• Recent Posts

  • Archives

  • Categories

  • Tags

phishing

« Older Entries

ABSA phishing now also in Afrikaans!

Tuesday, March 19th, 2013

Just because an e-mail from a “bank” is sent to you and it is in perfect Afrikaans, don’t be fooled into thinking it is legitimate. 

The following e-mail was sent to a number of South African addresses and is a very clever and convincing attempt to obtain users banking details and PIN codes. What is frightening about this mail is that it is written in near-perfect Afrikaans and would fool most people including myself – if I weren’t so paranoid. 

Take a look at the following mail message. It looks very convincing but some spelling mistakes give it away but are not easily seen! 

Subject: Absa Kredietkaart Rekening Staat -Fooi Afgetrek

absa-afrikaanse phishing

There is an attached .html file (a web page) which immediately should tell you that something is wrong. 

Here is what the web page looks like:

absa-afrikaanse phishing2

On closer inspection of the webpage coding reveals that this is a phishing scam run by a syndicate whose servers are currently in Italy. 

  • If you use this page to type in your Account number, PIN code and password, you will have given the criminals free and open access to your bank account (if you were with ABSA)
  • ABSA, or any bank, would never send you e-mail containing links and ask you to click on that link to verify ANY personal information, especially account numbers or PIN codes.
  • Embedded html pages would never be included because they can be easily compromised (like this one)
  • Don’t be fooled by alarming subjects like “Fooi Afgetrek”, “Security Upgrade”, “Illegal Access to your account” or if the mail is in Afrikaans!

(INFORMATION SUPPLIED BY DAVID WILES)

Email

Tags:
Posted in News, Security | Comments Off

Beware of SIM card swap fraud

Friday, February 22nd, 2013

 

Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:

How does a SIM swap scam work?

  • The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
  • Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
  • The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
  • The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get  “SIMCARD INVALID” error on your cell phone)
  • The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently

What should I do if I suspect an unlawful SIM swap?

  • If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
  • Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.

What can I do to prevent SIM swap fraud?

  • Protect your information – all your information.
  • Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
  • Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
  • Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch. 

[INFORMATION SUPPLIED BY DAVID WILES]

 

Email

Tags: , ,
Posted in News, Security | Comments Off

New phishing e-mail causes confusion

Tuesday, February 19th, 2013

If you receive an email claiming to be from the SU IT department (see example below), do not open it or click on any of the links or reply to the e-mail. The e-mail attempts to gain access to the university accounts using the sun.ac.za details that looks initially genuine. 

This is a phishing email attempting to acquire your passwords and other information. Immediately delete the email and do not reply to it.

There are just a few of the obvious signs that this is a phishing e-mail designed to steal personal information from you. You should never respond to mail like this both at work and at home, and you should never reveal any personal details especially your username and password in an e-mail form or on a webpage that you access via an e-mail link.

IT will never request your username, password or other personal information by means of an e-mail.

  1. If it were a genuine message from Information Technology, there would be branding, and it would be in English and Afrikaans. This one has nothing like that in this e-mail.
  2. The grammar is particularly bad. (what is a “strong virus”?)
  3. We are university personnel and students or “users” we are not “subscribers”.
  4. Why would you have to enter your password in readable form in an insecure e-mail?
  5. There is no support@sun.ac.za e-mail address.
  6. If you do reply, you’ll see the default reply address is an unknown one and not a sun address.
  7. The links and the actual sender/server originate in Korea. 

More information on phishing.

 

EXAMPLE OF “PHISHING” E-MAIL:

Dear sun.ac.za subscriber,

We are currently carrying out an upgrade on our system due to the fact that it has come to our notice that one or more of our subscribers are introducing a very strong virus into our system and it is affecting our network.We are trying to find out the specific person.

For this reason all subscribers are to provide their USER NAME AND PASSWORD for us to verify and have them cleared against this virus. Failure to comply will lead to the termination of your Account in the next 48 hours.

Information Required:
* User name: (…………….. )(Compulsory)
* Password: (……………………..)(Compulsory)
* Date of Birth: (……………………..) (optional)
* Country Or Territory: (………………) (optional)

http://webmail.sun.ac.za/owa/auth/logon.aspx

Hoping to serve you better. 
Sincerely, Universiteit Stellenbosch University 
********************************************************
This is an Administrative Message from sun.ac.za server. It is not spam. 
From time to time, sun.ac.za server will send you such messages in 
order to communicate important information about your subscription. *********************************************************

 

 

 

 

 

Email

Tags: ,
Posted in News, Security | Comments Off

No, SARS doesn’t really want to give you a refund and other phishing tales

Wednesday, February 6th, 2013

Every year we send out literally dozens of warning e-mails, and continue to do so, because despite the frequent warnings, people  still get caught falling for these tricks. 

Take note of the following scam from fraudsters claiming to be from SARS.
 
Emails are going out to university (and private addresses) seemingly coming from “SARS” informing them that they have a refund waiting for them.  (Wow! a tax refund) Clicking on the hyperlink in the email takes you to a fake “e-filing” site that has hyperlinks for the four big South African banks and instructions to log on to your Internet banking site for “confirmation of your details”.  When you follow the Nedbank link (as an example), you are taken to a copy of the Nedbank internet banking site that asks for profile, pin and password.  Supplying these takes you to a second page that asks you for your mobile number.  Submitting information on this page takes you to a page that requests the reference number sent to your cellphone.
 
Do not authorise any cellphone message that comes through if you end up in the above situation.  Furthermore, do not click on any hyperlinks in emails or divulge your account or mobile number details to anyone over the phone or via email.  Banks will never ask you to access internet banking through a link in an email, neither will banks ever ask for your mobile number when you access internet banking.

Another particulary sneaky phishing attack surfaced today. 

It comes from “Linda Perez” and has a subject line of “Administrator (Sorry for the inconvenience)” 

It asks you to contact the “sender” with your username and password so they can “expand your mailbox manually” 

Of course this is a phishing attack, and you should never respond to such mails. 

Do not respond, flag the sender as Junk Mail and delete the message.

ARTICLE BY DAVID WILES

Email

Tags: ,
Posted in General, News, Security | Comments Off

Warning: New SARS, ABSA & eBucks phishing email

Tuesday, September 18th, 2012

If you receive an email claiming to be from ABSA regarding a payment from SARS or eBucks (see examples below), do not open it or click on any of the links. These are phishing emails attempting to acquire your passwords and other information. Immediately delete these emails and do not reply to them.

From: Absa Bank [mailto:lis@absa.co.z]
Sent: 18 September 2012 08:29 AM
To: …
Subject: SARS E-filing Payment Received

Dear Client,

A payment has been made into your account from SARS e-filing
In other to process and confirm this payment please do click here to login.
During this process, your RVN will be checked and verified.

Regards,

 

From: Absa Internet Banking [mailto:payment@absa.co.za]
Sent: 19 September 2012 15:01
To:
Subject: Payment Made To Your Online Banking!!

Absa Bank


Online Payment Made

Dear Customer,

A payment has been made to your account. To view the details of the payment, please click here to login. and enter the RVN that will be sent to your cellphone. please contact our support centreon 0860 123 000 . If you are calling from outside South Africa, call +27 11 299 4701 .

Our consultants are available between 8am and 9pm on weekdays, and 8am and 4pm on weekends and public holidays. 

The Internet banking Team

Moving Forward

Copyright Absa. All rights reserved.
Absa of South Africa Limited (Reg. No. 1962/000738/06). Authorised financial services provider. Registered credit provider (NCRCP15).

Disclaimer and confidentiality note:
Everything in this email and any attachments relating to the official business of Absa Group Limited is proprietary to the group.
It is confidential, legally privileged and protected by law. Absa does not own and endorse any other content.
The person addressed in the email is the sole authorised recipient.
Please notify the sender immediately if it has unintentionally reached you and do not read disclose or use the content in any way.

Absa cannot assume that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference.
For our privacy policy or information about the Absa group visit our website at www.absa.co.za.

Absa email disclaimer and confidentiality note

Please go to http://www.absabank.co.za/ site/homepage/emaildisclaimer. html to read our email disclaimer and confidentiality note. Kindly email disclaimer@absabank.co.za (no content or subject line necessary) if you cannot view that page and we will email our email disclaimer and confidentiality note to you.

From: eBucks Credit [mailto:credit@ebucks.com]
Sent: 25 September 2012 11:56 AM
To:
Subject: eBucks Reward: You have earned a eBucks points !!!

Alert

We have detected unusual activity on this account and for your security are temporarily blocking access. To regain access to this account, please click here.

If you are unable to login, contact Member Services at 1-877-786-0722 for further assistance.

Email

Tags: , ,
Posted in Email, News, Security | Comments Off

« Older Entries
 

© 2013 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.