By Rodney Hood Adriko
Fraud targeting bank customers has become increasingly prevalent in today’s digital era. The most common types of fraud in the market involved phishing, smishing, and vishing, where fraudsters impersonate bank officials to extract sensitive information. For example, a customer might receive a fake SMS, WhatsApp text or email that looks identical to official bank correspondence, prompting them to input their login credentials into a fraudulent website. When these are entered, the fraudster can access them and initiate unauthorised transactions. Digital banking comes with risk because the same way a legitimate customer can initiate transactions from anywhere, the fraudster equally can. Fraudsters are actively using fake banking websites and Social Media pages to deceive customers. Scammers have created counterfeit banking apps and websites that closely mimic official ones, tricking customers into revealing account details.
Recent fraud cases illustrate the vulnerabilities that customers face. In one instance, a customer received an email that appeared to be from their bank, urging them to update their account details. The link led to a fraudulent website, where the customer’s sensitive information was stolen, resulting in unauthorised withdrawals. In another case, an unverified Social Media page asked customers to provide sensitive information in the guise of resolving their complaints. Just recently, in the UK, actor Niall McNamee’s phone was snatched on the train, leading fraudsters to steal over £21,000 from his bank accounts and take a £7,000 loan. This shows that these cases are not only happening in our region, but worldwide.
To safeguard their accounts, customers should avoid clicking on unsolicited links or sharing sensitive information. For example, if a customer receives an email stating their account will be locked unless they verify details, they should contact their bank directly through official channels. It is also crucial to regularly update passwords and use strong, unique combinations. Enabling two-factor authentication (2FA) such as One Time Passwords (OTP) adds an extra layer of security. Customers should also monitor their transactions frequently and report any suspicious activity. SMS alerts ensure that the customer is notified of all transactions. For online transactions, Dynamic CVV should be adopted such that in case of loss, the static CVV on the card can not authorise online transactions. Furthermore, customers should only interact with official and verified banking Social Media pages and reject unsolicited online support. A bank would never ask customers for their PIN and password. Finally, whenever customers’ phone or cards are lost or stolen, their Bank should be the first contact.
Recognising red flags in transactions and communications is vital for fraud prevention. Unsolicited requests for personal or financial information, messages that urge immediate action with threats to freeze accounts, and communications with poor grammar or inconsistencies are clear warning signs. To verify the authenticity of such communications, customers should contact their bank directly using official contact numbers. Checking URLs for legitimate domains is another simple yet effective step. For instance, ensuring the URL starts with “https” and includes the bank’s official domain can prevent phishing attacks.
Internal fraud presents another layer of risk. Preventing such fraud requires a robust framework that includes conducting background checks, implementing stringent access controls, and establishing monitoring systems. Regular audits and whistleblower programs help foster accountability within the organisation. Training staff to recognise and report suspicious activities is equally important, and advanced behavioural analytics can further detect anomalies in employee activities. In cases where there is internal fraud, action should be taken to discipline the staff.
Email, SMS, and social media pages have been key delivery channels to provide fraud prevention tips. There has also been an uptake of the Global Cyber Awareness Month activities where tips on secure banking and online practices are shared. Such initiatives continue to empower customers to take proactive steps in safeguarding their financial well-being. The responsibility for securing accounts and money is a joint responsibility between Banks and their customers. As such, collaboration is a key aspect of this relationship. By staying vigilant and informed, both banks and customers can work together to create a secure banking ecosystem.
The writer is the Chief Manager Information Security Assurance at Centenary Bank.
