Publications
Partners
- Fraudsters are linking a smartwatch in their possession to peoples bank accounts through sending an SMS claiming that a postal charge is outstanding on a delivery.
- This category of scam is on the rise in South Africa according to a forensic investigator into cybercrime.
- Organised crime groups are often behind online scams.
- For more stories, visit the Tech and Trends homepage.
Scammers are sending South Africans a seemingly innocuous SMS pretending to be a postal service requesting a small outstanding payment to deliver a package. But, when the link in the SMS is clicked a smartwatch is connected to their bank account which is then used to fleece them of thousands through tap-to-pay transactions.
This type of scam is on the rise in South Africa, according to Craig Pederson, a forensic investigator, who is a director at TCG Forensics.
Here is how the scam works:
Victims receive an SMS prompting them to pay an outstanding postal charge for a parcel that is marked for them.
After clicking the link in the SMS, victims are taken to what looks like a payment portal where bank details, including their card number and CVV are entered to facilitate what they think is the small posting payment.
They will then receive an SMS that looks like a payment confirmation but is actually used to connect a smartwatch in the scammer's possession to their bank card.
And these days, smartwatches have a tap-to-pay function, meaning they can be used for transactions at retail outlets.
And if scammers keep these transactions low, they can fly under the radar for a while before the victim notices and freezes the card.
This is a technique known as ‘smishing’ or SMS phishing, and it enables a successful scammer to get access to a payment method that requires no further authorisation and can be used over and over again according to Pederson.
Helping victims of scams investigate the crime is amongst the work done by TCG Forensics.
He said:
Stronger bank policy
Given the increased popularity of smartwatches in recent years, one would have expected more stringent requirements to link a smartwatch to a bank card, said Pederson.
“It’s definitely a trend, we’re seeing more complaints of this type of fraud. What should be happening is that the banks should be insisting that cards loaded to smart devices like watches have to be authorised within the banking app and not just with a one-time pin.”
READ NOW | When buying puppies online, beware: Organised crime groups are robbing South Africans blind
He said he is aware of some people who have raised this concern with the Ombudsman for Banking Services.
Pederson said that at the very least it would be expected that a client would add a device like a smartwatch to their bank card from within their banking app.
Prevention
People should never click on any link that came through SMS, and rather go to the website of a company, log in, and operate from there.
People should also regularly check if they have been scammed by looking through their bank statements for errant transactions.
Anyone who establishes that they have been scammed should notify their bank as soon as they find out they have been scammed or are suspicious of what has happened.
“Beyond that point, they need to insist on a review by the bank to establish if an additional electronic device was used to process the transactions,” said Pederson.
“If the victim isn’t happy with the banks explanation of how the transactions were conducted without the presence of their physical card, they should approach the Ombudsman for an independent determination based on the facts of their incident.”
A wider issue
South Africa has become a hotspot for scammers to operate in due in part to a poor track record of investigating and prosecuting cybercrime.
READ NOW | South Africa on the verge of becoming 'cybercrime capital of Africa’
Organised crime groups are often behind the scams which can take many forms.
Common scam types include romance scams, bank impersonation fraud, puppy scams, and investment scams.
Cybercrimes can essentially be committed by anyone with a cellphone and an internet connection, but they can become quite sophisticated.
