone who left the company or passed away, or even a fictitious person with a fake ID number but valid bank account into which a salary is paid each month. The holder of the bank account is usually the perpetrator of the ghost employee fraud.
“Another example is when a real employee appears twice on the payroll. This is done by using a different ID number to create a clone of someone. The employee’s salary is then split between the two identities but only one identity receives a tax certificate, enabling the perpetrator to declare less than what he/she actually earns to the tax collecting authority.”
It goes without saying that failure to detect ghost employees can result in considerable financial loss over time. Consequently, McAlister says companies should seriously consider implementing a robust automated payroll solution that will reduce opportunities for creating ghost employees.
“The payroll solution should feature ID number verification so that if someone tries to enter a ghost employee on the system, it will immediately reject the ID number as invalid. The CRS solution, for example, incorporates ID numbers which are attached to each employee. Each number is unique and cannot be duplicated. This means that an employee cannot appear twice on the same system.”
Audit and risk management policies that facilitate the development of controls to aid in the prevention and detection of any type of payroll fraud are also extremely important, McAlister continues. He recommends carrying out audits at least once a quarter to ensure that the number of employees on the payroll actually exist and equal the number of people employed.
“Perform frequent spot audits to check that employees’ earnings, allowances and other remuneration additions are correct and in accordance with their employment contracts. Any changes to an employee’s earnings must be approved by a senior manager and not the payroll administrator. If possible, a multiple-party approval process should be followed to mitigate collusion. It is also advisable to run comparison reports between various payroll periods. Any variance of more than a predefined percentage occurs should raise a red flag.”
McAlister points out that ghost employee fraud does not have to be perpetrated by the person who controls the entire payroll system. “Mostly it is done by the individual who authorises payroll payments or controls the addition or deletion of employees from the system. Once the ghost is created, payments are generated to the ghost without the need for additional action or review by the payroll team. All the perpetrator has to do is sit back and collect the payments.
“This being said, an indication that some type of payroll fraud is being committed could be when the payroll manager or administrator always arrives early and leaves late, and never goes on holiday or takes sick leave. Being away from the office will force them to give their work over to someone else, who may discover their crime.”
For businesses that cannot afford the luxury of an internal audit department, McAlister recommends entrusting their payroll to a third-party professional. “CRS’s outsourced payroll services includes multiple levels of accountability where different people manage different payroll duties. Fraudulent activity is further prevented by rigorous internal controls.”
“Payroll is often a business’s biggest expense. Organisations need to understand the potential devastation ghost employees and other types of payroll fraud can cause and take the necessary steps to safeguard against it,” McAlister concludes.