Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly executed with some glaring mistakes, but nevertheless they still catch people in South Africa. (Did you know that according to a report from the South African Banking Risk Information Centre (SABRIC), South African were scammed out of R2.2 billion by phishing scams in 2013 alone.)
Below is a e-mail that is making its rounds again, this time from Capitec.
Note several tell-tale signs that this is a phishing scam:
- The email has improper spelling or grammar
- The hyperlinked URL is different from the one shown (this one comes from a hijacked domain based in the USA)
- The email urges you to take immediate action
- The email requests for personal information
- …and for the technically-inclined the most obvious mistake is the IP address.
[IP addresses are a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network. These addresses are 4 sets of numbers each between 0 and 255 (256 unique values) The university’s IP address ALWAYS begins with 146.232…]
In this case the IP address is fake. There will never be an IP with a value of 362…
—————————————————————————————————
From: Capitec. [mailto:capitec@cnserv.co.za]
Sent: 25 September 2015 12:57 PM
To: Victim, IAMA, Mej <iamavictim@sun.ac.za>
Subject: Ibanking confirmation
Dear valued Client
An ip address 82.128.362.135 made some incorrect logon attempts
with your remote pin.
Please respond to this by following the reference below and you
will be guided through the secure restore process.
Restore ebanking access (this link has been cleaned up and is no longer a danger)
You may experience future problems with your
online access by failing to attend to this matter.
Ebanking Service
—————————————————————————————————–
[ARTICLE BY DAVID WILES]
Tags: Capitec