Don’t become a victim of Internet crime
There are pros and cons to the Internet technologies we use on a daily basis. The minute the first bank account was available online criminal syndicates started thinking of ways to defraud innocent accountholders of their hard-earned cash. These syndicate
The Internet allows savvy users to send email communications to thousands (if not millions) of recipients with a single click. This enables criminals to embark on large scale ‘phishing’ operations in an attempt to steal the identities of unsuspecting victims. Criminals use this ill-gotten information to ‘steal’ money from victims’ account.
Anyone fancy a bit of phishing?
Phishing is a complex fraud that relies on the marvels of the Internet. It is the art of duplicating a trusted online resource such as a website, luring unsuspecting users to the site by sending a fraudulent email, and then using the website to steal personal information. The modus operandi of a typical phishing attack is to make the victim believe the email is from a trusted company, usually your bank or utilities company. The email encourages you to take care of some urgent administrative issue by logging on to the company’s website. But instead of taking you to the trusted institution’s website the link redirects you to a fake website, often an exact clone of the trusted site. Any sensitive information you share on this website ends up in the hands of white collar criminals. If you don’t take proper precaution you end up disclosing bank account login details, credit card numbers and pins and other personal information including addresses, identity numbers etc.
There is no end to the creative tactics these criminals will employ. Bogus emails reported to Standard Bank have catchy ‘call to action’ titles like: Alert – Online Account Directives, Standard Bank Account Information – Access Suspended, Your Online Account Is Currently Suspended and Internet Banking Profile Locked!
Phishing success hinges on how believable the first contact is. Consider, for example, the latest scam that parades as an ‘extra’ tax refund from the South African Revenue Services (SARS). “After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 2,482.50 ZAR,” reads the opening line. Everyone hates SARS so the promise of a refund immediately gets a taxpayer’s attention. The email raises few suspicions. It’s believable because the email headers and subject lines have been doctored to simulate an official SARS email. It’s only when you check the link the email redirects you to that you become suspicious. Instead of taking you to a secure SARS website you end up travelling to the very dodgy: http://mp#.co.##/mp#/administrator/ to claim your refund.
The ‘scream out loud’ lottery scam
There are various other phishing scams you should be aware of. One of the most popular is the ‘lottery’ email. We’ve won hundreds of Yahoo! lotteries in recent months. We expect many naïve Internet users fall victim to this con given its popularity. The email introduction is always similar: “Your email address has won GBP 820,000.00…” trumpets the lead paragraph. All you have to do to claim your prize is to contact [insert name here] by email at [insert questionable email address here] or telephone. The latest trend is for the fraudsters to include a flaky certificate as proof of your windfall.
The example we feature in today’s article leads with: “This is to inform you that you have won prize money of eight hundred twenty thousand Brittish Pounds (£820, 000, 00) for the 2010 prize promotion, which is organized by Yahoo Awards and Windows Live.” If you’re one of the suckers who opened the certificate for a closer look you should become immediately concerned by the poor grammar, incorrect spelling and amateurish document layout. Another dead giveaway is the obviously fake reply email address. A company claiming to hold in excess of R10m of your money won’t operate from a hotmail account. Take care though – because we’ve seen some pretty impressive ‘fakes’ in recent times.
The con-artists encourage you to send your full name, country, contact address, telephone number, fax number, marital status, occupation, date of birth and sex. And then the fun begins. If you provide this information the con-artists usually attempt to ‘recover’ a range of administration fees from you. Play their game and you’ll soon be out of pocket. No official lottery is going to demand an admin or other processing fee before they pay out! Besides, if you have R10 million coming your way the prize fund administrators could simply deduct any fees from your winnings!
Our Yahoo! lottery email gets even more unreal: “For security reasons, you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize,” reads the mail. “This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program by some unscrupulous elements.” They must think the average Internet user is crazy!
Ways to avoid becoming a victim of email scams
Standard Bank suggests you protect yourself by doing the following:
· Never give your personal details to anyone without making sure that they are who they say they are;
· Bank representative will never ask you for personal or banking information via email;
· You should view emails and pop-up windows asking for your personal information with the same amount of suspicion you would the person behind you in an ATM queue;
· Treat emails that appear to be from banks asking for personal details with suspicion;
· Never reply to suspicious emails or get into a conversation with the sender;
· Never provide your personal details, for example, your PIN or account details by email;
· Do not follow any links in emails to reach your Internet banking website. Choose instead to enter your website address manually.
In the event you fall victim to a phishing attack you should contact your bank immediately. Most banks also offer email addresses to which you can forward suspected phishing emails.
Editor’s thoughts: Some phishing attacks are so poorly implemented that you’d have to be blind to fall for them. They promise ridiculous prizes in competitions you haven’t entered, for example. Others are pretty sophisticated, but if you remain vigilant you should be able to avoid such forms of identity theft. Have you been the victim of a phishing attack? Add your comments below, or send them to [email protected]
Comments