“Make sure you always have your bank’s hotline number stored somewhere other than on your mobile phone”
SABRIC, the South African Banking Risk Information Centre, has warned bank clients about protecting their mobile devices.
“The theft of mobile phones is not a new phenomenon, however, SABRIC is seeing an emerging trend where mobile phones that are being snatched from owners are affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime,” Susan Potgieter, acting CEO of SABRIC, said in a statement yesterday.
“Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment. Despite these benefits you must always remain vigilant because your mobile phone stores far more information than you may be aware of. This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account,” she added.
Potgieter pointed out that personal information was a valuable commodity for criminals and “because so much of it is on our phones, we need to take mobile security very seriously”.
She added that there were a number of ways that criminals could access information stored on a mobile phone if it is stolen, to try and defraud the owners.
“One way is to literally access all open applications on your unlocked phone and view your sensitive data. Another is to use social engineering to obtain your usernames and passwords stored in the cloud. Tactics used could be vishing, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PINs or passwords, or phishing, where you are sent an e-mail that you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PINs or passwords. Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited. In addition to social engineering, your credentials could also be compromised through shoulder surfing in public places such as restaurants.”
Members of the public are advised that if their mobile phones are lost or stolen, they should borrow a phone and contact their bank immediately so that they can deactivate their banking app, block cards on other apps containing their bank card details and block their bank account.
“Make sure you always have your bank’s hotline number stored somewhere other than on your mobile phone. If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to vish or phish you. If you receive an e-mail or SMS after doing this, don’t click on any links as these are not safe,” Potgieter said.
“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, however, their highest priority should be protecting their money.” Potgieter concluded.