OpinionPREMIUM

Think before you click — how to spot a scam

Study found that most of the respondents had fallen for a scam — 64% of South Africans said they had

Wendy Knowler

Wendy Knowler

Consumer journalist

These tips are appropriate throughout the year. Cybercriminals don’t take breaks – so you shouldn’t ever drop your guard.
These tips are appropriate throughout the year. Cybercriminals don’t take breaks – so you shouldn’t ever drop your guard. (123RF/Nonwarit Pruetisirirot/ File photo )

“We cannot deliver your item to door due to the incomplete house number, please fill in the address ...”

My phone pinged the arrival of that SMS yesterday, and as I was indeed expecting a delivery and my address does often confuse courier drivers, I almost clicked on the provided link: something I’ve repeatedly advised people not to do.

I would have been asked for my address, and no doubt also a small delivery fee, to be paid online, and another click would have led to me giving the scammers all my banking and security details.

What are the telltale signs that an SMS is scam bait?

The fact that I am not mentioned by name is not a red flag: while most courier companies do use the client’s name in SMS notifications, some do not. Some scammers know your full name — and use it in their bait SMS.

A few months ago I got this: “Delivery Office: Dear Wendy Laura. Your order XXX is waiting for delivery. Please confirm R0.37 at the following link ...”

That’s indeed my middle name, but I only use it when absolutely necessary. Certainly not when placing online orders. A couple of clicks later I was prompted to pay “the Post Office” that fee, online, providing all my card details, including the CVV security code. To those who aren’t expecting a parcel via the Post Office, such an SMS is immediately suspicious, but many of those who were have fallen for it and had their credit card accounts raided as a result. How?

Usually the fraudster creates a virtual wallet for themselves, linked to their victim’s credit card, the details of which the victim provided to them. They need only trick their victim into authenticating that link once, before going on a spree for as long as it takes their victim to realise and inform their bank. 

Getting back to my latest fake delivery notification SMS, it’s the vagueness which is the “tell”. Genuine delivery notifications identify the courier company and sometimes the company you bought the product from as well.

Had I done that clicking at the scammer’s bidding, the request to make a delivery payment, however small, would have been the ultimate scam “tell”. And something else is “off” about that SMS, albeit fairly subtle: the language. It’s sloppy: “We cannot deliver your item to door”, not “your door”. 

Released this week, Visa's Stay Secure study — conducted across 17 countries in central and Eastern Europe, the Middle East and Africa — reveals a disconnect between consumers’ confidence in recognising fraud and their actual online behaviour.

According to the study, confidence in the ability to spot a scam, and the vulnerability it may bring, is highest in Qatar (69%), Kenya (65%), South Africa (65%), Saudi Arabia (64%) and Nigeria (63%).

The study found that most of the respondents had fallen for a scam - 64% of South Africans said they had

Yet the study also found that most of the respondents had fallen for a scam — 64% of the South Africans said they had.

“Those who consider themselves more knowledgeable are more likely to respond to a requested action from scammers compared to those who say they are less knowledgeable,” said Irene Auma, Visa’s head of risk for Sub-Saharan Africa.

Only 57% of respondents said they checked whether communications had been sent from a valid e-mail address, and only 33% look to ensure words are spelt correctly.  More than 70% said they would respond if a message had a positive hook such as “free gift”, “you’ve been selected” or “you’re a winner”, which explains why the scammers throw out such hooks so often.

About 40% of Generation Zs (those aged 26 and younger) are likely to act on a claimed giveaway and 44% of respondents said they would click on a link or reply to a message that offered a financial opportunity.

“Whether it’s a parcel held up at customs, a streaming subscription claiming to have expired, or a free voucher for a favourite brand, scammers are adopting persuasive tactics to deceive,” Auma said.

Only 42% of respondents listed “updates regarding delivery or shipping” in their top three sources of suspicion.

I’m not exaggerating when I say I get at least one e-mail a day from someone who has lost a massive sum of money out of their bank accounts to fraudsters. In many cases, the crooks used all their available overdraft and credit card funds, leaving them in considerable debt.

Bianca (not her real name) told me this week how a fraudster had left her with a R142,000 credit card debt. She took exception to her bank saying it was her fault, and to its offer to refund her only 50% of her loss, as a “goodwill gesture”.

She did concede that someone had called her and tricked her into believing he was from her bank, as he had her credit card number and ID number. But she was adamant that she did not give him any one-time pins (OTPs).

The fraudsters who make those calls do have their intended victims' personal information — all our data has been compromised many times in a series of massive credit bureaux breaches.  What they don’t have are the one-time pins they need to access their victims’ bank accounts, which is why they have to make those calls.

And they seldom straight-out ask their victims to give them the OTP which their bank sent them via SMS.  They have many creative ways of tricking them into reading out that number sequence. One victim said she was told she needed to read the SMS for voice authentification, and yes, it had to be that specific message for comparison purposes.

Bianca and many others have ended those calls, firmly believing that they didn’t give the crook their “keys to the safe”, when in fact they did. The bank in question said the disputed transactions were authenticated via USSD on Bianca’s device, and was able to produce documentary evidence of that.

So I suggested to Bianca, as did the Ombudsman for Banking Services, that she accept that 50% offer. 

If you’re thinking you wouldn’t have fallen for that fraudster’s line, you’d be wise to accept that you may fall for another fraudulent approach on a specific day, under specific circumstances.

We stay safe by double checking whether any such SMS, call or e-mail is genuine, resisting the urge or the instruction to take immediate action and regularly checking SMSs for notifications of unauthorised purchases or SIM swap notifications.

They can’t get their hands on our money without some kind of help from us.

CONTACT WENDY: Email: consumer@knowler.co.za X (Twitter): @wendyknowler Facebook: wendyknowlerconsumer

Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.

Comment icon
Sign UpLog In

Please read our Comment Policy before commenting.

Editor’s Choice

1

POLL | Who hogged the headlines best in 2025?

2

POLL | Choose your Mampara of the Year

3

Q&A with chair of the Eastern Cape House of Traditional Leaders Mpumalanga Gwadiso on deaths at initiation schools

4

MAKHUDU SEFARA | Even a whiff of corruption must bar contenders for the ANC’s top job

5

Cosatu steps in to play ‘big brother’ as ANC–SACP rift deepens