Security centre

 

Virtual or dynamic keyboards are designed to reduce the risk of programs that download themselves to your computer and create keystroke log that can be used to gain access to your accounts. Virtual keyboards are an important component in securing your online banking experience.
 

• Avoid using shared computers when accessing Absa Internet Banking.
• Avoid logging into Absa Internet Banking or using critical passwords at internet cafes, libraries, and other public sites to avoid the risk of information being copied and re-entered after you leave.
• Change your passwords regularly.
• Contact Absa Contact Centre on +267 315 9575 immediately if you suspect your online banking password has been compromised.
• Use a password on your computer to prevent unauthorised individuals from accessing your information.
• Disable the "AutoComplete" function of your browser.
• Always remember to log-off online banking and close your browser when you have finished.

 

How to recognise a phishing scam:

Don’t be caught out! Find out what you need to look out for to avoid becoming a victim.

Fraudsters often send out emails claiming to be from Absa (or other reputable organisations) – commonly known as ‘phishing’ - many of which look very authentic as they make use of the Absa logo and corporate colours to convince you that the email is legitimate.

Often, the content of the email makes reference to your account being suspended, and the only way you can stop this suspension is to click on the link supplied and update your personal details. Although this link does not link to the real Absa website, these websites are usually designed to look exactly like the Absa site, and it becomes difficult to differentiate between this site and the real site.

 

There are some recurring themes that you can look out for when you receive an email, including:

• Terrible grammar
• Strange email addresses/Unknown email addresses
• A request to click on a link in an email

Never reply to a spam email - This only confirms that your email address is active, and will spur the fraudsters on to send you even more spam.

 

Delayed phishing attacks:

In some cases, fraudsters may obtain your access credentials long before any attempt is made to defraud your account. It is very important to change your banking logon information such as your username and password regularly to prevent delayed phishing attacks.

 

Steps to avoid being a victim of phishing attacks:

Although we have a number of security measures in place to protect you, your awareness is the key to avoid being a victim of phishing attacks, so bear the following in mind when you receive an email claiming to be from Absa:

• Never reply to these emails, and don’t click on any links
• Never provide your personal details such as your PIN or account details via email or on any links within these emails. We already have information like your ID number, cell number and email address and will never ask for them via email.
• Never navigate to our site using a link from an email – always type in the address.
• If you receive eStatements – make sure that you are opening a legitimate statement.
• Delete spam emails immediately. Even a request to remove your email address from the mailing list will confirm to the fraudsters that your email account is active, and could open you up to more attacks.
• Never open an email attachment unless you know who sent the message.
• Use the latest browsers, which come with filters that alert you when you visit a website that contains potentially unsafe website.
• Absa will never send you a letter or email asking you to complete your personal details by clicking on a link in an email.

 

It is vital that you are aware of some measures that you can take to make you more secure online, such as:
 

• Always keep your personal access information secure, and change your PIN and passwords regularly.
• Never open a link or an attachment within an email claiming to be from Absa as this may link to a fraudulent website or download a virus or key logging software that will compromise your security.
• Be aware that phishing scams have also been received through instant messaging systems such as Google Talk or Skype; as well as through social networking websites such as Facebook. When in doubt of the authenticity of a link or a claim, simply don’t click it.
• Install good quality security software and ensure that you have updated to the latest version of your browser. Most of the newer browsers have the inherent ability of detecting fraudulent websites.
• Don’t bank or shop online when using a public terminal such as those found in internet cafes, hotels, coffee shops or student labs. Key logging software could be present on the computer, and will send all your personal information to the fraudster, who could then use this information to clear out your account.
• Before you bank online, ensure that you are actually within the secure internet banking website. Once you visit our site and click on the internet banking link, you will be redirected to an available banking server. Once there, check the browser address. It should begin with ‘https://’ (not ‘http://’). Also check the browser for a closed lock and/or key icon – which should either be at the top or the bottom of the screen.
• When leaving your computer, always end the current session by closing your browser window, and never leave your computer unattended during an internet banking session.

 

With the convenience of mobile banking, comes the responsibility of ensuring the security of your account:
 

• Don’t store your password or pin in clear text on your mobile device.
• Install antivirus software on your mobile device and scan your device regularly.
• Be wary that a 'jailbroken' device will weaken the security of your mobile device. The Absa App will not work on a jailbroken device.
• Enable the lock screen on your phone. A password or pin is always more secure than other lock-screen options.
• Turn off your wifi or data connections, when not in use.
• Use the latest software version.
• Be as vigilant on your smartphone or tablet as you would be on your computer.
• Don’t leave your tablet or mobile device unattended while you have your banking profile open.
• If your tablet or cellphone is stolen, remember to unlink it from your device access (this can be done on internet banking under your profile).
• Be careful when using public wifi or hotspots to do your banking.
• Always remember to log out once you have finished banking.

 

We will not ask you to confirm the following telephonically:
 

• Credit card expiry date
• 3-digit number on the back of the card
• Secure code/OTP number
• Your PIN (you will only be required to use your PIN or OTP number when transacting)
   

When we contact you, we will have your card number and you will only need to confirm a few digits.

If you receive a secure code/OTP and you are not transacting, please contact our Customer Service Line on  +267 315 9575.

 

Have you been asked to change the bank details for a client or supplier? This may be an attempt to defraud you.

Change-of-bank-account-details scam is clients receive requests, purporting to be from genuine clients or suppliers, asking them to change the bank details used for electronic payments.

These perpetrators go to the extent of diverting correspondence from the targeted business to verify the notification to one of them, who will then validate the instruction. Always make sure that it is indeed your supplier that you are communicating with.

If you believe you are a victim of this type of fraud, report it immediately to your relationship executive. Use the Absa Customer Service contact centre on  +267 315 9575 or visit the nearest police station.

 

Some recommendations to reduce the risks:

• The counterfeit invoice and covering letter may be printed on a scanned copy of the company’s letterhead and the logo may appear somewhat blurred
• False confirming emails may be sent from almost identical email addresses, or addresses that differ from the genuine one by perhaps one letter that can be easily missed
• Always confirm any request to change bank details with your usual contact
• Instruct staff responsible for paying invoices to check invoices for irregularities and escalate suspicions to a known contact
• Consider setting up designated single points of contact with companies to which you make regular payments
• Shred your business and supplier invoices or any communication material that may contain letterheads
• Don’t publish your bank account details on the internet, as this is company private information that can be used fraudulently
• Consider reviewing previous requests to change account details to confirm they were genuine
• To prevent your clients from acting on an instruction purporting to be from you, alert them to this type of fraud

 

Individuals:

• Carry as little cash as possible.
• Pay your accounts electronically.
• Make use of mobile banking.
• Make use of internet transfers or ATMs.
   

Businesses:

• Alternate the days and times you deposit cash.
• Never make your bank visits public.
• Don’t openly display your money in the bank queue.
• Avoid carrying money bags or openly displaying deposit receipt books.
• Visit different branches to ensure your banking pattern is not recognisable.
• Consider a cash management service.
• Don’t pay wages in view of the public.
• Don’t use a company-branded vehicle to go to the bank.
• Use an electronic alternative to pay wages.
   

Savings clubs:

• Don’t make cash deposits on high-risk days.
• Let someone accompany you when you deposit.
• Let members deposit funds directly into the account.
• Arrange electronic pay-out to members’ accounts.

 

What is Vishing?

Vishing is a telephonic fraud tactic that works similar to Phishing. The fraudster would contact you telephonically, pretending to be a bank representative or other authoritative person, who requires information such as your ID number, banking details and login credentials to your online banking profile, in order to solve a problem or prevent your account from being closed. Vishing is difficult to trace especially now that fraudsters can mask their numbers, leading a victim to believe that the call is from a legitimate source or by diverting their number to a legitimate number. Clients can protect themselves by always being vigilant and never sharing their PIN, password, passcode, and transaction verification or card CVV number with anyone.

 

 Vishing Tips:

• Be conscious of the fact that fraudsters are masking their telephone numbers in order to manipulate a client into believing that the call is from their bank or authorised personnel.
• Be aware that fraudsters are diverting their telephone number to the banks fraud hotline and requesting clients to call back on their number to verify that it is the banks fraud department. DO NOT call the number displayed on your phone screen and call the Absa Customer Care Contact Centre to report the suspicious activity.
• Be suspicious of any caller who asks for login information and passwords over the phone. Absa will not request your PIN, password, passcode, and transaction verification or card CVV number.
•  Never share personal and confidential information with anyone over the phone.
• If you receive a phone call requesting confidential or personal information, do not respond and end the call immediately.
• If you receive an OTP on your phone without having transacted yourself, be alert that the fraudster has used your personal information to make purchases online. DO NOT provide the OTP telephonically to anybody. Contact the bank immediately on  +267 315 9575 to report fraud.
• Be alert if you lose mobile connectivity under circumstances where you are usually connected, contact your service provider immediately to verify if you have been SIM swapped or number ported. Banks use your cellphone number to verify your identity and for you to verify high risk transactions. If you are a victim of SIM Swap or Number Porting Fraud, call our Absa Customer Service Contact Centre on  +267 315 9575 promptly to have your online banking service suspended.

 

SIM swapping:

If a fraudster has a false copy of your identity document, they can perform an illegitimate SIM swap with your cellphone service provider. The fraudster now has full use of your cellphone account and will receive messages intended for you. They will also receive the confidential banking notifications and approval SMSs that the bank sends to customers.

If they have already tricked you to give them your personal and account details, they can transfer money from your account without you knowing. If Absa becomes aware of a SIM swap, a temporary hold is placed on your account to allow you to authenticate yourself.
If the SIM swap was legitimate, you can wait out the 36 hours or authenticate yourself by calling our Contact Centre. Once you have been verified as the actual Absa customer, the hold will be lifted.

 

Porting:

Watch out for this cellphone scam that enables fraudsters to port your number and gain access to your accounts.

Fraudsters port the victim’s number from one cellphone service provider to another. Some cellphone service providers send SMSs for the account holder to confirm that they are transferring to another service provider. When these confirmation messages are ignored, the porting goes through and the fraudsters have access to the victim’s cellphone messages, including the approval SMSs that the bank sends to customers.

If they have already tricked you into giving them your personal and account details, they can transfer money from your account without you knowing. Always keep your cellphone switched on and don’t ignore messages from your service provider.

 

Twin SIM:

Be aware and pay special attention to all messages received from your network service provider regarding Twin SIM functionality.

Do not switch off your phone. Take note of any logon notifications when you are not logging on to internet banking yourself.