Do not share your banking PINs or OTPs with anyone – banks included
In the past, bank robbers were brazen. They used weapons and physical intimidation to instil fear into staff, security guards and any customers who were in the branch. Their timing was considered. They would strike on the last day of the month, for instance, at a time of day when the branch cash levels were high and before too many people could cash their cheques.These days, stealing money is more sophisticated, although scare tactics and instilling fear in victims remain the same. In the digital age, the banking system's weakest link in customers losing their money, is customers providing their most powerful last line of defence to their accounts, their Personal Identity Numbers (PINs). Once a customer has disclosed their PIN to anyone, they are compliant in providing fraudsters to gain access to their account, and with it, all their hard-earned cash.
Bank Windhoek wants to remind the public to be vigilant this Festive Season as fraudsters are very active during this period, using tactics such as social engineering, which is the art of manipulating, influencing, or deceiving you to gain control over your bank account. Here is how this works:
What is social engineering?
Social engineering is a sophisticated tool that skilled scammers and fraudsters use to defraud customers of their money. Every day, fraudsters sharpen their skills and add to their sources of information to defraud hardworking people of their money. For example, they infiltrate closed Facebook groups, posing as individuals who invest money at high returns, offering business opportunities and targeting vulnerable people.
Another source of information for fraudsters is the telephone directory, freely available at post offices or online, where victims have their landline and mobile telephone numbers and physical addresses listed. Fraudsters quote these as part of the process to make victims feel more secure about whom they are talking to. Who else but my bank knows my post office box number or my street address? a victim may think. This guy says he is from the bank, and he is providing so much evidence that he is who he says he is, so I will share my information. Fraudsters are very persuasive, and smooth talkers.
Social engineering, however, does not always happen in just one phone call. Fraudsters often contact their intended victim over a few days, if not months, often posing as financial and investment brokers or bank employees, gaining the victim's trust a little bit every time, throwing in some personal details from the previous call, is your son still ill? Last time we spoke he had the flu. How was your holiday? The fraudster is artfully getting you to let down your guard and you start trusting him or her a little more. During one phone call, a bank account number may be shared. During another call a few days later, fraudsters could gain information about when money will next be deposited into your account. How much do you expect from the sale of your car? Your pension payout? When will that be deposited? And how much will that be? Once all the information for the scam is obtained, the scene is set for the next call, where they will force you to disclose your PIN.
What happens then?
A common tactic is for fraudsters to send the victim an SMS of a fake transaction notification shortly before making the call to the victim or during the call itself. This tactic prevents the victim from having time to verify the transaction's validity and creates panic. The fraudster pretends to be calling from the bank to verify the suspicious transaction and pressures the victim to divulge their PIN to prevent more money from disappearing from their account. At this point the victim is so distressed at having fallen prey to theft from their account, that to stop losing more money, they divulge their PIN.
Should you experience something like this, try to calm down and take a good look at the SMS notification number from which the SMS comes. Only trust the following Bank Windhoek SMS notification numbers. They are “29462” for transactions and “140295” for EasyWallets and IBank notifications. Be suspicious of other SMS notification numbers, also known as gateways. Keep the Bank Windhoek gateway numbers in a prominent place in your home for quick reference and compare them to the SMS number that is referred to in the call. If these numbers do not match, end the call immediately and contact your branch our Customer Contact Centre at 061 299 1200 to report the incident.
Who are the most venerable targets?
We have noticed that the fraudsters are targeting pensioners who are anticipating payments. We want to remind all customers of the Bank, especially senior citizens, not to give anyone their PINs. Should they receive calls from people claiming to be from Bank Windhoek and requesting their PIN urgently, they must end the call immediately and call their branch our Customer Contact Centre at 061 299 1200.
Modes of defence
A customer’s PIN and One Time PIN (OTP) are the last and most powerful lines of defence between a customer and a fraudster. Nobody other than an account owner must know their PIN, and the OTP serves as a second layer of security. OTPs are generated for you to gain access to your account while using internet banking. Your bank does not know your PIN or OTP and does not need it. Do not give your PIN or your OTP to anybody, including your bank, friends, and family.
What happens when one is defrauded?
When our customers fall prey to scammers and fraudsters and bring their cases to the attention of Bank Windhoek, we guide our clients through a specific process. The first step in the process is to register a criminal case with the Namibian Police. After that, the process becomes a criminal matter, and the Namibian Police investigates these cases. During this phase of the process, the Bank must comply with section 85 of the Banking Institutions Act, 2023, always assuring our clients of confidentiality regarding their cases.
*Johnny Truter is Bank Windhoek’s Forensic Services Manager.