{"id":12209,"date":"2017-06-19T14:43:21","date_gmt":"2017-06-19T12:43:21","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=12209"},"modified":"2017-09-29T11:51:49","modified_gmt":"2017-09-29T09:51:49","slug":"phishing-scam-disguised-as-a-standard-bank-account-statement","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2017\/06\/phishing-scam-disguised-as-a-standard-bank-account-statement\/","title":{"rendered":"[:en]Phishing scam disguised as a Standard Bank account statement[:]"},"content":{"rendered":"

[:en]<\/p>\n

We all regularly get phishing scams on our mail boxes, and normally they do not pose a threat if we are not Standard Bank customers. However, if any of you are Standard Bank customers, then there might be a risk.<\/p>\n

Today\u2019s phishing mail comes from a forged e-mail address like info@standardbank.co.za<\/a>.<\/p>\n

The Subject line is usually: \u201cStandard Bank: Account Statement June-201<\/strong>7\u201d (or iterations of the month and year)<\/p>\n

The body of the e-mail contains variations of the following:<\/p>\n

\n

Dear Customer<\/p>\n

Attached to this e-mail is your Standard Bank account statement.<\/p>\n

Click the download button and follow the easy instruction.<\/p>\n

Regards
\n Standard Bank<\/em><\/p>\n

\n

 <\/p>\n

There will be an HTML<\/strong> file attached which if you do double-click to open up, will give you a forged login page similar to the following, where you will be asked to fill in your bank card details, your PIN and your password \u2013 and if you are fooled, the scammers will gain access to your bank account.<\/p>\n

\"\"<\/a><\/p>\n

The dangerous<\/strong> thing about this particular version is that there is a small JavaScript code embedded in the HTML file, which will run as soon as you visit the forged site, and will trigger and attempt to download malware onto your computer to steal data like passwords, bank account details, or to turn your computer into a \u201czombie\u201d under their control to send out further email or to attack the university from within the network.<\/p>\n

This week it might be Standard Bank, next week it might be ABSA or FNB or Nedbank. Phishing scammers are constantly changing their tactics.<\/p>\n

Here are 5 easy tips to spot most phishing scams:<\/strong><\/p>\n

    \n
  1. The sender\u2019s e-mail may appear to be legitimate. It is easy for the criminals to forge an address to make it look like it is coming from the bank.<\/strong><\/li>\n
  2. The e-mail is addressed to \u201cDear Customer\u201d, with no specific name being mentioned. (Banks have enough information of their customers to be able to address you personally!)<\/strong><\/li>\n
  3. Hovering your mouse cursor over any links will show a fraudulent URL \u2013 not the bank\u2019s trusted web address.<\/strong><\/li>\n
  4. The e-mail contains a link to \u2018Logon\u201d or \u201cUpdate Details\u201d. Banks will not ask you to access Internet banking directly through an e-mail.<\/strong><\/li>\n
  5. The contents of the e-mail will be vague or reference a specific transaction which you would not normally conduct or receive.<\/strong><\/li>\n<\/ol>\n

    The university\u2019s spam and phishing filters are quite effective in blocking these forms of phishing emails, but common sense and becoming informed should always be your first line of defence!<\/p>\n

    [ARTICLE BY DAVID WILES]<\/p>\n

    [:]<\/p>\n","protected":false},"excerpt":{"rendered":"

    [:en] We all regularly get phishing scams on our mail boxes, and normally they do not pose a threat if we are not Standard Bank customers. However, if any of you are Standard Bank customers, then there might be a risk. Today\u2019s phishing mail comes from a forged e-mail address like info@standardbank.co.za. The Subject line […]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,29187],"tags":[20381],"class_list":["post-12209","post","type-post","status-publish","format-standard","hentry","category-email","category-security-2","tag-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 07:09:56","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=12209"}],"version-history":[{"count":9,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12209\/revisions"}],"predecessor-version":[{"id":12296,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12209\/revisions\/12296"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=12209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=12209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=12209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}