Phishing can cost you, big time

Sitting at your desk doing internet banking may make you feel safe. After all, it is not a bank, where someone can steal your bulging wallet when you step outside. But that friendly email claiming to be from your bank and asking you for your details could cost you and you alone.

If you fall foul of a phishing scam and give away your details because of your own negligence, banks are probably not liable, according to Aslam Moosajee of law firm Norton Rose.

Phishing is when fraudsters masquerade as a legitimate organisation, such as a bank. They create fake websites or send emails that appear to be from the organisation. Usually these ask customers to re-submit their personal and banking details, such as ID, pin and account number. If the customer does this his or her details are used to take money out of the account. International cyber security company Symantec says one in 319 emails worldwide is some sort of phishing attack.

Moosajee said a ruling last year in Nashua Mobile vs GC Pale CC showed the way for banks not to be liable. In this case Pale tried to sue Nashua after R160 000 was transferred illegally from its bank account. It blamed Nashua because someone performed a “SIM-swap”, which allowed the person to get the details of someone in the organisation and, therefore, the banking details.

This form of phishing occurs when someone manages to convince a cellphone company that he or she is another person. The phisher gets a copy of the person’s SIM and acts in his or her stead, taking all other information.

The chief executive of Absa, Gavin Opperman, said this scam is on the rise in South Africa.

Pale lost its case and Moosajee said what emerged from the ruling was that banks are not liable in cases like this. Instead, the customer’s “negligence” was blamed by the court, he said.

He said the courts understand that banks are doing “a lot to improve security”. As a result he did not know of any cases where a bank was held responsible. The ruling has not been tested.

Bongani Diako, spokesperson for the South African Banking Risk Information Centre, said his organisation is also “not aware” of any court cases where banks have been held liable for phishing.

In some cases, he said, banks have compensated victims.

Opperman said customers “should educate themselves” so that they can avoid such scams. This is the time of year when they start escalating, he said.

A report by Norton internet security earlier this month found that 84% of South Africans who are online have experienced a cyber-crime in their lifetime. The global average is 69%. And, although phishing is not the largest part of this, it is one of the most harmful.

Norton also found that the blame for this might lie with outdated security software — 24% of online South Africans are running old programmes.

Banks have reacted swiftly to phishing attacks in the past.

Last month Absa suspended all credit card payments to EasyPay, an online payment portal, because a third of all transactions had been fraudulent.

It was reported that R500 000 was returned to customers. Absa said it is investigating how much in total was stolen.

Although banks are safe from liability, Moosajee said he thought there was a chance of this being challenged under the Consumer Protection Act.

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Sipho Kings
Sipho Kings is the acting editor-in-chief of the Mail & Guardian

Related stories

Retailers and employers nailed in Covid-19 crackdown

More than 300 complaints have been lodged against unscrupulous suppliers and business owners, who are now under the microscope for violating the Disaster Management Act

SANDF colonel accused of swindling colleagues in UN business scam

A senior soldier who is part of South Africa’s peacekeeping missions is accused by her colleagues of swindling them out of of hundreds of thousands of rands in a nonexistent business deal

Polluting power plant faces closure

The environment department has lost patience with Eskom’s defiance of air pollution regulations

The decade that decides our fate

If we don’t do enough, in a decade’s time there’ll be droughts, floods, wildfires and crop failure on an apocalyptic scale

New rules for crypto-trading

Local regulation of cryptocurrencies could be implemented as soon as next year

Slice of life: Dumped: Popcorn, sex and gold

A look at what was once a landmark on Johannesburg’s horizon and central part of the Egoli story

The PPE scandal that the Treasury hasn’t touched

Many government officials have been talking tough about dealing with rampant corruption in PPE procurement but the majority won't even release names of who has benefited from the R10-billion spend

ANC still at odds over how to tackle leaders facing...

The ANC’s top six has been mandated to work closely with its integrity committee to tackle claims of corruption against senior party members

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday