%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 20 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240518222048+00'00') /ModDate (D:20240518222048+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6900 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 68.176 521.469 678.558 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 68.176 l 565.984 68.176 l 565.984 745.984 l f 45.266 746.734 m 45.266 68.176 l 46.016 68.176 l 46.016 745.984 l f 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(PHISHING SCAM: IBANKING CONFIRMATION)] TJ ET 0.400 0.400 0.400 rg BT 61.016 564.033 Td /F3 9.0 Tf [(Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly )] TJ ET BT 61.016 553.044 Td /F3 9.0 Tf [(executed with some glaring mistakes, but nevertheless they still catch people in South Africa. \(Did you know that )] TJ ET BT 61.016 542.055 Td /F3 9.0 Tf [(according to a report from the South African Banking Risk Information Centre \(SABRIC\), South African were scammed out )] TJ ET BT 61.016 531.066 Td /F3 9.0 Tf [(of R2.2 billion by phishing scams in 2013 alone.\))] TJ ET BT 61.016 511.077 Td /F3 9.0 Tf [(Below is a e-mail that is making its rounds again, this time from Capitec.)] TJ ET BT 61.016 491.088 Td /F3 9.0 Tf [(Note several tell-tale signs that this is a phishing scam:)] TJ ET 0.400 0.400 0.400 RG 85.866 473.915 m 85.866 474.328 85.696 474.737 85.404 475.029 c 85.113 475.321 84.703 475.490 84.291 475.490 c 83.878 475.490 83.469 475.321 83.177 475.029 c 82.885 474.737 82.716 474.328 82.716 473.915 c 82.716 473.503 82.885 473.093 83.177 472.802 c 83.469 472.510 83.878 472.340 84.291 472.340 c 84.703 472.340 85.113 472.510 85.404 472.802 c 85.696 473.093 85.866 473.503 85.866 473.915 c f BT 91.016 471.099 Td /F3 9.0 Tf [(The email has improper spelling or grammar)] TJ ET 85.866 462.926 m 85.866 463.339 85.696 463.748 85.404 464.040 c 85.113 464.332 84.703 464.501 84.291 464.501 c 83.878 464.501 83.469 464.332 83.177 464.040 c 82.885 463.748 82.716 463.339 82.716 462.926 c 82.716 462.514 82.885 462.104 83.177 461.813 c 83.469 461.521 83.878 461.351 84.291 461.351 c 84.703 461.351 85.113 461.521 85.404 461.813 c 85.696 462.104 85.866 462.514 85.866 462.926 c f BT 91.016 460.110 Td /F3 9.0 Tf [(The hyperlinked URL is different from the one shown \(this one comes from a hijacked domain based in the USA\))] TJ ET 85.866 451.937 m 85.866 452.350 85.696 452.759 85.404 453.051 c 85.113 453.343 84.703 453.512 84.291 453.512 c 83.878 453.512 83.469 453.343 83.177 453.051 c 82.885 452.759 82.716 452.350 82.716 451.937 c 82.716 451.525 82.885 451.115 83.177 450.824 c 83.469 450.532 83.878 450.362 84.291 450.362 c 84.703 450.362 85.113 450.532 85.404 450.824 c 85.696 451.115 85.866 451.525 85.866 451.937 c f BT 91.016 449.121 Td /F3 9.0 Tf [(The email urges you to take immediate action)] TJ ET 85.866 440.948 m 85.866 441.361 85.696 441.770 85.404 442.062 c 85.113 442.354 84.703 442.523 84.291 442.523 c 83.878 442.523 83.469 442.354 83.177 442.062 c 82.885 441.770 82.716 441.361 82.716 440.948 c 82.716 440.536 82.885 440.126 83.177 439.835 c 83.469 439.543 83.878 439.373 84.291 439.373 c 84.703 439.373 85.113 439.543 85.404 439.835 c 85.696 440.126 85.866 440.536 85.866 440.948 c f BT 91.016 438.132 Td /F3 9.0 Tf [(The email requests for personal information)] TJ ET 85.866 429.959 m 85.866 430.372 85.696 430.781 85.404 431.073 c 85.113 431.365 84.703 431.534 84.291 431.534 c 83.878 431.534 83.469 431.365 83.177 431.073 c 82.885 430.781 82.716 430.372 82.716 429.959 c 82.716 429.547 82.885 429.137 83.177 428.846 c 83.469 428.554 83.878 428.384 84.291 428.384 c 84.703 428.384 85.113 428.554 85.404 428.846 c 85.696 429.137 85.866 429.547 85.866 429.959 c f BT 91.016 427.143 Td /F3 9.0 Tf [(…and for the technically-inclined the most obvious mistake is the IP address.)] TJ ET BT 61.016 407.154 Td /F3 9.0 Tf [([IP addresses are a unique string of numbers separated by full stops that identifies each computer using the Internet )] TJ ET BT 61.016 396.165 Td /F3 9.0 Tf [(Protocol to communicate over a network. These addresses are 4 sets of numbers each between 0 and 255 \(256 unique )] TJ ET BT 61.016 385.176 Td /F3 9.0 Tf [(values\) The university’s IP address ALWAYS begins with 146.232…])] TJ ET BT 61.016 365.187 Td /F3 9.0 Tf [(In this case the IP address is fake. There will )] TJ ET BT 241.592 365.187 Td /F3 9.0 Tf [(never)] TJ ET 0.18 w 0 J [ ] 0 d 241.592 364.036 m 264.101 364.036 l S BT 264.101 365.187 Td /F3 9.0 Tf [( be an IP with a value of 362…)] TJ ET BT 61.016 345.198 Td /F3 9.0 Tf [(---------------------------------------------------------------------------------------------------)] TJ ET BT 61.016 325.209 Td /F4 9.0 Tf [(From:)] TJ ET BT 86.513 325.209 Td /F3 9.0 Tf [( Capitec. [)] TJ ET 0.373 0.169 0.255 rg BT 127.031 325.209 Td /F3 9.0 Tf [(mailto:capitec@cnserv.co.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 127.031 324.058 m 241.700 324.058 l S 0.400 0.400 0.400 rg BT 241.700 325.209 Td /F3 9.0 Tf [(])] TJ ET BT 61.016 314.220 Td /F4 9.0 Tf [(Sent:)] TJ ET BT 83.516 314.220 Td /F3 9.0 Tf [( 25 September 2015 12:57 PM)] TJ ET BT 61.016 303.231 Td /F4 9.0 Tf [(To:)] TJ ET BT 75.011 303.231 Td /F3 9.0 Tf [( Victim, IAMA, Mej <)] TJ ET 0.373 0.169 0.255 rg BT 156.281 303.231 Td /F3 9.0 Tf [(iamavictim@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 156.281 302.080 m 246.434 302.080 l S 0.400 0.400 0.400 rg BT 246.434 303.231 Td /F3 9.0 Tf [(>)] TJ ET BT 61.016 292.242 Td /F4 9.0 Tf [(Subject:)] TJ ET BT 96.521 292.242 Td /F3 9.0 Tf [( Ibanking confirmation)] TJ ET BT 61.016 272.253 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 252.264 Td /F4 9.0 Tf [(Dear valued Client)] TJ ET BT 61.016 232.275 Td /F3 9.0 Tf [(An ip address 82.128.362.135 made some incorrect logon attempts)] TJ ET BT 61.016 221.286 Td /F3 9.0 Tf [(with your remote pin.)] TJ ET BT 61.016 201.297 Td /F3 9.0 Tf [(Please respond to this by following the reference below and you)] TJ ET BT 61.016 190.308 Td /F3 9.0 Tf [(will be guided through the secure restore process.)] TJ ET 0.373 0.169 0.255 rg BT 61.016 170.319 Td /F4 9.0 Tf [(Restore ebanking access)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 168.890 m 169.061 168.890 l S 0.400 0.400 0.400 rg BT 169.061 170.319 Td /F3 9.0 Tf [( \(this link has been cleaned up and is no longer a danger\))] TJ ET BT 61.016 150.330 Td /F3 9.0 Tf [(You may experience future problems with your)] TJ ET BT 61.016 139.341 Td /F3 9.0 Tf [(online access by failing to attend to this matter.)] TJ ET BT 61.016 119.352 Td /F4 9.0 Tf [(Ebanking Service)] TJ ET BT 61.016 99.363 Td /F3 9.0 Tf [( )] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 127.0307 324.3766 241.6997 333.5341 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 156.2807 302.3986 246.4337 311.5561 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:iamavictim@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 179.1103 61.0157 179.1103 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (https://blogs.sun.ac.za/it/2015/02/13/outwit-phishing-attempts/) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 169.4866 169.0607 178.6441 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (https://blogs.sun.ac.za/it/2015/02/13/outwit-phishing-attempts/) >> endobj 20 0 obj << /Type /Page /Parent 3 0 R /Contents 21 0 R >> endobj 21 0 obj << /Length 819 >> stream 0.400 0.400 0.400 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 663.778 521.469 94.206 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 663.778 m 566.734 663.778 l 565.984 664.528 l 46.016 664.528 l f 566.734 757.984 m 566.734 663.778 l 565.984 664.528 l 565.984 757.984 l f 45.266 757.984 m 45.266 663.778 l 46.016 664.528 l 46.016 757.984 l f 0.400 0.400 0.400 rg BT 61.016 740.193 Td /F3 9.0 Tf [(-----------------------------------------------------------------------------------------------------)] TJ ET BT 432.949 720.204 Td /F3 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 61.016 700.215 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 681.726 Td /F3 9.0 Tf [(Posted in:E-mail,Security | Tagged:Capitec | With 0 comments)] TJ ET endstream endobj xref 0 22 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000312 00000 n 0000000341 00000 n 0000000476 00000 n 0000000579 00000 n 0000007531 00000 n 0000007643 00000 n 0000007750 00000 n 0000007866 00000 n 0000007986 00000 n 0000008114 00000 n 0000008189 00000 n 0000008317 00000 n 0000008396 00000 n 0000008522 00000 n 0000008637 00000 n 0000008764 00000 n 0000008879 00000 n 0000008944 00000 n trailer << /Size 22 /Root 1 0 R /Info 5 0 R >> startxref 9815 %%EOF Capitec « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Capitec

Phishing scam: Ibanking confirmation

Monday, September 28th, 2015

Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly executed with some glaring mistakes, but nevertheless they still catch people in South Africa. (Did you know that according to a report from the South African Banking Risk Information Centre (SABRIC), South African were scammed out of R2.2 billion by phishing scams in 2013 alone.)

Below is a e-mail that is making its rounds again, this time from Capitec.

Note several tell-tale signs that this is a phishing scam:

  • The email has improper spelling or grammar
  • The hyperlinked URL is different from the one shown (this one comes from a hijacked domain based in the USA)
  • The email urges you to take immediate action
  • The email requests for personal information
  • …and for the technically-inclined the most obvious mistake is the IP address.

[IP addresses are a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network. These addresses are 4 sets of numbers each between 0 and 255 (256 unique values) The university’s IP address ALWAYS begins with 146.232…]

In this case the IP address is fake. There will never be an IP with a value of 362…

—————————————————————————————————

From: Capitec. [mailto:capitec@cnserv.co.za]
Sent: 25 September 2015 12:57 PM
To: Victim, IAMA, Mej <iamavictim@sun.ac.za>
Subject: Ibanking confirmation

 

Dear valued Client

An ip address 82.128.362.135 made some incorrect logon attempts
with your remote pin.

Please respond to this by following the reference below and you
will be guided through the secure restore process.

Restore ebanking access (this link has been cleaned up and is no longer a danger)

You may experience future problems with your
online access by failing to attend to this matter.

Ebanking Service

 

—————————————————————————————————–

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, Security | Comments Off on Phishing scam: Ibanking confirmation

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.