By Ogova Ondego
Published January 31, 2017
Fact 1: If you use any credit card, online banking or money transfer service like M-Pesa, PayPal, Visa or MasterCard, this article is written for you.
Fact 2: An online crime occurs around the world every five minutes.
Fact 3: Internet security specialists say that cyber criminals are ever on the prowl, looking for any gullible or vulnerable individual or organisation from whom to steal money.
“As cyber attacks are growing in their complexity and frequency, enterprises are increasingly at risk of falling victim to a wide range of browser-based attacks,” Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies, is quoted in an article on commatterskenya.com as saying.
But did you know that you can minimise, if not prevent, your falling victim to web-based malware, phishing and credential theft attack?
PayPal Holdings, a United States of America-based company that operates a global online payments system that supports online money transfers warns that you have to be extra careful with e-mail messages.
“An email really coming from PayPal will address you by your first and last names or your business name,” the company says in its message to PayPal users.
Saying PayPal “will not ask you for sensitive information like your password, bank account or credit card details,” PayPal says “Most fake emails threaten that your account will be in jeopardy if you do not take action immediately. An email that urgently requests you to supply sensitive personal information is usually an attempt at fraud.”
Oh, did I say exercising ‘vigilance’, ‘common sense’, ‘caution’ and some ‘media and information literacy’ would save you from potential fraud?
Yes, that and a little more can save you from losing your money to fraudsters.
“Fake emails,” PayPal says, “often contain misspellings and grammatical errors or are written in a language which you did not set as preferred for your PayPal account. Remember not to click any links in suspicious looking emails.”
Standard Bank of South Africa, too, that asks its customers to be careful when transacting online to prevent possible identity theft as that is what leads to fraud, advises that you think before you click any link
“Move your mouse over the link in the email,” the bank says. “This shows the actual web address that you will be redirected to. It is always safer to type out the full website address into your browser than to click on a link.”
The Bank, that trades across Africa, advises that you not:
• Be pressurised due to urgency
• Relax controls and procedures
• Proceed if you have any doubts, and
• Use the number provided by a caller or provided on a faxed letter.
“Online banking systems are under constant threat of violation thus security is something that everyone has to be aware of. This includes the bank as a developer of transactional banking systems as well as you, the user of these systems,” the bank says on its website.
Standard Bank says you can reduce your exposure to criminals by doing the following:
• Physical Environment
Ensure that computers that are used for transactional banking are in a secure place and cannot be accessed by un-authorised people. These computers should never be left unattended unless they are locked or shut down. All machines must be equipped with the latest spyware and anti-virus software.Don’t do your online banking at public access points such as internet cafés or on unfamiliar computers.
• User Profiles
Ensure that only the right people have access to the right information and functionality on the system. It is about defining what they should be able to see and do on the system so, if they don’t need to know what the account balances are, don’t give them access to balances and statements.
• User Habits
a). Protect your user ID and password. These should be kept secret and NEVER shared with anyone – not even the bank – and they definitely should not be written down anywhere.
b). Select strong passwords such as one that includes a combination of numbers and letters (in upper and lower case) and a few characters such as * or # or other options available on your keyboard. Strong passwords do not include names or dates that could easily be associated with the user.
c). Keep your computer shut down or locked whenever are away from it so that no one else can access it.
d). Change your password frequently so that if a password has been compromised, it cannot be used for too long (especially if the operator doesn’t realise the breach has occurred).
• Tracking tools
Refer to your bank’s tracking tools on a regular basis to identify unusual system activity or user behaviour. They include:
a). Audit trails to monitor access and usage by staff, and
b). Log usage statistics which can be viewed, printed or downloaded.
Finally, it is really important that you stay abreast of trends so that you are aware of the latest scams and know exactly what to look out for so that you don’t get caught out.
This is when unwarranted/ sensitive information about an account is requested through either an illegitimate phone call or e-mail like the one Paypal has referred to earlier in this article. This is aimed at getting login information from you, the user.
a). Don’t give away personal/financial information on a suspicious e-mail
b). Don’t give out your passwords to anyone including bankers/ superiors
c). Authenticate the source of the e-mail (type-in the URL if necessary)
ii). Email spoofing (identity theft)
This is when hackers send out forged emails, making it seem like the email is from someone or a company it’s not.
Hackers spoof mail headers in email messages to fool spam filters into letting certain emails through. Hackers then pretend to be someone else, and because you’re more likely to open an email from someone or a company you know than an email from a total stranger, they trick you into opening the forged email, asking you to make a payment or to reveal personal and confidential information.
While there isn’t a way to stop spoofing, there are some basic security steps you can take to protect your email account.
a). Always verify sensitive messages or instructions you receive via email by calling the sender first
b). Use your primary email account to communicate only with people you know and trust
c). When you share your email address on a website or post information on a public online forum, use a generic email account that you won’t mind to delete later
d). Do not leave your email open or at least not maximised on your computer screen when you’re not actively using it.
Standard Bank advises you to “Never reveal personal or financial information in an email, and do not respond to emails asking for this information” as it “will never request sensitive information online.”
a). If you are unsure of whether an email request is legitimate, try to verify it by contacting the organisation directly. Remember not to use the contact information provided on the website in question
b). Be suspicious of unexpected or unsolicited phone calls, email messages or even personal visits from individuals asking about employees or requesting other internal information. Always try to verify the identity of the person directly with the organisation from which they claim to represent
c). Never give your access or PIN details to anyone, not even to bank employees.
iii). Website security guidelines
a). Be cautious when following links sent in emails. If you’re suspicious, always type in the website address you usually use, rather than clicking on any links provided
b). Pay attention to the URL contained in an email. The URL may seem legitimate at first glance, but if you look closely, malicious website URLs differ slightly and may use a variation in spelling or a different domain (for example, .com vs .net)
c). Install and maintain anti-virus software, firewalls and email filters to reduce your risk of becoming a victim of fraud.