• Recent Posts

  • Archives

  • Categories

  • Tags

Security

« Older Entries

ABSA eStatement Phishing Scam

Wednesday, May 8th, 2013

The only thing that must be more annoying than us constantly warning you of e-mail scams, is the persistence that is shown by the criminals and scam artists to attempt to con you, and steal your personal data and money. 

The problem is they will continue to send phishing mails because they continue to catch people, even within an academic institution like the University. 

Today, another ABSA eStatement landed in our e-mail box, this time a little more sophisticated, but armed with a few basic tips I was able to spot the scam quickly. Keep an eye out for these mails in your mailbox and delete then or add then to your Junk-Mail filters to block them in future.

Here’s how you spot can them: 

1. Did you give your @sun.ac.za work address as your primary contact for Internet Banking? (NO)

2. Do you bank with (in this case) ABSA? (NO)

3. Is the salutation addressed to you personally, or is it just “Dear Customer”? (Dear Customer)

4. Is there a .pdf or an .html file attached? (phishers almost always use .html – a forged web-page) (.html PAGE)

5. Is the Subject of the e-mail “important” sounding? (In this case “Absa Cheque Account Statement – 7 May 2013″)

6. If you click on (or open by mistake) the attachment, does the web page look like the bank’s normal login page but does it LACK the https:// text at the front of the address and is the normal http://? (HTTP:) 

This mail is obviously a phishing scam and can be deleted. Be vigilant and alert. Even medical doctors and clever students have been caught before, don’t become a victim.

[ARTICLE BY DAVID WILES]

 

Email

Posted in Email, News, Security | No Comments »

ABSA phishing now also in Afrikaans!

Tuesday, March 19th, 2013

Just because an e-mail from a “bank” is sent to you and it is in perfect Afrikaans, don’t be fooled into thinking it is legitimate. 

The following e-mail was sent to a number of South African addresses and is a very clever and convincing attempt to obtain users banking details and PIN codes. What is frightening about this mail is that it is written in near-perfect Afrikaans and would fool most people including myself – if I weren’t so paranoid. 

Take a look at the following mail message. It looks very convincing but some spelling mistakes give it away but are not easily seen! 

Subject: Absa Kredietkaart Rekening Staat -Fooi Afgetrek

absa-afrikaanse phishing

There is an attached .html file (a web page) which immediately should tell you that something is wrong. 

Here is what the web page looks like:

absa-afrikaanse phishing2

On closer inspection of the webpage coding reveals that this is a phishing scam run by a syndicate whose servers are currently in Italy. 

  • If you use this page to type in your Account number, PIN code and password, you will have given the criminals free and open access to your bank account (if you were with ABSA)
  • ABSA, or any bank, would never send you e-mail containing links and ask you to click on that link to verify ANY personal information, especially account numbers or PIN codes.
  • Embedded html pages would never be included because they can be easily compromised (like this one)
  • Don’t be fooled by alarming subjects like “Fooi Afgetrek”, “Security Upgrade”, “Illegal Access to your account” or if the mail is in Afrikaans!

(INFORMATION SUPPLIED BY DAVID WILES)

Email

Tags:
Posted in News, Security | Comments Off

Beware of SIM card swap fraud

Friday, February 22nd, 2013

 

Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:

How does a SIM swap scam work?

  • The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
  • Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
  • The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
  • The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get  “SIMCARD INVALID” error on your cell phone)
  • The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently

What should I do if I suspect an unlawful SIM swap?

  • If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
  • Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.

What can I do to prevent SIM swap fraud?

  • Protect your information – all your information.
  • Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
  • Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
  • Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch. 

[INFORMATION SUPPLIED BY DAVID WILES]

 

Email

Tags: , ,
Posted in News, Security | Comments Off

Keep your cell phone secure

Friday, February 22nd, 2013

These days your smartphone is just as powerful as your laptop or pc a few years back. You store more personal and work information on your device and it’s always connected to the internet.

It’s exactly this convenience that puts you as a smartphone user at risk. Cooltech, iAfrica’s tech section, has a few ideas to minimise risk and ensure your personal information stays, well, personal and safe from malware and cybercriminals and other security risks. 

Set up a password

Your first line of defense is to simply set up a password on your phone. Most cellphone providers allow you to type in a pin number each time you switch on your phone or after a period on inactivity. 

Install security software

Since smart phones are no longer just for storing phone numbers and sms’s, but also bankdetails, they’re also an easy and perfect target for cybercriminals.

Consider installing anti virus software to protect your device against malware. F-Secure, Norton and other large security software vendors each have their own version for the main smartphone platforms. 

Activate the remote wipe function

The biggest risk is the the theft or loss of your device. Rather than worry about a stranger snooping through your information, activate the remore wipe function.

This function will allow you, by means of an internet connection, to delete your photos, business contacts and e-mails when you suspect you might not be able to recover your phone. 

Some manufacturers like BlackBerry and Apple offer the remote wipe function and location applications for their latest devices, while third party applications are available for other platforms.  

Download safe and approved applications

The temptation to download a free, unofficial application on your iPhone or Android instead of purchasing one through iStore, is big, but do you really want to take the risk and expose your phone to malware.  Rather stick legitimate sources where proper quality control is done and applications don’t come with added nasty surprises. 

Backup your data

As we’ve already established, a substantial amount of your life is on your smart phone – e-mail, phone contacts, documents, photos and much more. Just as you back up your computer (hopefully!), do the same with your cell phone so you won’t lose everything if you lose your phone.  Many smartphones allow you to make a thorough backup from your device to your pc or at least sync the most important data and settings to an online service.  Many smartphones allow you to make a comprehensive backup of your device to a computer, or to sync your most critical data and settings to an online service.

Email

Tags: ,
Posted in Connectivity, News, Security | 2 Comments »

Tygerberg users victim of phone scam

Friday, February 22nd, 2013

A new phone scam on Tygerberg attracted our attention this week and the possibility exists that it might spread other campusses. Please be aware of this scam that has left some victims hundreds of rands out of pocket. 

Scammers are using several well-known brands, including Microsoft, to fool people into believing that something is wrong with their computers, and now they seem to be phoning university numbers.  

The scam typically works as follows: 

Somebody, claiming to be a representative of Microsoft, one of its brands or a third party contracted by Microsoft, tells the victim they are checking into a computer problem, infection or virus that has been detected by Microsoft. They will trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge them for the removal of this software. 

The victim is directed to help and connect their computer  to a website that then allows the scammers to take control of the computer remotely, adjusting the settings and leaving the computer vulnerable. 

These callers claim to be from Windows Helpdesk, Windows Service Centre, Microsoft Tech Support, Microsoft Support, Windows Technical Department Support Group and even Microsoft’s Research and Development Team.

(INFORMATION BY DAVID WILES)

Email

Tags:
Posted in News, Security | Comments Off

« Older Entries
 

© 2013 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.