Be wary of fraud
JAMAICANS are being warned to be wary of account rental schemes, a method of money laundering where a legitimate account holder colludes with a fraudster to use his/her banking account information to facilitate the usage or transfer of fraudulent funds.
“The fraudster will recruit account holders for a fee, request their banking information and debit/credit card and PIN, then proceed to lodge and withdraw fraudulent funds,” Dane Nicholson, manager special investigations at National Commercial Bank Jamaica Limited, said in a presentation during the Jamaica Bankers Association and the Jamaica Institute of Financial Services (JIFS) seminar last week.
Nicholson warned that currently in Jamaica, “there is an active social media recruitment campaign going on,” with “the creation of Instagram/TikTok/Facebook loader accounts offering persons a monetary incentive for the use of their account.”
Nicholson also looked into prevalent forms of smishing, another form of fraud committed through text messaging.
The experts stated, “This is a form of phishing executed over mobile text messaging. Victims are deceived into giving sensitive information to a fraudster. The fraudster uses automation to send blast text messages with links purported to be from a legitimate financial institution to several users. The victim is redirected to a fake website to fill out a form with personal information. This website is usually similar to the financial institution’s legitimate web page.”
According to Nicholson, this enables the fraudsters to take over the victim’s Internet banking profile or to create a new profile.
Fraudulent credit card activation may also result from information gathered from the fake website.
Nicholson highlighted common types of smishing as including: “Notification that there is a problem with your account or credit card; alerts that there are suspicious transactions on your account or credit card; and invitations to participate in surveys — these invitations may include a prize offer.”
Urgency
Nicholson noted, “There is usually a sense of urgency in the wording of the SMS messages.”
The expert advised, “Financial institutions will never send an SMS message asking for banking credentials or sensitive information. For example, usernames, passwords, account numbers or token codes, etc.
“Do not send sensitive information such as credit card numbers, card PINs or banking information to anyone via text messages. Carefully examine the spelling and grammar received in text messages — fraudsters are known to generally misspell, particularly URLs and e-mail addresses.”
Turning to another channel for fraud, Nicholson discussed vishing, often referred to as voice phishing where social engineering techniques and voice-altering software are used to convince persons to divulge private information.
How it works is that the fraudster uses fake caller IDs so that the phone number and area code appear legitimate. They then attempt to appear as a trusted financial institution to gain sensitive information.
Nicholson stated that in order to protect themselves, individuals should be wary of callers who may request sensitive information; be suspicious of phone calls from numbers not known to you; and immediately end the call if you suspect that it is a vishing attempt. Individuals should not not respond to automated voice messages.
Signs your SIM has been stolen
Nicholson said one sign for individuals that their SIM has been stolen is loss of cell service for an extended period and when the mobile phone is unable to send or receive calls and text messages.
SIM swap fraud is a type of identity theft where criminals obtain a new SIM card issued against an existing registered mobile number to gain access to sensitive information. A fraudster uses illegal means to collect personal information, such as name, phone number, address, passwords and answers to security questions.
The information is then used to convince the telecommunications employee to port the victim’s number to a new SIM card.
Nicholson warned individuals, “Avoid sharing personal information on social media platforms, especially those that may be answers to security questions,” adding, “Oversharing your mobile number can make you vulnerable.”
He suggests as well that telecommunication companies need to strengthen know your customer requirements and meanwhile, bank’s must devalue their reliance on SMS and e-mail verification.
The expert also highlighted social media phishing which is a phishing attack executed through social media platforms to steal personally identifiable information (PII). How it works is that the fraudster creates a fictitious website designed to capture confidential details or to cause a device to be infected with malware.
The victim is then encouraged to click on the link and enter their PII through the fictitious website via a social media post. The fraudster may create a fake social media account which is a replica of the genuine page.
Upon requesting assistance from the genuine social media account, the fraudster would use this opportunity to hijack the conversation with the unsuspecting victim by providing a fraudulent link from the fake page. This link will redirect the victim to a website designed similar to the original page with the intention of capturing the customer’s PII.
In order to protect social media accounts, Nicholson advises, ” Never provide personal/sensitive information through links; use unique login details for each account; choose strong passwords, keep it secure and ensure that it is changed frequently; use different passwords for different accounts; limit the information shared via social media; and be wary of links that redirect the user outside of the current application.”