It’s a familiar scenario: you open your inbox and there’s an email congratulating you on your million-dollar win. All you have to do is click the link to share all your account details and pay R500 to cover the transfer fee. It can be pretty easy to scoff at examples like this. After all, you’d never fall for it, right?
But losing money to a scam is much easier than you’d think. To prevent it from happening to you, we’ve teamed up with Get Safe Online's fraud expert, Tim Mitchell. Follow his tips to keep your money and identity safe online.
The biggest issue at the moment is people falling victim to what we call “social engineering” fraud. This is simply manipulating or tricking someone into performing certain actions, such as divulging personal or financial information. In other words, a con.
Unfortunately, financial fraud has always been a massive issue. Nowadays, we spend more of our lives online, which means that more people are becoming vulnerable to this type of fraud and losing money because of it. Social engineering is easy to avoid if you know the warning signs.
Social engineering scams come in all shapes and sizes, ranging from the ridiculous to the nearly impossible to identify - and people are falling for these every day. Here are the mains ones you should be aware of:
Email scams: These are very common, so make sure you pay attention to what lands in your inbox. Fraudsters often pretend to be someone official such as a bank, online retailer, or government agency. They’ll ask you to share confidential information, such as your banking details or login details to your accounts. Some fraudulent emails contain an attachment that, if clicked, can lead to a virus or spyware being downloaded onto your device.
Social media scams: We’ve seen a big rise in people losing money through social media, and I think we’ll see this one grow over the next few years. For example, catfishing scams – where someone creates a fake identity to forge a relationship with you and trick you into parting with your money or sensitive details – are becoming increasingly popular.
If you have been a victim of either of these scams, fraudsters may have access to your personal details. Jointo find out whether you’re at risk.
Some of the most convincing scams don’t happen online, and fraudsters will attempt to trick you through phone calls. This is because you are more likely to trust a person’s voice than a typed letter.
For example, you may get a call from someone claiming to be from your bank. They will tell you that your account has been hacked or taken over by an unauthorised user and that they need your permission to move your balance into a new account. In reality, a bank would never request this.
Another kind of phone call scam is the “computer support” scam. Imagine your computer suddenly gets locked by ransomware. You may swear that, knowing the dangers, you didn’t click on any links or attachments.
However, it may not occur to you that the friendly call you had with the “Microsoft” support team a couple of weeks earlier could have been with fraudsters trying to gain access to your device. In some cases, you may have even been duped into paying them for their “service”!
Through, you can gain access to security tips, such as how to secure your accounts with two-factor authentication and understanding the value of using a password manager.
Is the email threatening you to take action immediately?
Any email that asks you to take action urgently should be treated with caution. It’s designed to make you flustered in the hope that you’ll make a mistake.
Have you been promised a reward, a competition prize, or a tax refund?
Any email or call claiming to give you money should be considered carefully – especially if they are demanding your personal details to claim it. If you reveal your login details, a fraudster will have free rein to your bank account (and other accounts if you use the same details).
Is the email personalised to you?
Generic greetings, such as “Dear Sir/Madam” or “Dear valued customer”, suggest that this email has been fired off to as many email addresses as possible, in the hope that at least some people will bite.
It can be tricky to identify a dodgy link. The key is to check that the domain name matches the legitimate one (which you can find through a quick google search).
Here’s an example. Let’s say you receive an email asking you to follow a link to reactivate your PayPal account. How can you tell if these links are the real deal or fake?
The trick here is to look for what’s in between the “www.” and the “.com” part of the URL. This is the true domain name and tells you what site you'll be accessing if you click on it.
You can see that, in reality, none of these have the official domain names of PayPal: paypal.com or paypal.com/za – where the latter is the legitimate South African branch of the PayPal site.
From the examples, the first may have PayPal in it, but it’s really taking you to a site “paypal-reactivate.com”, the second to “reactivate-account.com”, and the third is directing you to the even dodgier sounding “11982pypl.com”.
If you’re not sure about a link, copy and paste it into a Word Document before clicking on it so that you can inspect the full address.
Unfortunately, a fake email is one of the hardest things to spot as fraudsters can be pretty cunning. Let’s look at another example. Which of these do you think could be a fraudulent account?
Surprisingly, both of these addresses are probably fake. With the first one, the domain name is “accounts.com” so this could be from anyone. Always check that the correct company name comes after the “@” because it will confirm who the email is really coming from.
The second one is easy to miss, but the giveaway here is that there are a few spelling mistakes, including in the name of the bank. This is another surefire sign of a scam.
If you remain alert while going through your emails and answering phone calls, you will be able to outsmart fraudsters and protect yourself from being scammed.
If you suspect your personal details have been compromised, you can sign up for. Among other things, we will scan the internet and find out whether you are at risk.