Publications
Partners
Cape Town - Phishing is a serious problem in the banking sector, with the local industry constantly featuring in the top five of countries experiencing the highest rates of phishing attacks on customers.
Despite this, the number of successful phishing attempts and the value of losses remain low because of the vigilance of banks and clients against these attacks, according to the South African Banking Risk and Identification Centre (Sabric).
After receiving yet another FNB dupe story from one of our users, Fin24 asked a financial crimes and risk management expert at SAS institute, Colin Hill, to analyse two scam emails and a fake FNB website to help consumers avoid phishing traps. This is what he found:
The first thing I would look at is the mail address and the website addresses.
We are dealing with professionals and they have the skills and technology to duplicate a web page and insert their links to mostly hacked websites or a dormant website. As soon as you click on the link, they download a piece of code onto your machine specifically to detect what your account numbers and passwords are.
The scariest thing is that most people use the same password to log on to their computer and log into Face Book, Twitter and their bank accounts, and they never ever change them.
Fraud syndicates know that and use it to their advantage. Let’s look at the screenshots below.
Standard Bank
• The sender email address does not belong to Standard Bank ib@standardbank.co.za, and is probably not an official Standard Bank mail address.
• If you do not bank with Standard Bank, why would you get mail stating that you have received a deposit?
• Let’s look at the links in the web page (right click on the link and say copy hyperlink, then paste this in a Word document).
You will see the following “http://panolink.com/agarawu/moving” – not a Standard Bank website.
This is a hacked site and should you click on it, you will receive a message indicating that the Java settings are insecure and need an update. In doing this, you would download a piece of Java script onto your laptop.
Windows will phone your personal computer, which will then start key logging everything you do on your machine.
The perpetrators will have computer programs which collect and analyse the data to determine all the personal information which is used on your device. So, they have the ability to use this information to get to your funds.
FNB
Similar to the Standard Bank email, the FNB website address is a dead give-away: Harvesthillfarms.net (harvesthillfarm.net/fnb/index.php) is a very authentic duplicated website which will, as described above, have viruses linked to it that will infect your device as soon as you try to open the link to the website.
Other telltale signs are:
• There are no official bank logos on the email.
• Close inspection on the FNB email address reveals mailto:6266277282@fnb-refundsspecial.com; this is not an authentic FNB email address.
• In both cases, there is no sender name. Banks usually send an email, especially a marketing one, from a named person and never anonymously.
• From the mail “This is as a result of our new resolution to give back to our loyal customers.” Surely if FNB is giving funds back to customers, they would use the media to say it as it is big branding opportunity for them.
• The copyright clause is outdated as banks have to renew their copyright annually. “Regards, © Copyright 2010 FNB.")
• Why would they use Absa’s name in an FNB email? I speak under correction, but I doubt if any banks were registered in 1929 in South Africa: “All rights reserved. Absa Bank Limited registration number: 1929/001225/06. Authorised Financial Services Provider and a registered credit provider (NCRCP20).”
Sabric and Hill offer these safety tips
• The above are some basics on how to determine whether it is a scam email, but you should never respond to emails appearing to be from your bank that request your personal details.
Remember, no bank will ever ask you to confirm or update your account details via email.
• Do not open email from unknown sources - delete them immediately, even if the title and sender details appear to be related to your bank.
• Never follow a link on an email to access your bank's webpage.
Always access the webpage by physically typing the name of the web address that you were given when you signed up for internet banking in your browser, and confirm that you are on a secure site by looking for the little "lock" icon on your browser before logging on.
• Never provide your online ID, password or PIN to anyone and never write them down or share them - not even with a bank official.
• Place sensible transaction limits on your accounts.
• Probably the most important of all, change your logon passwords regularly – at least bi-weekly, but the more frequently, the better.
If you have had a possible intrusion, change all your passwords immediately.
• Never have the same password for all your access points and do not make your passwords too personal - rather create passwords that have letters and numbers that cannot be attributed to you.
• Do not keep a password reminder document on your desktop or in your handbag or luggage.
• Do not leave your computer unattended after you have entered your internet banking password.
• Always log off or sign off at the end of a session.
• Avoid doing internet banking in public areas such as internet cafés, or on any computer that can be accessed by people you do not know.
• Do not access Wi-Fi hotspots if you do not have an antivirus program running, as hackers use these hotspots to access your device without having to send you an email.
• Never leave your phone or laptop Bluetooth connection on in shopping centres as your device can be hacked, accessed and all you information collected.
• At all times have an up-to-date antivirus as well as some form of firewall installed on your device to detect and delete malicious code.
• Never just accept any USB flash drive from anybody, unless you have ensured that there is no virus on it. You can also set up your antivirus so that external USB devices are screened first before you open any file.
• Provide your credit card details to reputable companies only.
- Fin24
*Have you ever been scammed? Tell us your story and get published.
Despite this, the number of successful phishing attempts and the value of losses remain low because of the vigilance of banks and clients against these attacks, according to the South African Banking Risk and Identification Centre (Sabric).
After receiving yet another FNB dupe story from one of our users, Fin24 asked a financial crimes and risk management expert at SAS institute, Colin Hill, to analyse two scam emails and a fake FNB website to help consumers avoid phishing traps. This is what he found:
The first thing I would look at is the mail address and the website addresses.
We are dealing with professionals and they have the skills and technology to duplicate a web page and insert their links to mostly hacked websites or a dormant website. As soon as you click on the link, they download a piece of code onto your machine specifically to detect what your account numbers and passwords are.
The scariest thing is that most people use the same password to log on to their computer and log into Face Book, Twitter and their bank accounts, and they never ever change them.
Fraud syndicates know that and use it to their advantage. Let’s look at the screenshots below.
Standard Bank
• The sender email address does not belong to Standard Bank ib@standardbank.co.za, and is probably not an official Standard Bank mail address.
• If you do not bank with Standard Bank, why would you get mail stating that you have received a deposit?
• Let’s look at the links in the web page (right click on the link and say copy hyperlink, then paste this in a Word document).
You will see the following “http://panolink.com/agarawu/moving” – not a Standard Bank website.
This is a hacked site and should you click on it, you will receive a message indicating that the Java settings are insecure and need an update. In doing this, you would download a piece of Java script onto your laptop.
Windows will phone your personal computer, which will then start key logging everything you do on your machine.
The perpetrators will have computer programs which collect and analyse the data to determine all the personal information which is used on your device. So, they have the ability to use this information to get to your funds.
Similar to the Standard Bank email, the FNB website address is a dead give-away: Harvesthillfarms.net (harvesthillfarm.net/fnb/index.php) is a very authentic duplicated website which will, as described above, have viruses linked to it that will infect your device as soon as you try to open the link to the website.
Other telltale signs are:
• There are no official bank logos on the email.
• Close inspection on the FNB email address reveals mailto:6266277282@fnb-refundsspecial.com; this is not an authentic FNB email address.
• In both cases, there is no sender name. Banks usually send an email, especially a marketing one, from a named person and never anonymously.
• From the mail “This is as a result of our new resolution to give back to our loyal customers.” Surely if FNB is giving funds back to customers, they would use the media to say it as it is big branding opportunity for them.
• The copyright clause is outdated as banks have to renew their copyright annually. “Regards, © Copyright 2010 FNB.")
• Why would they use Absa’s name in an FNB email? I speak under correction, but I doubt if any banks were registered in 1929 in South Africa: “All rights reserved. Absa Bank Limited registration number: 1929/001225/06. Authorised Financial Services Provider and a registered credit provider (NCRCP20).”
Sabric and Hill offer these safety tips
• The above are some basics on how to determine whether it is a scam email, but you should never respond to emails appearing to be from your bank that request your personal details.
Remember, no bank will ever ask you to confirm or update your account details via email.
• Do not open email from unknown sources - delete them immediately, even if the title and sender details appear to be related to your bank.
• Never follow a link on an email to access your bank's webpage.
Always access the webpage by physically typing the name of the web address that you were given when you signed up for internet banking in your browser, and confirm that you are on a secure site by looking for the little "lock" icon on your browser before logging on.
• Never provide your online ID, password or PIN to anyone and never write them down or share them - not even with a bank official.
• Place sensible transaction limits on your accounts.
• Probably the most important of all, change your logon passwords regularly – at least bi-weekly, but the more frequently, the better.
If you have had a possible intrusion, change all your passwords immediately.
• Never have the same password for all your access points and do not make your passwords too personal - rather create passwords that have letters and numbers that cannot be attributed to you.
• Do not keep a password reminder document on your desktop or in your handbag or luggage.
• Do not leave your computer unattended after you have entered your internet banking password.
• Always log off or sign off at the end of a session.
• Avoid doing internet banking in public areas such as internet cafés, or on any computer that can be accessed by people you do not know.
• Do not access Wi-Fi hotspots if you do not have an antivirus program running, as hackers use these hotspots to access your device without having to send you an email.
• Never leave your phone or laptop Bluetooth connection on in shopping centres as your device can be hacked, accessed and all you information collected.
• At all times have an up-to-date antivirus as well as some form of firewall installed on your device to detect and delete malicious code.
• Never just accept any USB flash drive from anybody, unless you have ensured that there is no virus on it. You can also set up your antivirus so that external USB devices are screened first before you open any file.
• Provide your credit card details to reputable companies only.
- Fin24
*Have you ever been scammed? Tell us your story and get published.
