Phishing scams exploit upcoming VAT increase

THE VAT increase which is expected to come into effect on May 1 is being used by phishing fraudsters as bait to trick consumers, TymeBank has warned.

Phishing and vishing are cybercrime tactics used by fraudsters to mimic legitimate institutions like banks to trick people into revealing personal or financial details, including passwords, card numbers, or one-time passwords (OTPs). The scams use emails, SMSes, or fake websites to gain their victims' details.

“It’s not just banking customers who are being targeted. Anyone who has an account or subscription where VAT is payable, be that a mobile service provider, a retailer, a healthcare service provider or similar, is at risk,” says George Wandsella, head of Operational Risk and Fraud at TymeBank.

He said the fraudsters use fake notifications to create a sense of legitimacy and urgency, and entice users to click on links to “learn more”, “see updated charges/fees” or “verify your account”. However, the links usually lead to phishing sites which are designed to steal login details.

Wandsella said the latest scam was an indication of the growing threat of opportunistic cybercrime, with fraudsters targeting certain times of the year, such as holidays and tax filing seasons.

He urged customers to be cautious, "and to stop and think before they click’’.

Tips to avoid becoming a victim:

• Verify all communication and never share personal passwords, PINs, or OTPs. No reputable bank will ask for this information via phone, email, or SMS.
• Use multiple authentication factors including biometric authentication, such as fingerprint or facial recognition, to improve security on your banking app.
• Be alert to SIM swap fraud, which could be indicated by a sudden loss of mobile signal, SMS delivery issues, or unfamiliar SIM notifications. Get hold of your mobile service provider immediately and notify your bank.
• Verify unexpected callers. Be careful even if the caller ID shows your bank’s number. Fraudsters can spoof numbers to look legitimate. Rather hang up and call the bank using verified contact details.
• Keep your smartphone’s operating system and banking app updated to benefit from security enhancements available on the latest versions.
• Monitor your bank accounts. Check your transaction lists and enable real-time notifications to be alerted to unusual activity quickly. End suspicious interactions immediately. If you receive a suspicious or high-pressure call, SMS, or email, end the interaction immediately and report it to your bank directly.
• Be wary of urgency tactics. Scammers create a false sense of urgency to get you to take action. Always take time to verify requests, no matter how urgent they seem.

Independent on Saturday