SABRIC warns bank clients on new phone scam

The South African Banking Risk Information Centre (SABRIC) has sent a stern warning to bank clients regarding protecting their cell phones.

In a statement, SABRIC says the theft of mobile phones is not a new however SABRIC is seeing an emerging trend where mobile phones that are being snatched from owners, are affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.

“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously,” says Susan Potgieter, Acting CEO of SABRIC.

Potgieter says there are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you.

She further warned that criminals can access all open applications on your unlocked phone and view your sensitive data.  Another is to use social engineering to obtain your usernames and passwords stored in the cloud.

In addition to social engineering, your credentials could also be compromised through shoulder surfing in public places such as restaurants. In the event that your mobile phone is lost or stolen, borrow a phone and contact your bank immediately so that they can deactivate your banking app, block cards on other apps containing your bank card details and block your bank account, she says.

“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, and however, their highest priority should be protecting their money.” concludes Potgieter.


PINS & Passwords

•          Reset/change your passwords and PIN’s often.

•          Set different and complex passwords for each app or service. Ensure that these are not stored on a password manager app or on the phone itself.

•          Never save your banking app username and password on your device in the contacts or notes.

•          Never autosave your banking app username and password on your device.

•          Disable the autosave function on your smart phone.

•          Ensure that you have set additional security controls on your device for adding biometrics such as fingerprint or facial recognition, for instance you can enable your device to ask for the device password to add another person’s biometric on your device.

Social Engineering

•          Do not click links in SMS’s or emails stating that your lost or stolen device has been located as criminals use this as a way to get your banking app credentials.

•          Always be vigilant by being aware of who is around you when using your phone in public.


•          Treat your mobile device the same way you would treat your bank card.

•          Pickpocketing is prevalent so ensure that your handbag or and backpacks are properly closed or zipped.

•          If your mobile device is lost or stolen notify your Bank immediately to freeze your banking profile and prevent the perpetrators from using your banking app.

•          In addition, contact your mobile service provider to block/stop your SIM card and handset to prevent criminals from getting any One Time PINs for fraudulent transactions.

•          If your Apple device is stolen, log onto to your iCloud account to restore all factory settings so that all your personal data is wiped from the device.

•          Avoid using Public WiFi “hotspots”. It is risky to connect your smartphone to just any available WiFi hotspot. Savvy hackers can spoof a WiFi connection and gain access to usernames and passwords stored on your smartphone.

•          Consider keeping your banking app on two devices – this will enable you to block the stolen mobile from the other device and also change the log in credentials at a moment’s notice. Most banks will still ask you to call them to report the theft to ensure that all access is blocked for the stolen phone. Your bank can also advise how to get passwords changed.

•          When calling the bank to report the phone as stolen, request that they place a temporary hold on your entire account to allow you the time to change, replace and update all of your info.

Banking App

•          Always log out of your banking app manually once you have finished transacting.

•          Keep your daily EFT and ATM limits low as some banking apps and internet banking profiles will require that contact be made with the bank before the limit can be increased on your profile.