VAT Alert or Scam? Stay Cautious of Pop-Up Messages

https://iframe.iono.fm/e/1547147?layout=modern" width="100%" height="170" frameborder="0

You can also listen to this podcast on iono.fm here.

JIMMY MOYAHA: We are approximately two weeks away from either the implementation or delay of a VAT [value-added tax] hike proposed by the National Treasury. During this period, there is still a chance that we could witness a budget vote or other announcements from the government.

Before the VAT hike takes effect or is postponed, however, we already have VAT scams making the rounds, and it’s crucial to examine how we can avoid falling victim to them because no one wants to be scammed.

Joining me on the line is George Wandsella, the head of operational risk and fraud at TymeBank, to help us unpack this situation. Good evening, George. Thank you for your time.

It’s alarming that even before an official announcement regarding a VAT increase, there are already VAT phishing scams in operation. Can you explain what a VAT phishing scam is and what’s taking place?

GEORGE WANDSELLA: Thank you, Jimmy. I appreciate being here. We’ve seen this issue not just at TymeBank, but across various banks in South Africa. Fake notifications are being sent to customers via email or SMS, urging them to pay attention to how the VAT increase will personally affect their accounts.

These notifications are often followed by links that direct customers to click for more information about changes to their accounts, such as fees.

These links typically lead to phishing sites or fraudulent websites aimed at stealing customers’ login information or other personal data.

This is a classic phishing scam that can occur at any time—not only with VAT increases, but also during tax season. The method may vary, but fraudsters are simply leveraging the excitement or concern surrounding VAT.

JIMMY MOYAHA: George, let’s start from the basics. Can you provide a recap of what exactly a phishing scam is and how it operates?

GEORGE WANDSELLA: Jimmy, it’s essential to go back to the fundamentals. Phishing scams, including vishing [‘voice phishing’], are designed to manipulate people psychologically.

Fraudsters often utilize a carrot-and-stick approach, where they offer something desirable to incite action.

For example, they might call you about a refund you’re entitled to or a package that will arrive shortly.

Customers get excited about potential rewards like deliveries or refunds—this excitement can cloud their judgment. Understanding this manipulation is crucial.

The other tactic involves fear, such as threats over the phone: ‘If you don’t act now, we’ll block your account,’ or ‘You’ve been defrauded, and we need to stop this immediately.’ This creates a sense of urgency and panic.

Once you recognize this psychological manipulation, you’re in a better position to protect yourself.

JIMMY MOYAHA: George, what security measures should customers implement when facing phishing scams? Each type of scam might have its own indicators.

GEORGE WANDSELLA: We advise customers to stop, think, and assess the situation.

If you feel pressured or overly excited to act quickly, take a moment to think logically.

Avoid sharing personal information out of fear or excitement during phone calls. Often, scammers may ask for your card number, or they’ll ask for your PIN or OTP sent to your phone. Always stop, think, and verify—that’s basic yet vital advice.

Additionally, fraudsters may use caller ID apps, like Truecaller, to mask their identity, appearing as your bank.

If you receive an unexpected call, it’s best to hang up and call your bank directly to confirm the legitimacy of the call. This is a key tip for protecting yourself.

JIMMY MOYAHA: Establishing a relationship with your bank can certainly facilitate verification. You can contact your bank to confirm any suspicious message or call. It’s convenient for them to confirm if it was legitimate or not.

George, what about tracking or reference numbers? In the past, we received these from banks. Should I ask for one when corresponding with the bank, and then use that to validate the information before proceeding with any transactions?

GEORGE WANDSELLA: You can do that, Jimmy. However, typically, if you call the bank, they can quickly access your account and determine if there was a legitimate interaction. A reference number can help but isn’t absolutely necessary.

JIMMY MOYAHA: George, are there additional tactics customers can use for security? We’ve discussed some warning signs, but what can I do to bolster my account’s security against phishing scams? Furthermore, if I’ve already interacted with a scam, what are the next steps?

GEORGE WANDSELLA: Absolutely, Jimmy. Before addressing how to safeguard your account, it’s crucial to note that banks constantly communicate important fraud information to customers. Banks invest significant effort into this—TymeBank does this effectively as well.

However, as consumers, we often overlook this information. Many scams are clearly described by banks, detailing how fraudsters operate and what tactics they employ.

Taking the time to read what your bank shares about fraud and self-protection can make a substantial difference.

As for securing your account, there are some basic steps to follow.

Firstly, implement multi-factor authentication on your banking app. For instance, use biometric authentication rather than relying solely on a PIN or password.

Fraudsters can sometimes guess PINs and passwords due to social engineering tactics. Using fingerprint or facial recognition is a significantly more secure option.

Be vigilant about SIM swap fraud. This is common; be attentive if you lose your mobile signal or if unfamiliar messages appear on your phone. Always check with your mobile provider and inform your bank if you suspect a SIM swap.

Additionally, verify any unexpected callers. If someone claiming to be from your bank reaches out, confirm their identity. If you feel uncertain or they’re requesting confidential information, disconnect and call the bank directly.

With most customers using banking apps now, ensure yours is updated to the latest version to benefit from security enhancements. Actively monitor your account, check notifications for any transactions, and keep an eye out for anything unusual so you can quickly identify and address fraud.

Any suspicious interactions, whether calls, SMSs, or emails, should be reported to your bank. Avoid clicking on unfamiliar links.

As a reminder, one of the most prevalent fraud tactics currently is ‘vishing,’ where scammers call customers to coax them into providing personal information or OTPs.

It’s critical to understand that banking apps are designed with robust security features, but fraudsters rely on customers compromising their information. Keeping this in mind empowers you as a consumer to make informed decisions and apply basic security measures.

JIMMY MOYAHA: The responsibility truly lies in the hands of consumers to ensure that they do their due diligence before transferring any funds.

We will wrap up the discussion on this note. Thank you, George, for the valuable insights and the time you’ve shared. George Wandsella, head of operational risk and fraud at TymeBank, has joined us to discuss the VAT phishing scam circulating and how to safeguard yourself.

For in-depth finance and business news, follow Moneyweb on WhatsApp here.