There have been reports of personnel and students getting numerous “spam” messages from DirectAxis Financial Services offering financial loans at 5% interest. This email is sent from a number of  “throwaway” e-mail addresses like outlook.com, Hotmail and webmail.co.za.

Some students and personal are struggling to manage their finances and these “offers” can be very tempting.

There are usually attached PDFs with each message where the company advertises loans and abnormally low-interest rates, and although currently there is no embedded malware or links to servers where you would be asked to give your user name and password, the spammers nevertheless ask you for your ID NUMBER, Full Names, Occupation, Monthly income and Contact details, which can be used for identity theft.

Although DirectAxis is a legitimate South African microlender, in the past, their company letterhead has been forged and used by criminals to commit fraud. Secondly, this particular Company has a number of charges against it by the Direct Marketing Association of South Africa for using ”spam databases” to spam millions of South Africans with their adverts. This puts them in violation of the “Protection of Personal Information Act” [http://www.justice.gov.za/legislation/acts/2013-004.pdf]

Don’t be fooled by companies offering you loans at a ridiculously low-interest rate (Here are some handy tips to spot frauds)

• Any company that says it doesn’t care about your credit history has no intention of lending you money. A legitimate lending institution wants to know whether you pay your bills on time and in full. It needs some assurance that you’ll repay what you borrow.
• Search the business’ website for an address where it legally does business. Lenders and loan brokers must be registered in the country where they conduct business.
• One should never pay to get a personal loan. Many scammers ask borrowers to provide a prepaid debit card for insurance, collateral or fees.
• Make sure a padlock icon appears somewhere on the web pages where you’re asked to type in personal information. Don’t override any warning saying a site’s security certificate has expired and pay attention to the URLs you click on.
• When you find a lender online, go through the site to determine its physical location. Do they provide a street address? However it may be a fake! If you don’t find any indication of their location, you should avoid the lender.
• Some websites appear to offer different types of personal loans but aren’t actually lenders, but sell your personal information to other loan companies. Many “microlenders” merely collect your personal and financial information for other companies.
• Don’t fall for the “Act Now” urgency plea. Many criminals often give you a deadline and say their offer won’t exist tomorrow.

[Article by David Wiles]

This morning’s attempt at fooling users into divulging personal information like usernames, e-mail addresses and passwords and attempts to disguise itself as an email from the “ITS help desk”

Here is what it looks like: (We have removed the dangerous parts)

From: Karen L. Mcdonah [mailto:spoofed or compromised e-mail address]

Sent: Thursday, 29 June 2017 17:41

To: Karen L. Mcdonah <spoofed mail to disguise the sender>

Subject: IT SERVICE DESK

Your password Will Expire In The Next TWO HOURS Current Mail User Should Please Log On To IT-WEBSITE To Validate Your E-mail Address And Password, Or Your E-mail Address Will Be Deactivated. Thank You.

ITS help desk

ADMIN TEAM

©Copyright 2017 Microsoft

All Right Reserve

That is it. The classic signs of a phishing email should be obvious.

1. Unknown or undisclosed sender.
2. Disguised to make it look like it comes from a legitimate sender (like Information Technology)
3. Threatening or intimidating users into doing something quickly without checking.
4. Poor grammar and spelling.
5. Encourages users to click on a link in the email (which takes them to a server under the control of the criminals where they are asked to provide usernames, email addresses and old and new passwords)
6. The phishing server is not encrypted (http:// instead of https://) so passwords and user data are captured in plain readable text.

Here is what the phishing site looks like. It uses a “throw-away” website provider. The criminals will use this site for a couple of hours and then close it once they have obtained their intended victim’s personal data. (which makes it financially very lucrative!)

[ARTICLE BY DAVID WILES]

We all regularly get phishing scams on our mail boxes, and normally they do not pose a threat if we are not Standard Bank customers. However, if any of you are Standard Bank customers, then there might be a risk.

Today’s phishing mail comes from a forged e-mail address like info@standardbank.co.za.

The Subject line is usually: “Standard Bank: Account Statement June-2017” (or iterations of the month and year)

The body of the e-mail contains variations of the following:

Dear Customer

Regards
Standard Bank

There will be an HTML file attached which if you do double-click to open up, will give you a forged login page similar to the following, where you will be asked to fill in your bank card details, your PIN and your password – and if you are fooled, the scammers will gain access to your bank account.

The dangerous thing about this particular version is that there is a small JavaScript code embedded in the HTML file, which will run as soon as you visit the forged site, and will trigger and attempt to download malware onto your computer to steal data like passwords, bank account details, or to turn your computer into a “zombie” under their control to send out further email or to attack the university from within the network.

This week it might be Standard Bank, next week it might be ABSA or FNB or Nedbank. Phishing scammers are constantly changing their tactics.

Here are 5 easy tips to spot most phishing scams:

1. The sender’s e-mail may appear to be legitimate. It is easy for the criminals to forge an address to make it look like it is coming from the bank.
2. The e-mail is addressed to “Dear Customer”, with no specific name being mentioned. (Banks have enough information of their customers to be able to address you personally!)
3. Hovering your mouse cursor over any links will show a fraudulent URL – not the bank’s trusted web address.
4. The e-mail contains a link to ‘Logon” or “Update Details”. Banks will not ask you to access Internet banking directly through an e-mail.
5. The contents of the e-mail will be vague or reference a specific transaction which you would not normally conduct or receive.

The university’s spam and phishing filters are quite effective in blocking these forms of phishing emails, but common sense and becoming informed should always be your first line of defence!

[ARTICLE BY DAVID WILES]