Identity theft is a "social engineering" scam, says the SA Banking Risk Information Centre (Sabric), and starts with a criminal sending out a phishing mail or SMS to potential victims.
Phishing is a fraudulent attempt to obtain sensitive information, such as usernames, passwords or credit card details – often for malicious reasons – under the guise of electronic information from a trustworthy entity, says Wikipedia.
When the victim clicks on the link provided in the fraudulent mail or SMS, they are taken to a fake website, where they type in personal information – believing it to be a legitimate request from a reliable person or institution, like their bank.
The criminal can then use this information, for example accessing their banking profile and committing fraud on the victim’s bank account.
If necessary, the fraudster can also use the data obtained to do a SIM swap on the victim’s mobile phone number, receiving any one-time password (OTP) or security questions that would enable the transaction to take place.
Alternatively, the fake website could even ask the unsuspecting to supply the OTP when it is sent to their cellphone – and the criminal could then use the OTP to draw cash or transfer funds to their account.
SABRIC tips to protect yourself from identity theft:
· Only provide your credit card details to reputable companies.
· Store personal and financial documentation safely – always lock it away.
· Never provide your online ID, password or PIN to anyone, and never write them down or share them – not even with a bank official.
· Never respond to communications which appear to be from your bank, that request personal information.
· Change your PIN and passwords frequently.
· Place sensible transaction limits on your accounts.