Hacking the human

Hacking the human – Setting up your personal firewall

Karen Meyer

editor at Investec Private Banking

Admit it. You think of a hacker as a hoodie wearing, anti-social millennial, typing reams of code into his super computer to hack into your accounts.

It might be true for some, but fraudsters are master manipulators. In fact, hacking is 99% human manipulation. They pretend to be from a trusted organisation, like Investec, with your best interests at heart. The email has the right logo, the voice on the phone sounds confident and sincere. They lull you into a false sense of security and make you believe that it’s completely fine to click on a link in an email and type in your username and password or give a one-time PIN over the phone.

Kevin Hogan, head of Fraud Risk at Investec Private Banking, comments, “The truth is that you can have the latest firewalls and anti-virus software installed on your computer or SPAM detecting apps on your phone, but if you willingly divulge personal information, the fraudsters have all the information they need to access your accounts and defraud you. All your security measures are rendered ineffective in an instant.”

If you willingly divulge personal information, fraudsters have all the information they need to defraud you.

So, what can you do to be less hackable?

Be very selective about what you share online

Think of social media as a big public billboard. Would you allow a copy of your ID or passport to be printed on it for all to see? Probably not.

“Social media is a very public forum - you’re disclosing personal information every time you post, check in, get tagged, fill out an online application or complete a survey. Even when you use navigation apps or subscribe to newsletters, you give your information away,” adds Hogan.

With all the information available publically, fraudsters can easily find out where you grew up and live now, where you work if you’re married and have kids, where you like to travel to, your education and general preferences.

“All this information can, for example, be used in vishing (voice phishing) and phishing (email) scams. By tailoring the scam to you, they can manipulate you into disclosing confidential and sensitive information (such as ID numbers, PINs, passwords etc) and then use this information to commit fraud,” explains Hogan. 

If you want privacy, you need to keep your information private. Be selfish with your personal information online, including the photos you post, and make sure you take the time to set your privacy and security settings.

Kevin Hogan
Kevin Hogan, Fraud Risk at Investec Private Banking

'If you want privacy, keep your information private. Be selfish with your personal information online.'

Be sceptical, very sceptical

Some of us question everything, but others want to believe in the good of all people. In the modern world though, you have to be informed, a bit cynical and tech-savvy.

If you get an email that seems to be from legitimate source, like your bank, and it asks you to click on a link and then enter your username and password – question it. Why would they need this information? They don’t. It’s a phishing scam to get your details and then access your accounts. Hogan remarks, “Even if you have a complex 15-character password, if you follow the link and enter it, you have given the fraudsters all they need. Be very cautious with emails that have generic greetings, poor grammar and spelling creates an unnecessary sense of urgency and includes links and attachments.”

One of the latest scams is where fraudsters phone you to ‘verify’ your account and asks you to give them the one-time PIN (OTP) they are sending to your cellphone. “A bank would never ask you to do that. You’re being vished. In reality, fraudsters have your credit card details, are making an online purchase and need your OTP to authorise the transaction. If you’re feeling uneasy and unsure, ask the person to call back later and get in touch with our 24/7 global Client Support Centre or your Private Banker,” states Hogan.

Be cautious online

When you’re shopping online, don’t enter your credit card details to make a purchase on an unsecured website, using public W-Fi on a public desktop. You’re handing fraudsters your information on a silver platter.

Hogan concludes, “Always use your own device on a secure Wi-Fi network and only shop on secure websites. Look for HTTPS and the green lock icon in the browser and shop with participating Verified by Visa merchants, where you need to validate the transaction by entering a PIN sent to your cellphone.”

Make sure you get SMS or email notifications for all your online transactions and check these carefully for any suspicious transactions.

 

If you suspect fraud, please get in touch with our 24/7 global Client Support Centre on +27 11 286 9663 as soon as possible.

Are you using ‘Manage my life’?

Available on Investec Online, Manage my life is designed to help you:

  • Organise all your personal information in one secure online place
  • Get alerts when important documents, such as a passport, are reaching an expiry date.
  • Keep a copy of all your career and educational qualification documents in one place
  • Save all account numbers and documents you need – such as club membership details, marriage certificates and social media passwords
  • Download and print the information or to give to a trusted family member, if necessary.