Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search

2017-09-27 » 2017-09-28
2017 IRMSA Annual Conference - 27 to 28 September

2017 Annual Conference Masterclass - 29 September

2017-10-03 » 2017-10-04
Risk based IT Governance (RITG) training – 3&4 October 2017

Risk Reporting Training - 10 October 2017 Durban

IRMSA Risk Chat
Blog Home All Blogs
Search all posts for:   


View all (61) posts »

Protection your personal information

Posted By IRMSAInsight, 29 June 2015
IRMSA Breakfast
15 June 2015 


Protection your personal information


Phishing pronounced “fishing” and derived by combining the words “password” and “fishing”, remains the most popular method of obtaining bank account details, usernames, passwords/pins and other personal information from victims. It is a social engineering technique and refers to the act of attempting to acquire this information by masquerading as a trusted source and deceiving victims into divulging the information.


In recent times a new variant of phishing has emerged with fraudsters now relying on smishing, short for SMS phishing, to send fraudulent text messages (SMS) to a victim’s cellphone.

Tips on how to Protecting Personal and Financial Information:

  • Change your account passwords/PINs frequently. As a minimum this should be done at least every six months.

  • Do not duplicate or reuse passwords/PINs across or for various accounts.

  • Never disclose any sensitive or personal information – login credentials, bank details or passwords/PINs – to any source, including persons claiming to be from your bank.

  • Do not open emails or reply to unsolicited SMS messages from unknown sources. Do not reply to, or enter into, any communication with the sender.

  • Beware of changes to login pages and websites where required to enter a password and other credentials. Ensure that the Internet banking webpage you are transacting on is secure, i.e. look for a padlock in the browser window and an address beginning with https. If unsure or suspicious, do not log in.

  • Avoid Internet banking activities on public terminals or in Wi-Fi hotspots. Fraudsters may easily access or collect information from unsuspecting users in these environments.

  • Never follow a link from an email to access an Internet banking site. Rather physically type the address into the browser.

Questions to ponder:

  • How do you educate and create awareness for keeping private information safe within your company?

  • Are there further tips or advice you can share around protecting personal information?

  • In your experience, is this a real risk or not? (Why/why not?) 




Internet Banking Fraud and SIM Swaps




SIM swap is a process that allows a mobile customer to obtain a new or replacement SIM card where this has been lost, stolen or damaged. Fraudulent SIM swap is a mobile-specific fraud type where the fraudster, pretending to be the customer, approaches the service provider and requests that an existing cellular number be assigned to a new or replacement SIM card.


Internet banking fraud schemes require fraudulent SIM swaps to be performed in order to intercept the customer’s SMS notifications, including ‘InContact’ or ‘Notify Me’ messages, one time PINs (OTPs) and/or verification numbers sent from the bank to the new SIM.


The following steps are usually involved in unlawfully accessing a victim’s online bank account:


  • The fraudster requires the victim’s personal and bank account details – including account numbers, Internet banking passwords and other related account information. Fraudsters adopt various schemes to deceive victims into disclosing this information, commonly using phishing/smishing (fraudulent messages sent via email or SMS) as referred to above.

  • As the victim’s online banking profile will be linked to his/her cellphone number, it requires the fraudster to be in possession of the victim’s SIM card resulting in the fraudster performing a fraudulent SIM swap on the victim’s cellphone number. 
  • The victim’s cellphone number may be obtained from various sources, including but not limited to consumer databases and social networking sites.

  • Once the fraudster has accessed the account, new beneficiaries may be created and funds transferred to these accounts. These funds will later be withdrawn.

  • Fraudulent SIM swaps are always preceded by victims being phished by the fraudsters and consequently disclosing their personal, banking and other relevant information. In the case of Nashua Mobile (Pty) Ltd v GC Pale CC t/a Invasive Plant Solutions, the court held that a SIM swap does not in itself enable a fraudster to commit fraud on a customer’s bank account.

  • In order to commit fraud on a customer’s bank account, the fraudster must have obtained the customer’s bank card/account number, internet banking PIN and password.


Tips to Safeguarding Against SIM Swap Fraud:


  • Always be aware of your cellphone‘s connectivity status. -  if you suddenly cannot make or receive calls or text messages (SMS), do not automatically assume that you have a problem with your network or handset. Immediately establish contact with your service provider (or network operator) to enquire whether a SIM swap has been processed on your number.

  • Never ignore a SMS message alerting you to a pending SIM swap request on your account. Contact your service provider immediately to confirm any requests on your part.

  • Should you receive a call or SMS from a source purporting to be your service provider requesting that you ignore a SIM swap SMS notification, contact your service provider urgently to report this.

  • Instruct your service provider to deactivate the SIM if an unauthorised or fraudulent SIM swap has taken place on your number and instruct your bank to monitor your account(s).


Questions to ponder:


  • How to educate and create awareness for keeping private information safe within your company?

  • How do you educate and create awareness for keeping private information safe within your company?
  • Are there further tips or advice you can share around protecting personal information?

  • In your experience, is this a real risk or not? (Why/why not?) 




Copyright © 2015 IRMSA - All rights reserved.

You are currently signed up to the IRMSA Risk Chat mailing list. To unsubscribe click here.

144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor

Tel: 011-555-1800 


This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
Permalink | Comments (0)
Sign In
Sign In securely