Most frequent banking scams in Mozambique

As fraudes bancárias mais frequentes em Moçambique

With a rapidly evolving fraud landscape where fraudsters are leveraging the latest technologies and constantly refining their modus operandi, businesses and individuals should always be on guard to avoid falling victim to the latest scams which could potentially see them losing millions while also suffering reputational damage.

Lourenço Francisco, Fraud Prevention Unit Manager at FNB Mozambique points out that "considering the technological advances and the sophisticated nature of the scams going on nowadays, it is essential to adopt fraud detection and prevention measures. As such, to protect themselves, companies and individuals need to keep constantly updated on the rapidly evolving trends and fraudulent schemes. It is crucial for businesses to invest time, effort and resources that can prepare their employees to detect fraud in a timely and efficient manner.

In parallel to the growing use of digital channels, Mozambique has seen frequent levels of fraud and scams. According to Lourenço, the most recurrent scams registered, in Mozambique, are the following:

 

Company or individual data update request (KYC) - an SMS and/or email are sent to Customers, notifying them that the Bank is checking and updating his information, they are then requested to open a link to update their bank details. The page recreates the bank's official website, but it is a scam, Customers are prompted to provide information about their accounts and cards, and this is where the fraudster gets hold of the data provided by Customers. You should not provide, under any circumstances, identification and accreditation information by these means, if you have doubts you must contact your Bank.

Lost and stolen phone – Customers will receive an SMS prompting them to click to activate their “Find My Phone” app, even though they have their phone with them. By clicking the link, this allows fraudsters to gain access to the phone – compromising personal and business data.

Business Email Compromise – fraudsters use malware, at times combined with social engineering tactics, to gain unauthorised access to a business email account and change invoice and supplier banking details. Businesses often fall victim to this scam as fraudsters are constantly refining the modus operandi. However, the objective is always to get businesses to pay money over into a fraudulent bank account. Vital that companies validate any request to change banking details with a known contact and use contact details you sourced themselves.

Theft of Internet Banking Access Credentials - fraudsters gain access to the Customer's Internet Banking credentials in order to perform transactions using funds from the Customer's account. How do they do it? A moment of distraction is enough, by accessing Internet Banking in the presence of strangers, saving the access credentials in the browser, forgetting to "exit" the page when finishing operations or even writing the credentials on a piece of paper, the user weakens the security of the Customer's banking credentials. On the other hand, and to close the cycle, fraudsters obtain the 2nd copy of the Customer's SIM card from mobile phone operators, the number associated with his bank account, and start receiving OTP validation codes to confirm the transactions they perform.

Tender scams – scammers often impersonate Government departments and fraudulently get access to company data, banking details, goods and services by misleading businesses into believing they have secured a tender/contract. Be wary of unsolicited requests to tender. It is advisable to contact the department to validate the request. Furthermore, ensure you are aware with how Government procures goods and services. Visit the Government’s tender website for information on the tendering process.

Remote access – this happens when fraudsters gain access to your device or profile by enabling remote access tools to be installed on your device. It is advisable not to use public WIFI to access your banking App. Also, always cancel or delete access tools installed on your device that you are unaware of.

Card Switching at ATMs - often fraudsters pretend to be kind and helpful individuals ready to assist ATM users experiencing difficulties with transactions, and easily manage to switch the user's card, access the card's PIN and perform fraudulent transactions on the conned user's account.

Phishing, Vishing and Smishing – these are common identity fraud scams often carried out by email, voice or text or a combination of all the communication channels. Fraudsters use various methods to get sensitive personal or company data to be used for criminal activities. " It' s imperative that you contact your bank if you suspect that the phone number associated with your bank account has been changed or if you find yourself offline for a significant time period. Implementing adequate security measures and keeping on top of the latest scam trends is an important step to help safeguard businesses and individuals against recurrent fraud attempts", concluded Lourenço Francisco.

"You can't be too careful, especially on sensitive issues such as protecting the credentials of the digital access channels to the bank, the use of ATMs and the presence of strangers willing to "help", behavior of the cell phone network, it is essential that you contact your bank if you suspect that the number associated with the bank account has been changed or if you are without network for many minutes. Implement security measures

appropriate, keeping abreast of the latest developments are smart measures to help safeguard companies and individuals against recurring fraud attempts," concluded Lourenço Francisco.

Article Lourenço Francisco, Manager of the Fraud Prevention Unit at FNB Mozambique

Share this article

Leave a Reply