How criminals hack your bank account

By Staff Writer
Internet criminal fraud is the fastest growing fraud in the world, according to Carte Blanche. There is always a new SMS scam, or email that comes through, congratulating you on winning thousands of Rands.

But, what about those emails saying you have money owed to you by the tax man? Or that phone call from the bank saying that they need to access your account? Those are scams too, and are ways for criminals to obtain your details, and steal your money.

Below we look at five ways in which a criminal hacks your bank account, and takes your money.

Step 1: The phishing attack

In order to get your banking details, and thus log into your account, the criminal will send a fake email, which will look like it is from the bank, asking you to log in.

Your bank, as they always warn on their internet sites, will never send you an email asking you for your profile number, or password.

Another way in which criminals obtain your login details is through you using computers in public areas (such as Internet cafés) which record sensitive information, keystroke logging software, or malware, which provides criminals access to a victim’s computer.

Therefore, you should always log into your banking profiles on a secured computer. Make sure you have anti-virus software, or some type of internet security on your computer.  

Some banking sites even offer you the option to download the software from their site, in order to keep your information safe.

“Once you have logged in, you can download firewall and anti-virus software directly from our Internet banking site. We will cover the cost of the software for one year, after which you will be responsible for the maintenance fee, should you choose to continue using the software,” said Standard Bank.

The SANS institute, a private American security company, offers some tips on how to spot a phising email:
  • There are misspelled words in the e-mail or it contains poor grammar.
  • The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords or pins.
  • There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address”.
  • The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact.

Step 2: Getting a banking account

In order for these criminals to withdraw the money which they transferred out of your account, they need an active bank account.

They can do this through creating a bank account with fake personal details.

Or, they can also use the existing bank account of an unsuspecting person, to transfer and withdraw the money.

Step 3: SIM swap 

When conducting internet banking, your bank will either send a onetime pin, or a message to your cell phone to make sure that it is you who is conducting the transaction.

“Approving transactions using your cell phone means that you'll never have to enter sensitive information into a computer. This will help prevent you from falling prey to fraudsters and give you peace of mind knowing that your sensitive information will remain just that,” said Nedbank.

Therefore, the criminals would need access to your cell phone in order to complete their crime.

The criminals do this by cloning your SIM card, in order to have the message, or pin sent to them, instead of you. Beware then, of opening strange messages or emails on your phone as this could open your phone up to being cloned.

Step 4: Create beneficiaries for money transfer 

Once the criminals have your banking details, and have cloned your SIM, they can then access your account, and create a new beneficiary with the fake bank account they set up before.
Once they have done that, they can start to transfer the money they want to the beneficiary.

Step 5: Withdraw the money 

The money is then withdrawn from the fake account (which was made as the beneficiary in part 4). Once that is done, the card is destroyed, and the criminals have your money.

Security online is a growing concern, as we are moving into a paperless world. Never share your passwords, or profile numbers with anyone, and make sure to always use a secured, well protected computer when doing your banking online.

If you are unsure about an email, call your bank to ask them about it.

For more information, and for an info graphic on the whole process, MyBroadband has one, click here. 

Recent Articles


The President Hotel Free Wine Tastings

Price: Free
When: Fridays
Where: Cape Town

Riverside Monday Special

Price: R85
When: Mondays
Where: Durban

The Leonardo Anniversary Package Special

Price: R3870
When: Until 31 December 2021
Where: Johannesburg

Latest Guide

Guide to debt rehabilitation solutions