---

Don’t be misguided by fraudsters

We live in times where fraudsters look like neighbors and sound like friends. When it comes to private- and payment card information, make sure you understand how social engineering can be used to compromise your financial security.
Fraudsters are masters in social engineering and know how to engage people in a way that creates misguided trust. It involves manipulating individuals via various channels such as phone calls, email, SMS and social media to divulge confidential and / or card information.

Some social engineering scams involve sending emails that seem to come from a legitimate source, i.e. your bank, requesting confidential information, like card numbers and passwords - often as part of a required ‘update’ exercise. This is called phishing.

Bank Windhoek, nor any other financial institution, will never request information or prompt a response in this way. Pay close attention to the sender’s email address. It is likely a falsification of a known email address or domain which might include subtle spelling errors such as [email protected] or [email protected]

Spear-phishing is similar to phishing, however, the attack is targeted at a specific company or person / group, and has a more personal feel to it. A mail would seem to be coming from a company head or department manager, requesting users to urgently click on a link or open an attachment. Again, pay close attention to the sender email address and spelling. Such attacks often first acquire personal information via company websites or social media platforms such as Facebook, to create a sense of familiarity with the intended victim.

Vishing is the voice equivalent of phishing, and is the act of fraudsters engaging victims in a friendly and helpful conversation, claiming to be from your bank and asking assistance with a mobile app upgrade, or security enhancement. These calls will also have a sense of urgency attached to them. I.e. “Your account might be compromised if you do not upgrade right now.” Fraudsters will pretend to know staff or inside information from your bank. This is the quickest way victims are lulled into trusting the authority and mandate of the caller. Victims are requested to enter information on the mobile app, IBank or Cellphone Banking, to share or forward information or to respond to a text message. Never obey instructions from a random phone call. Don’t ever share the OTP (one time pin) you receive on SMS in such a conversation with the caller. These PINS are triggered only when a transaction is taking place on your account. If you did not initiate a transaction, do not help to complete a transaction!

SMShing involves requesting victims to follow prompts on SMS or social media. This can happen independently or as part of Vishing attacks. Again, no legitimate contact from any bank will request confidential information in such a manner. If you receive a suspicious or unexpected call from someone claiming to be from your bank, especially after hours, get a name and instruct the caller that you will phone them back on the official number of your bank.

If you suspect that you fraudsters are attempting to engage with you, call your Bank Windhoek Branch immediately or report the incident to our Customer Contact Centre at
061 299 1200.


By André Smit
Head: Risk Management