Select Page

WE live in times where fraudsters look like neighbours and sound like friends. When it comes to private and payment card information, make sure you understand how social engineering can be used to compromise your financial security.

Fraudsters are masters in social engineering, and know how to engage people in a way that creates misguided trust. It involves manipulating individuals via various channels such as phone calls, emails, SMSes and social media to divulge confidential and/or card information.



Some social engineering scams involve sending emails that seem to come from a legitimate source, for example your bank, requesting confidential information, like card numbers, passwords and so forth. (often as part of a required ‘update’ exercise) This is called phishing. Bank Windhoek, or any other financial institution, will never request information or prompt a response in this way. Pay close attention to the sender’s email address. It is likely a falsification of a known email address or domain, which might include subtle spelling errors such as [email protected] or [email protected]

Spear-phishing is similar to phishing. However, the attack is targeted at a specific company or person/group, and has a more personal feel to it. A mail would seem to be coming from a company head or department manager, requesting users to urgently click on a link or open an attachment. (Again, pay close attention to the sender’s email address and spelling). Such attacks often first acquire personal information via company websites or social media platforms such as Facebook, to create a sense of familiarity with the intended victim.

Vishing is the voice equivalent of phishing, and is the act of fraudsters engaging victims in a friendly and helpful conversation, claiming to be from your bank, and asking assistance with a mobile app upgrade, or security enhancement. These calls will also have a sense of urgency attached to them, i.e. ‘Your account might be compromised if you do not upgrade right now. Fraudsters will pretend to know staff, or inside information from your bank. This is the quickest way victims are lulled into trusting the authority and mandate of the caller. Victims are requested to enter information on the mobile app, to share or forward information, or to respond to a text message. Never obey instructions from a random phone call. Don’t ever share the OTP (one time pin) you receive on SMS in such a conversation with the caller. These pins are triggered only when a transaction is taking place on your account. If you did not initiate a transaction, do not help to complete a transaction! As far as your card information is concerned, and only if you initiated the call, only ever share the first six and last four digits of the card number.

SMShing involves requesting victims to follow prompts on SMS or social media. This can happen independently, or as part of vishing attacks. Again, no legitimate contact from any bank will request confidential information in such a manner. If you receive a suspicious or unexpected call from someone claiming to be from your bank, especially after hours, get a name, and instruct the caller that you will phone them back on the official number from your bank. Obtain this number yourself.

Reminding oneself that fraud is a continuing science and being aware of the various methods applied to obtain your hard-earned money, you will be able to identify a fraudster easier and protect yourself against their onslaught.

Latest posts by Uganda (see all)