This week a phishing scam is in the disguise of an alleged payout by Outsurance of a R400 premium, is circulating. Now if you are an Outsurance member, then this scam can fool you, but there are a number of telltale points that will reveal this mail to be a scam:

1. So-called branding (with an Outsurance Logo and a Sender that looks like it comes from Outsurance) are easily counterfeited.
2. Outsurance has most of your details if you are a client and the salutation will always be your name and never just “Dear Client”.
3. Outsurance does not use Dropbox to deliver ANY documents. They will always use their own systems and usually send PDF documents after informing you via e-mail AFTER calling you personally and confirming some personal details.
4. Outsurance will have a registered contact e-mail address on their system, but they will never ask for your e-mail password. Hopefully, you do not use your University of Stellenbosch e-mail address for as your personal contact address.
5. This e-mail’s grammar is terrible. It is very unprofessional and the use of threats such as “PAYOUT will be denied if details are inconsistent/wrong” is usually a typical tactic of phishers.
6. Scammers are wanting personal details and your signature. Why? So they can use it to gain access to your other accounts that have money, like bank accounts, or use your signature (that you sent them) to sign forged cheques etc.

Standard Bank South Africa recently lost R300 million in ATM fraud in Japan this week. The criminals used forged credit cards. No doubt the details on those cards were obtained using names and details that they obtained from phishing scams such as this Outsurance scam. Crime syndicates often exchange and share data they obtain amongst their fellow syndicates and use it to commit fraud.

Here is an example of the Outsurance scam mail that is circulating at the moment. We removed the “DropBox” link and the attached file for your safety. 

~~~

From: OUTsurance [mailto:premium@OUTsurance.co.za]
Sent: 24 May 2016 08:45 AM
To: Recipients <premium@OUTsurance.co.za>
Subject: Claim your Outsurance R400 premium

Dear Client,

Your monthly R400 premium PAYOUT is ready. Please log in to our DropBox document file with correct Email address and Email Password registered with us to confirm details. PAYOUT will be denied if details are inconsistent/wrong. Download, print and sign the forms, attach and email back to us for payment to be effected.

OUTsurance premium PAYOUT

Thank you.

© 2015 OUTsurance Insurance Company Limited and OUTsurance Life Insurance Company Limited A Member of the Rand Merchant Insurance Holdings (RMI) Group and an Authorised Financial Services Provider FSP (896)

[ARTICLE BY DAVID WILES]

Earlier this week Tygerberg was subjected to a particularly pervasive attempt by phishing fraudsters to obtain usernames and passwords from users by fooling them to “Activating” their Outlook 2016 account.

Although mostly unsuccessful due to the fact that most personnel are wide awake and sensitive to phishing attacks, this does not stop the attempts. The fraudsters merely change their tactics. Stealing data and gaining access to personal details such as usernames and passwords is very, very profitable!

Today’s phishing scam uses a different method by hiding behind an educational institution’s name and adding a “throw-away” website address at the end.

——————————————————————

Dear Account User,

We are shutting down your Bulk SMS, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk SMS, Cellfindportal immediately otherwise it will be deactivated. 

To activate go to http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk 

The Information Technology department encourages you to take the following measures to protect your account.

Sincerely

IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved

—

The University of Stellenbosch is a charitable body, registered in

Republic of South Africa, with registration number ZA005336.

——————————————————————

We’ve removed the dangerous part of the mail, but you hopefully can see how we can be fooled if we see the “sun.ac.za” address and see the “disclaimer” at the end, and think that it is from the University.

Information Technology will never send you mail like this and if they do mail you, it will always be branded and linked to a sun.ac.za site, and the grammar will be a lot better than this example, and will be bilingual at least!

[ARTICLE BY DAVID WILES]

This morning we received word of a new phishing e-mail being distributed on campus. (see example below) Please note that the message below is NOT from the University’s IT department. All our e-mails will be branded and in both Afrikaans and English. Ignore these e-mails and delete them. Other signs to look out for are:

1. The e-mail is never addressed to you personally – it’s a generic heading. (e.g. Dear client)
2. It asks the receiver to divulge personal information, for example your ID number, password or username.
3. The e-mail asks you to click on a link to “activate” your account. Don’t click on any links in e-mails (unless it’s an official IT e-mail) and also don’t copy and paste it in your web browser.
4. Usually a short time limit is given, for example “within 24 hours”.
5. Make sure the request is official and legal by calling the company and confirming.
6. Do not send sensitive information by e-mail. Legitimate companies won’t ask you to send data by e-mail.

—————————————————————————————————————————

From: a University staff member [mailto:scammers-email@outlook.com]
Sent: 05 May 2016 11:52 PM
Subject: Outlook WebAccess

Today Thursday 5th  May, 2016. we are upgrading our email system to Outlook Web App 2016. This service creates more space and easy access to email. Please update your account by clicking on Activation below, fill information for activation and submit.

Click for Activation

Inability to complete the information will render your account inactive. 

Thank you.

IT Admin Desk