Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

SARS e-mail may fool users

Tuesday, October 15th, 2013

For some lucky people, it is time for the tax returns from SARS. The criminals know it too and every year at this time, users will get emails allegedly from SARS promising tax returns and asking you to click on a link, log in and provide your bank account details and password so they can pay you money!

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and these are stored in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS would always either SMS or send you a registered letter in the post to inform you of tax returns, etc. They would never contact you via unsecured e-mail, and furthermore they have enough of your data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” salutation.
  3. There is no returnfund@sars.co.za address
  4. The attached file is usually a html (webpage) file that gives you a forged webpage sitting on the criminals server somewhere overseas.
  5. The amount that they promise to pay you is always something like R9,250.75
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system you should never get mail on your university account.

If you do go to this site and you do enter in your banking account details, credit card details, passwords etc, this will allow the criminals to log into your bank account via the internet, and take control over your bank account. They will create themselves as beneficiaries and then transfer all your money to their account, and then delete all the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 South Africa was the 5th most phished country in the world behind India, Canada, the USA and the UK, with estimated figures of R14 million being stolen from South Africans last year alone.

 

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in E-mail, Security | Comments Off on SARS e-mail may fool users

ABSA eStatement phishing

Sunday, September 22nd, 2013

The only thing that must be more annoying than us constantly warning you of e-mail scams, is the persistence that is shown by the criminals and scam artists to attempt to con you, and steal your personal data and money.

The problem is they will continue to send phishing mails because they continue to catch people, even within an academic institution like the University.

Recently another ABSA eStatement landed in our e-mail box, this time a little more sophisticated, but armed with a few basic tips you will be able to spot the scam quickly.

Keep an eye out for these mails in your mailbox and delete then or add then to your Junk-Mail filters to block them in future.

Here’s how you spot can them:

1. Did you give your @sun.ac.za work address as your primary contact for Internet Banking?

2. Do you bank with (in this case) ABSA?

3. Is the salutation addressed to you personally, or is it just “Dear Customer”?

4. Is there a .pdf or an .html file attached? (phishers almost always use .html – a forged web-page)

5. Is the Subject of the e-mail “important” sounding? (In this case “Absa Cheque Account Statement”)

6. If you click on (or open by mistake) the attachment, does the web page look like the bank’s normal login page but does it LACK the https:// text at the front of the address and is the normal http://?

Answering these questions, it will be easy to establish whether an e-mail is clearly a phishing scam and can be deleted. Be vigilant and alert. Anyone can be caught out – even you.

[ARTICLE BY DAVID WILES]

 

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on ABSA eStatement phishing

Subscribe, unsubscribe

Friday, September 20th, 2013
Once of the most common questions we get asked by users is –  How do these spammers get my e-mail address? Previously we looked at Rumpelstiltskin attacks, bots, trojans and zombies. This time around we focus at a third method – by using Subscribe/Unsubscribe newsletter services.

In the 21st century it can be said that “Knowledge and not Money is Power”. The two are closely linked. Knowledge or “data” is a hot commodity on the Internet. Facebook, for instance, has over 1.2 billion users. Just think of the value of that data if Mark Zuckerberg (the founder of Facebook) decided to sell that information. 

Many times you might receive e-mail in the form of a newsletter with a button down below that’s marked “Unsubscribe”, but will the newsletters really stop if you click on it?

There are many unscrupulous newsletter senders who will sell your e-mail address for a commission. A very common unsubscribe tactic is to send millions of people a false “you have joined a newsletter” e-mail. When users click on the “unsubscribe” link, they are not actually unsubscribing but unwittingly confirming that they are a real person with an active e-mail address. This results in getting more spam and soon the spam flood will spiral out of control. Furthermore the spammers will then sell their database (containing your “confirmed” e-mail address) to other spammers and unscrupulous marketing firms.

Another vector that spammers use to obtain your e-mail address is through legitimate newsletters. You may often subscribe to a legitimate newsletter service and receive newsletters, but as soon as your personal information and contact details are placed into the care of a third party (the legitimate newsletter service) you are relying on the fact that their system and database security is adequate and not vulnerable to hacking and identity theft. Hackers could break in and steal the database of e-mail address of the original newsletter service, and very quickly your e-mail address could be in the hands of spammers and scammers throughout the world.

Often marketers and newsletter services gather e-mail addresses and sell this to a third party. Often this is mentioned in the “Terms & Conditions” when you originally subscribe, giving them the rights to give your details to their “partners” so they can contact you. This way you become the unwitting victim in the business of selling and exchanging data.

Remember these important tips:

  • Survey Sites tend to generate a lot of junk mail. While many people use surveys as a great part-time source of extra income, signing up for surveys, free gifts, free drawings, etc. often distributes your e-mail to many unwanted mailing lists.
  • Try to keep your junk mail to a minimum by not giving your e-mail address to anybody that you don’t know, trust, or use for business purposes like your bank, business websites, etc.
  • Many different junk e-mails can come from the same source. Once you start “unsubscribing” from these e-mails, you’ll begin to notice that some of the unsubscribe pages look the same.
  • If trying to get information from sites requiring an email address try abc@123.com or similar rather than your own email address. By entering a non existent email address yours doesn’t get logged & targeted.
  • If you cancel a subscription and e-mail keeps coming, it may be necessary to add the junk mail’s sender or domain to your blocked list.

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, Security | Comments Off on Subscribe, unsubscribe

Attack of the trojans, bots & zombies

Friday, August 30th, 2013
Once of the most common questions we are asked by users is: How do these spammers get my e-mail address? Previously we looked at Rumpelstiltskin attacks and this week we will focus on the second of the methods –  by using Trojan Horses, Bots and Zombies. Now, thet may sound like something from a movie, but they do pose quite a serious threat to you as e-mail user.

Let us use a familiar example. You regularly exchange emails with your elderly mother who has a computer. Your mother uses Outlook or Thunderbird and has dozens of emails from you in her inbox. She even added you to her address book. She also has lots of emails from a distant family member – cousin Johan from Australia. You haven’t stayed in touch with Johan that closely over the years, but you definitely know who he is.

Last year, just before the Christmas, Johan downloaded and installed this really pretty Christmas screensaver that showed tranquil tree and candle scenes when he wasn’t using the computer. What he didn’t know was that the screen saver had a sinister hidden payload. While the candles flickered peacefully on his screen, the software went to work combing through his emails and address book, his browser’s cache of past webmail sessions and other files, storing every email address it would find in a separate list.

Then it sent the entire list to a server in Russia, where a criminal combined it with other such submissions to build the ultimate monster spam list that can be sold and resold over and over again.

But as if that wasn’t enough, when the “screensaver” sent the address list to Russia, it received some content in return – messages to be sent to all of Johan’s contacts. Then, unbeknownst to John, his computer started creating hundreds of emails randomly using the harvested email addresses in the To: and From: field along with the content from the Russian server and sent them out using Johan’s Internet connection. One of them used your mother’s email address as sender and yours as recipient.

Now you received some spam from your mother asking you to buy fake watches and you’re ready to speak to her telling her to stop. Well, don’t. Your mother has obviously nothing to do with the whole thing and you’ll never find out that it was actually Johan’s computer.

You just had a look into the really nasty underworld of the Internet where botmasters (the guy in Russia) control botnets (infected computers that all report to the same server) of remote-controlled zombies (Johan’s computer) that were compromised using trojan horses (the screensaver) or similar malware.

And it doesn’t even end there. The botmaster typically doesn’t spam for his own account but hires out his botnet to whoever pays the most. The equally shady factory in China wanting to sell more fake Rolexes can now hire the botmaster to blast their offers all over the internet. The guy in Russia doesn’t even care if you open or click on that email from your mother, he gets paid either way. And when he’s done with the watches, he’ll inform his entire mailing list that they all won the lottery and can pick up the prize if only they pay a small “transfer fee” up front. And after that, he’ll mail a Paypal phish for yet another “client”. And for good measure, he’ll sell his entire email address database, incl. yours, to a friend who is in the same line of “business”.

In other words, once your email address got picked up by a botnet, Pandora’s Box is wide open. The whole scheme is particularly wicked because now you have to depend on others to keep your address safe. Unfortunately, there is little you can do:

  • First of all, do your own share: NEVER open email attachments that you didn’t ask for, even if they appear to come from good friends like Johan. If you’re still curious, ask Johan or your mother first if they really sent it.
  • NEVER download anything where you can’t in­de­pend­ent­ly verify it’s safe. With“independently verify” I mean you can read about it in forums, blogs, news sites, your local “computer geek” etc. Facebook fan pages, even with 1000s of “fans”, do NOT count, they are way too easy to manipulate and are usually full of misinformation!
  • NEVER get fooled by fake “security scans” (they’re quite the opposite!) or“video codec updates” to see that funny kitten clip. If you think you need a new Flash player, type in flash.com by hand and update from there. If afterwards the site still says you need an “update” get out of there as fast as you can.
  • Then educate your friends and family about the same. Explain how trojans work. Send them a link to this blog page!
  • You can try having multiple private email addresses. Keep a super-private one, only for family and very few of your closest friends.  Use your university address for everyone you work with and don’t use this for private mail – EVER!  Get a semi-private one for your wider social circle. The latter two do get some spam, although it’s still manageable. GMail has a very good “spam filter”, and blacklisting spammers is very easy!

 

[ARTICLE BY DAVID WILES & MATERIAL BY BustSpammers.com]

Email

Tags: , , , ,
Posted in E-mail, Security | 1 Comment »

What does Rumplestiltskin and spam have in common?

Friday, August 16th, 2013

Once of the most common questions we get asked by users is “How do these spammers get my e-mail address?” 

There are a number or methods that these spammers use, but today we will focus on one of the methods,  The “Rumplestiltskin” attack.

A dictionary or Rumplestiltskin attack is an attack where the spammer floods e-mail servers with usernames selected from a dictionary. The name of course, comes from the old Grimm’s fairytale.

Long, long ago when the university’s e-mail system was still very primitive and e-mail addresses were limited to 8 characters, most personnel at the university had simple names like ab@sun.ac.zaaa1@sun.ac.za, bv@sun.ac.za. It is relatively easy to make up a list of common letter combinations and just add @sun.ac.za onto it to create a e-mail list. Add to that common  role-based accounts, such as admin, help and support, as well as adding the latest Baby Names list and you have a list that can be used to launch a Rumplestiltskin attack.

If you send  E-mail to Unknown Users or address that do not exist, Why bother?

Firstly rather than spammers buying a list from other spammers, they can just spam to any possible name they can generate. It might seem rather inefficient but sending email is cheap.

The second reason – which is far more sinister – is that spammers use these techniques to generate lists of valid email accounts. They first send to a generated list and when they do get a response or the receiving mail server doesn’t answer back and say“unknown e-mail address”, this allows them to either sell these lists of “verified” emails or be more accurate in their other spamming activities.

With this second reason in mind, you should be able to see the danger of replying to these mails or filling in the “opt-out” option, that is commonly included in such mails, or by setting your “Send delivery receipt” to automatic on your e-mail. As soon as these spammers realize that there is a real person at the other end of the e-mail, they will increase their spam. They get paid to send out the mail, not for how many people respond to them.

In our next edition we will focus on a second way spammers harvest e-mail addresses in – Part 2 – Trojan Horses, Bots and Zombies

[ARTICLE BY DAVID WILES]

Email

Posted in Communication, Security | Comments Off on What does Rumplestiltskin and spam have in common?

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.