There have not been any arrests in connection with the case of a hacker who apparently siphoned off more than R500 000 from Absa account holders, police said on Monday afternoon.
Police spokesperson Superintendent Riaan Pool said investigators were working with Absa, but he could not divulge any information about the investigation on a day-to-day basis.
”The investigation will take time to complete and in the process many people might be questioned,” Pool said.
Absa said their clients should make sure they had the latest anti-virus applications loaded and warned against opening unfamiliar e-mails. Absa said it would hold talks with its larger competitors on Tuesday to discuss internet banking fraud.
The meeting will take place at Absa’s headquarters in Johannesburg at 8am and would likely take an hour, Absa group information security officer Richard Peasy said.
First National Bank and Nedbank had confirmed, although it was not immediately clear if Standard Bank would be represented.
”There was an attempt late today (Monday, to invite Standard Bank) … but we have not confirmed attendance yet,” Standard Bank echannels director Herman Singh said. ”It was a rather late call from Absa.”
The illegal transfer of cash was apparently carried out after the hacker obtained Absa clients’ bank details by sending them spy software — an e-mail that, when opened, recorded keystrokes and transmitted them back to the hacker. It was believed that the hacker obtained victims’ bank account numbers and personal identification number (PIN) in this manner.
Pool said police had received 10 complaints of fraud with the amount involved totalling R530 000.
The complaints were all laid at the same Cape Town police station in the course of the past two or three months, Pool said.
Banking Council spokesperson Claire Gebhardt-Mann said the hackers could be using home computers to steal the money from Absa, and not the system of the bank.
”Because they are finding it increasingly difficult to breach the banks’ own security systems, they are beginning to turn to weaker links outside of these systems, for example, internet service providers or the customers’ own PCs.
”In this specific instance, it appears that the loophole was not in the banks’ system but that home computers are being compromised,” Gebhardt-Mann said.
She said the banking industry should seek a solution to the problem and prevent fraudsters who continued to try new ways of stealing money.
The Banking Council advised the public to make sure that no one had unauthorised access to their computers.
Gebhardt-Mann advised bank customers to install the latest anti-virus applications on their computers, exercise control over the shared folders, and should not disclose their PIN to anyone, including bank staff.
FNB, Standard Bank and Nedbank said they had not experienced internet banking fraud.
”To our knowledge, we have not had an event similar to the Absa incident recorded as having been perpetrated against a Standard Bank customer,” Singh said.
”Standard Bank is as concerned as the other banks about online security,” he said. ”In the online environment, the user being more alert, aware and disciplined in terms of general online security practices can improve his or her security.
”This includes regularly updating anti-virus software, updating the licensed copy of the PC operating system (which can be done online) and not opening any suspicious e-mails. – Sapa