Cape Town - Standard Bank customers, and especially those who do not pay too much attention to their UCount points, are being targeted by a particularly sophisticated phishing exercise.
Not only does the email page look like the genuine article, so too does the email address: 'ibsupport@standardbank.co.za'.
This address could easily be mistaken for the bank’s internet banking support.
In addition, the phishing email presents a log in link that does not redirect to the official Standard Bank website. Instead, the log in link redirects to a fake Standard Bank website (see screenshot below) that asks users to enter personal information such as a card number and password.
“We are getting quite a few calls about this,” an official at the bank’s financial crime control unit said.
Unlike any similar exercises aimed at gaining access to bank accounts, this one is sent to individual addresses, not the giveaway “undisclosed recipients”.
It even contains an accurate copy of the bank’s standard footnote.
The “come-on” message states: “You have accumulated over 62 000 UCount points which is equivalent to R6 200. Please log in here to complete the process” and is signed “The internet banking team”.
The fake email that tries to trick Standard Bank customers. (Terry Bell)“That’s the way they gain access and clean out accounts,” said the crime control unit official.
She stressed that bank’s would never send out such messages asking for customers to log in.
The fake log in web page. Note the URL which is not an official Standard Bank address. (Terry Bell)
Fin24 has reached out to Standard Bank for further comment on the phishing scam and will provide an update when the bank responds.
Have you been targeted by this scam? Tell Fin24 by clicking here.