There is currently a phishing email making the rounds claiming to be from PSG Wealth.
Be on the lookout for an email requesting you to update your personal information, as your PSG online “profile details will expire”. The link redirects users to a page that looks like the PSG securities trading website, but is a clever forgery.
PSG have assured us that they will never send you an email asking to provide sensitive information online. So it is important to check the validity of any such emails before you respond to requests like these.
Below is an example of one such mail:
There are 3 obvious signs that this mail is fraudulent:
- The sender´s email address (`from´ address) is disguised to look like it comes from PSG Wealth. The message is actually sent from a different address that does not match our PSG email addresses (using an @psg.com.sa address instead of an @psg.co.za address).
- The recipient is not specified.
- The website link provided is not to a PSG domain address and the website is not indicated as being secure. (no little padlock icon or https: in the URL)
What should you do if you have already provided your details in responding to this phishing scam?
If you responded to such an email, login to your account by typing psg.co.za into your browser window and reset your password immediately.
Continue to monitor your account for any unauthorised transactions and alert PSG immediately if you note any suspicious transactions.
Avoid becoming a victim in future: (This applies to all phishing scams, not just this fraudulent scam)
- Type in website addresses – do not follow links embedded in emails.
- Do not reuse passwords, especially for financial sites.
- Do not click on attachments, unless you know who they are from and are expecting the document in question.
- Never part with your login details.
If you are not sure that a request for information is legitimate, rather contact the company to verify its authenticity.
~~~
Report the spam/phishing mail to the following addresses:
help@sun.ac.za and sysadm@sun.ac.za.
Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.
[Article by David Wiles]