Commercial Bank warns clients, public about SMS phishing
16 October 2019
With more than 90% of all cyberattacks are done through phishing, Commercial Bank has advised its clients and the general public to be more vigilant and cautious before disclosing any type of personal information.
“Whilst the nature of digital risks is constantly evolving, many start with a phishing attempt,” said Commercial Bank executive general manager and COO Leonie Ruth Lethbridge, who defined phishing as “the process of persuading people to disclose identity information, such as usernames, passwords, and one time passwords (OTPs), among others through phone calls or enticing people into visiting fraudulent websites.”
Speaking at a recent media roundtable, Lethbridge stressed that Qatar’s digital landscape “continues to grow exponentially,” with 85% of Qatari households having an Internet connection and 100% of 15 to 24 years old customers owning a mobile phone, whilst mobile data traffic is expected to increase 12 times by 2022.
“A secure Internet and flourishing digital economy is critical to our commercial success and economic future … consequently, we all need to be aware of the implications, such a dynamic growth platform brings with it … however, the greater this convenience and the greater our digital footprint and access, the greater the level of potential risks,” she emphasised.
According to Lethbridge, Commercial Bank’s primary target audience are its customers who might be receiving phishing SMS or emails.
“As part of the bank’s role in protecting their interests, this effort comes from our keenness to equip valued customers with the knowledge on how to act when they receive a phishing email or a phishing SMS. A secondary audience is the general public, as Commercial Bank plays a vital role in spreading awareness to the public as well,” she explained.
Lethbridge said bank customers are popular targets of fraudsters who engage in phishing attacks. She said phishers can impersonate bank websites to get unsuspecting users to provide their login credentials.
“At the first glance, the fraudulent email looks reliable regarding its sender, form, and content and thus is almost indistinguishable from the real one. After the fake website asks for personal data or access information from the user, then it is used for fraudulent transactions.
“Phishers now have the necessary information to steal the victim’s identity and have access to the bank account. They use the information they’ve gathered to make illegal purchases or otherwise commit fraud,” Lethbridge warned.
Lethbridge said the different types of phishing attacks could be done through email, phone (vishing), SMS (smishing), and website impersonation. A phishing SMS could be identified if the SMS is not from the banking short code like “Cb SMS”, instead it is from a phone number.
Also, be wary if the SMS that contains links or phone numbers. The bank will never send links or numbers to customers, she stressed.
“If it is unexpected and customers are in doubt, they should contact the bank instantly by calling the phone number from the official website or mobile app to verify the SMS.
Sometimes, the quality of the information and language in the SMS is poor with misspelt words and poor punctuation.
“If a customer provides username, password, and OTP to a fraudster, then a transaction looks like a real transaction, and will be difficult for detection systems to identify it,” Lethbridge added.