{"id":8636,"date":"2015-09-28T12:04:36","date_gmt":"2015-09-28T10:04:36","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=8636"},"modified":"2016-01-18T14:49:51","modified_gmt":"2016-01-18T12:49:51","slug":"phishing-scam-ibanking-confirmation","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2015\/09\/phishing-scam-ibanking-confirmation\/","title":{"rendered":"<!--:en-->Phishing scam: Ibanking confirmation<!--:-->"},"content":{"rendered":"<p><!--:en--><\/p>\n<p>Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly executed with some glaring mistakes, but nevertheless they still catch people in South Africa. (Did you know that according to a report from the South African Banking Risk Information Centre (SABRIC), South African were scammed out of R2.2 billion by phishing scams in 2013 alone.)<\/p>\n<p>Below is a e-mail that is making its rounds again, this time from Capitec.<\/p>\n<p>Note several tell-tale signs that this is a phishing scam:<\/p>\n<ul>\n<li>The email has improper spelling or grammar<\/li>\n<li>The hyperlinked URL is different from the one shown (this one comes from a hijacked domain based in the USA)<\/li>\n<li>The email urges you to take immediate action<\/li>\n<li>The email requests for personal information<\/li>\n<li>\u2026and for the technically-inclined the most obvious mistake is the IP address.<\/li>\n<\/ul>\n<p>[IP addresses are a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network. These addresses are 4 sets of numbers each between 0 and 255 (256 unique values) The university\u2019s IP address ALWAYS begins with 146.232\u2026]<\/p>\n<p>In this case the IP address is fake. There will <span style=\"text-decoration: underline;\">never<\/span> be an IP with a value of 362\u2026<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p><strong>From:<\/strong> Capitec. [<a href=\"mailto:sysadm@sun.ac.za\">mailto:capitec@cnserv.co.za<\/a>]<br \/> <strong>Sent:<\/strong> 25 September 2015 12:57 PM<br \/> <strong>To:<\/strong> Victim, IAMA, Mej &lt;<a href=\"mailto:iamavictim@sun.ac.za\">iamavictim@sun.ac.za<\/a>&gt;<br \/> <strong>Subject:<\/strong> Ibanking confirmation<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Dear valued Client<\/strong><\/p>\n<p>An ip address 82.128.362.135 made some incorrect logon attempts<br \/> with your remote pin.<\/p>\n<p>Please respond to this by following the reference below and you<br \/> will be guided through the secure restore process.<\/p>\n<p><a href=\"https:\/\/blogs.sun.ac.za\/it\/2015\/02\/13\/outwit-phishing-attempts\/\"><strong>Restore ebanking access<\/strong><\/a> (this link has been cleaned up and is no longer a danger)<\/p>\n<p>You may experience future problems with your<br \/> online access by failing to attend to this matter.<\/p>\n<p><strong>Ebanking Service<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p style=\"text-align: right;\">[ARTICLE BY DAVID WILES]<\/p>\n<p>&nbsp;<\/p>\n<p><!--:--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly executed with some glaring mistakes, but nevertheless they still catch people in South Africa. (Did you know that according to a report from the South African Banking Risk Information Centre (SABRIC), South African were [&hellip;]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,29187],"tags":[48684],"class_list":["post-8636","post","type-post","status-publish","format-standard","hentry","category-email","category-security-2","tag-capitec"],"publishpress_future_action":{"enabled":false,"date":"2026-05-09 11:06:38","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/8636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=8636"}],"version-history":[{"count":4,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/8636\/revisions"}],"predecessor-version":[{"id":8640,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/8636\/revisions\/8640"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=8636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=8636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=8636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}