Phishing can cost you, big time

Sitting at your desk doing internet banking may make you feel safe. After all, it is not a bank, where someone can steal your bulging wallet when you step outside. But that friendly email claiming to be from your bank and asking you for your details could cost you and you alone.

If you fall foul of a phishing scam and give away your details because of your own negligence, banks are probably not liable, according to Aslam Moosajee of law firm Norton Rose.

Phishing is when fraudsters masquerade as a legitimate organisation, such as a bank. They create fake websites or send emails that appear to be from the organisation. Usually these ask customers to re-submit their personal and banking details, such as ID, pin and account number. If the customer does this his or her details are used to take money out of the account. International cyber security company Symantec says one in 319 emails worldwide is some sort of phishing attack.

Moosajee said a ruling last year in Nashua Mobile vs GC Pale CC showed the way for banks not to be liable. In this case Pale tried to sue Nashua after R160 000 was transferred illegally from its bank account. It blamed Nashua because someone performed a “SIM-swap”, which allowed the person to get the details of someone in the organisation and, therefore, the banking details.

This form of phishing occurs when someone manages to convince a cellphone company that he or she is another person. The phisher gets a copy of the person’s SIM and acts in his or her stead, taking all other information.

The chief executive of Absa, Gavin Opperman, said this scam is on the rise in South Africa.

Pale lost its case and Moosajee said what emerged from the ruling was that banks are not liable in cases like this. Instead, the customer’s “negligence” was blamed by the court, he said.

He said the courts understand that banks are doing “a lot to improve security”. As a result he did not know of any cases where a bank was held responsible. The ruling has not been tested.

Bongani Diako, spokesperson for the South African Banking Risk Information Centre, said his organisation is also “not aware” of any court cases where banks have been held liable for phishing.

In some cases, he said, banks have compensated victims.

Opperman said customers “should educate themselves” so that they can avoid such scams. This is the time of year when they start escalating, he said.

A report by Norton internet security earlier this month found that 84% of South Africans who are online have experienced a cyber-crime in their lifetime. The global average is 69%. And, although phishing is not the largest part of this, it is one of the most harmful.

Norton also found that the blame for this might lie with outdated security software — 24% of online South Africans are running old programmes.

Banks have reacted swiftly to phishing attacks in the past.

Last month Absa suspended all credit card payments to EasyPay, an online payment portal, because a third of all transactions had been fraudulent.

It was reported that R500 000 was returned to customers. Absa said it is investigating how much in total was stolen.

Although banks are safe from liability, Moosajee said he thought there was a chance of this being challenged under the Consumer Protection Act.

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever. But it comes at a cost. Advertisers are cancelling campaigns, and our live events have come to an abrupt halt. Our income has been slashed.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years. We’ve survived thanks to the support of our readers, we will need you to help us get through this.

To help us ensure another 35 future years of fiercely independent journalism, please subscribe.

Sipho Kings
Sipho Kings is the acting editor-in-chief of the Mail & Guardian

Zille’s tweets threaten her position as DA federal chairperson

Gauteng chairperson, Mike Moriarty, says the party needs stability, not controversy, at its helm

Cape Town suspends metro cops involved in eviction of naked...

Four police officers are being investigated after a video of them evicting a man, who had been bathing at the time, was circulated on social media

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday