South African Banking Risk Information Centre (SABRIC), on behalf of the banking industry, is warning bank clients about protecting their mobile devices, following a significant increase in phone snatching criminal activity.
The theft of mobile phones is not a new phenomenon, however, SABRIC is seeing an emerging trend where mobile phones that are being snatched from owners are affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit a crime.
“During 2020 a significant increase in Bank App fraud as a result of cellphone snatching was recorded,” it said in an annual report on crime committed last year. “It is important to note that there have been no reports where the banking app software was compromised to commit the fraud,” SABRIC said.
It said that although there are various methods and techniques used in mobile phone snatching modus operandi, the correct credentials are used to access the app. “These credentials may have been previously compromised through social engineering methods, such as shoulder surfing or phishing, however, in many cases, the credentials were compromised through vulnerabilities in the management of such information.”
For example, the credentials were saved elsewhere on the device or the same username and password were used across multiple apps. SABRIC noted an increase in the number of incidents involving SIM swops in 2020 with 26.11% (2,684) as compared to 8% (855) in 2019.
There are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you, the association said. “One way is to literally access all open applications on your unlocked phone and view your sensitive data. Another is to use social engineering to obtain your usernames and passwords stored in the cloud.”
Tactics used could be vishing, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PIN’s or passwords or phishing where you are sent an email, which you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PIN’s or passwords.
Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited. In addition to social engineering, your credentials could also be compromised through shoulder surfing in public places such as restaurants.
Insurance broker and risk advisory service, Aon said brazen criminals are willing to risk life and limb to snatch a R20,000 smartphone and make off with it – phones left on tables right next to you in restaurants, in vehicles hooked up to car kits, peeping out of back pockets, and even while in use and against your ear – its all fair game to criminals who will accost anyone to get their hands on a smartphone payday.
Criminals look for soft, distracted targets who are not paying attention to their surroundings, and usually strike at lighting speed, snatching the phone from your hands and then disappearing into a waiting car for a quick getaway.
With a booming illicit market for these stolen goods, Aon South Africa is warning consumers to be extra careful and vigilant, and to keep phones out of sight and safely stored away when not in use. Besides the theft of the phone, the big concern is that criminals are equally interested in the valuable personal data stored on the device.
“Criminals typically snatch your phone while you are busy on it and the phone is unlocked, giving them full access to everything on your cell phone. This includes banking apps, delivery services and any other personal information that can be used for fraud, such as a copy of your ID, bank statements, proof of residence in addition to full access to your e-mail and SIM card.
“Even if you have security measures in place, such as fingerprint readers or facial recognition software, criminals can bypass these measures in seconds, gain access to your information and then make your phone disappear on the illicit cell phone market,” said Ann Cloete from Aon South Africa.
“There are many ways that criminals can access and use the personal data stored on your mobile device – from viewing all your personal data, where you live, to social engineering to obtain sensitive data and duping others into thinking they are transacting with you, to phishing and SIM swaps, to conning you into thinking you are dealing with a legitimate service provider and compromising your passwords and pins,” said Cloete.
Aon provides the following tips to mitigate and manage your risk as far as possible:
Insure correctly for the replacement of your phone, Aon said. Make sure your mobile devices and those of your family members are specified under your All risks cover of your policy right down to the make, model, and serial number.
Some insurance policies also include cover for the mechanical and electrical breakdown of phones such as cracked screens, water damage and touch screen or camera damage.
Aon said it has a ‘Funds Protect’ solution, which covers you for loss from an account in your name as a result of a funds transfer that is irrecoverable from your financial institution or a third party. The cover is specifically designed to cover you for funds that are transferred out of your account, whether the loss from your account was authorised or unauthorised.
The cover provided by a personal Funds Protect policy will trigger in the event of:
“It is vital to contact your bank immediately should your phone be snatched or stolen in order to stop all transactions. Make sure that you have purchased enough Funds Protect cover in order to mitigate the full financial loss as the banks are not likely to reimburse any transactions related to the theft of a cellphone.
“For example, if you have purchased R25,000 Funds Protect cover but all your bank accounts are accessed, your losses could amount to much more than R25,000 and potentially be financially crippling. Funds Protect cover is relatively inexpensive for what it provides and will be a lifeline in the event of a loss of funds,” said Cloete.
Read: Capitec is on a hiring drive for 500 jobs – here’s what they are looking for
Click Here For The Original Source
Recently, SEC Chair Gary Gensler issued fresh warnings about cryptocurrencies amid Bitcoin's surge to a…
Pay Dirt is Slate’s money advice column. Have a question? Send it to Athena here. (It’s anonymous!) Dear…
By Virma Simonette & Kelly Ngin Manila and Singapore14 March 2024Image source, Presidential Anti-Organized Crime…
Technology has disrupted many aspects of traditional life. When you are sitting at dinner and…
Reports of suicides, missing bodies, sexual kompromat and emptied bank accounts as fake sangomas con…
A South African woman has been left with her head in her hands after she…