FedEx cut its annual profit forecast, citing the $300m cost of a June cyberattack on its TNT Express unit.

The courier now expects to earn no more than $12.80 a share in the fiscal year ending in May after excluding certain items, FedEx said in a statement on Tuesday. That’s down from an original projection of as much as $14 and less than the $13.10 average of analysts’ estimates compiled by Bloomberg.

The global cyberattack in late June struck as the company was stepping up spending to handle more packages from the expansion of online shopping. FedEx also said results at its ground-shipment unit weighed on results, as did Hurricane Harvey, which caused flooding along the US Gulf Coast.

“The first quarter posed significant operational challenges due to the TNT Express cyberattack and Hurricane Harvey,” CEO Fred Smith said in the statement.

FedEx had no insurance to cover the attack, which forced TNT to manually process some transactions.

Shares drop

FedEx fell 2% to $211.61 after the close of regular trading in New York.

Global operations outside the TNT unit weren’t affected by the virus, which entered the unit’s systems through tax software used in the Ukraine. FedEx said it found no evidence of a data breach or information lost to third parties.

The shipper also was among companies hit by the WannaCry ransomware in May, although it said that attack didn’t cause a material disruption to its systems or raise operating costs. Companies around the world struggled to retake control of their networks after the intrusions, which cost them hundreds of millions in potential revenue.

FedEx acquired Dutch shipping company TNT Express for $4.8bn last year to gain an extensive parcel delivery system in Europe to compete with United Parcel Service and Deutsche Post’s DHL. The just-completed quarter was the first in which FedEx reported TNT results as part of its Express division. TNT primarily serves industrial, automotive, high-tech and health-care industries.

FedEx already had planned a 16% expansion in capital spending this year to $5.9bn, after delaying some projects at FedEx Ground to help it process more of the growing number of e-commerce shipments and to boost margins. Deliveries to homes generally have lower yields than to businesses because fewer items are delivered at each stop.

The shipper also said its first quarter profit fell to $2.51 a share, compared with analysts’ average expectation of $3. Sales in the period ended August 31 rose 4% to $15.3bn, compared with the average estimate of $15.35bn.

By Mary Schlangenstein for Fin24

KPMG: too big to fail?

KPMG is struggling to survive and its recent restructuring and public pronouncements have not helped its cause either.

The hollow ring of the excuse proffered by KPMG interim chief operating officer, Andrew Cranston, that “we were only the doers” must be like a red rag to a bull for Pravin Gordhan and all those SARS employees besmirched by the KPMG SARS rogue unit report.

The destruction which this report has wrought on key management at SARS, its institutional reputation, and the long-term negative effects on our country’s economy might never be fully calculated. It would not be dramatic to suggest that in the long-term, KPMG’s complicity in this report might eventually cost South Africa hundreds of billions of rand.

The admission made by Cranston not only increases the culpability of KPMG in its overt contribution to state capture, but also brings into stark relief the fact that KPMG, both locally and internationally, seem unable to discern right from wrong and appear unable to grasp the concept of real contrition.

Since when was the trigger-man acting on behalf of a “client” not the “doer” in the committing of a hit and since when was the trigger-man not criminally liable?

But for the leaked Gupta emails, the partners of KPMG would have felt no guilt as they, like fat men at a smorgasbord, feasted on their annual partnership profits significantly increased by fees of dubious reports and questionable audits. And even now, as the extent of their malfeasance becomes more evident, they continue to resist with half-hearted excuses of “mistakes made and painful lessons learned”. Adding further insult to injury is the paltry R63-million in reparations which KPMG International has now offered our country.

To the partners of KPMG South Africa, that is simply not good enough. It isn’t good enough to offer a few sacrificial executive lambs and claim “but we didn’t know” and then speak of the importance of improving quality standards while hoping that the news cycle will move on.

As partners of KPMG, you cannot plead ignorance of the fact that your firm has conducted itself in an errant fashion and in breach of the Rules of Professional Conduct over a number of years – this was not a once-off mistake or an isolated error of judgement.

Perhaps it is too late now for KPMG’s South African operation, and if so, then what of its 3,400 employees and is KPMG too big to fail? Curiously, in the midst of the corporate crisis facing KPMG, the firm is clutching at every possible straw to justify its survival. Among these might possibly be the argument that they are too big to fail, which is as unconvincing an argument as the notorious “SARS Report”. The fact is that the statute requires that all companies are audited and it follows that volume of audit work will remain the same with or without KPMG. Importantly, not everyone at KPMG is unethical. If KPMG collapses then the great majority of competent and ethical staff of KPMG will find immediate and gainful opportunities in larger as well as mid-tier audit firms who will have to step up to fill the gap left by KPMG.

The collapse of KPMG might also provide a genuine opportunity to scale up a number of medium size audit firms, especially the “empowered firms”. The demise of KPMG will also help reduce the oligopolistic concentration of the large audit firms and will help promote more healthy competition within the profession.

It is true that the KPMG saga has shocked the SA business sector. But this is an interesting case of ethical destruction. After all, this is how a market economy should deal with its faulty and unethical firms. The case has also created a golden opportunity for SA corporations, and the business sector more broadly, to undertake a genuine and constructive recalibration of their ethical framework across all spheres. There is little doubt that all businesses could raise their ethical standards.

In particular, the collapse of KPMG should be a warning siren for the other audit firms to reassess their internal processes and their corporate governance mechanisms. This is vital for socio-economic development because in modern societies, underpinned by complex financial and economic structures, the audit firms play a unique and pivotal role in assuring that resources are used with probity and propriety. To this end, a number of measures need immediate consideration. For example, corporate SA should adopt the principle of “auditor rotation”, as importantly the audit companies themselves need to appoint non-executive directors with appropriate governance competencies; and external audit firms need to focus on audit work and avoid technical advisory work. Corporate finance advisory operations have no place within audit companies. The notion of “Chinese walls” within the audit firms simply does not work, as KPMG clearly demonstrates.

As often said, we should not waste a good crisis. The KPMG crisis should definitely not be wasted on the SA business and the country at large. The crisis is a stark reminder that our nation needs to re-examine the ethics of doing business, whether in the private or in the public sector. We have no time to prevaricate. Company directors, chairpersons of the boards, and members of the audit committees in particular need to act with vigilance and urgency. As Martin Luther King, Jr reminded us: “It is always the right time to do the right thing.”

By Iraj Abedian and Simon Mantell for The Daily Maverick

Ropemaker: a new email security weakness

Most people live under the assumption that email is immutable once delivered, like a physical letter. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing.

Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.

Described in more detail in a recently published security advisory, Mimecast has been able to add a defense against this exploit for our customers and also provide security recommendations that can be considered by non-customers to safeguard their email from this email exploit.

So what is ROPEMAKER?

The origin of ROPEMAKER lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML. While the use of these Web technologies has made email more visually attractive and dynamic relative to its purely text-based predecessor, this has also introduced an exploitable attack vector for email.

Clearly, giving attackers remote control over any aspect of ones’ applications or infrastructure is a bad thing. As is described in more depth in the ROPEMAKER Security Advisory, this remote-control-ability could enable bad actors to direct unwitting users to malicious Web sites or cause other harmful consequences using a technique that could bypass common security controls and fool even the most security savvy users. ROPEMAKER could be leveraged in ways that are limited only by the creativity of the threat actors, which experience tells us, is often unlimited.

Changing this:

Into this, post-delivery (without having direct access to the user’s desktop):

To date, Mimecast has not seen ROPEMAKER exploited in the wild. We have, however, shown it to work on most popular email clients and online email services. Given that Mimecast currently serves more than 27K organizations and relays billions of emails monthly, if these types of exploits were being widely used it is very likely that Mimecast would see them. However, this is no guarantee that cybercriminals aren’t currently taking advantage of ROPEMAKER in very targeted attacks.

For details on email clients that we tested that are and are not exploitable by ROPEMAKER and the specifics on a security setting recommended by Apple for Apple Mail, please see the ROPEMAKER Security Advisory.

Is ROPEMAKER a software vulnerability, a form of potential application abuse/exploit, or a fundamental design flaw resulting from the intersection of Web technologies and email? Does it really matter which it is? For sure attackers don’t care why a system can be exploited, only that it can be. If you agree that the potential of an email being changeable post-delivery under the control of a malicious actor increases the probability of a successful email-borne attack, the issue simplifies itself. Experience tells us that cybercriminals are always looking for the next email attack technique to use. As an industry let’s work together to reduce the likelihood that the ROPEMAKER style of exploits gains any traction with cybercriminals!

by Matthew Gardiner for Mimecast

 

Top cybersecurity tips for small businesses

Small businesses and self-employed people are big targets for hackers, and the financial implications can be crippling. Gone are the days of thinking “It’ll never happen to us.” A total of 61% of all data breaches this year occurred in businesses with fewer than 1,000 employees, according to the Verizon Data Breach Investigations Report.
Not only have hacks increased in frequency, but the impact on SMEs is getting much bigger.

But where do you begin? Many SMEs feel that being as secure as a big business is impossible. Corporations have large budgets, chief security officers and entire teams dedicated to cybersecurity. This perception stems from the impression that hacks are vastly complicated, and rely on a tireless horde of highly skilled attackers. Most hacks aren’t like that. The majority depend on poor passwords and a lack of awareness of what a hacker actually needs to compromise your systems — a simple phishing email or a leaked password and they’re in. It’s that simple.

Educating yourself and your staff is the only solution. Hackers always look for soft targets, so start with the basics.

1. Get a strong password

A total of 80% of hacking-related breaches use either stolen passwords and/or weak or guessable passwords. Getting a strong password is the bare minimum. What’s more, it’s easier than you think. A lot of people don’t know that you can use spaces in your passwords, for example: “horse mug table” is much a much better password than “Horse123.”

2. Then make your password unique

Having a single strong password doesn’t count for much if that password then gets leaked. We’ve seen massive, trusted companies like LinkedIn and Yahoo leak millions of passwords over the last few years, which opens the door to wide-ranging cyber attacks. Password managers like LastPass and OnePassword help you generate and keep track of unique and strong passwords.

3. Know what to look out for with phishing

Hackers are constantly sending “phishing” emails, trying to get you to click on their website so that they can install malware or convince you to give them your password. Understanding what a hacker is trying to do and what to look out for is key. Poor syntax, incorrect spelling, or email addresses and links that include a lot of full stops (for example, amazon.getcode.tickets.phishingattack.com ) are all key warning signs to look out for.

4. Understand the information you’re already giving away

Phishing attacks rely on the amount of information we share about ourselves online. Famously the hackers behind the celebrity iCloud leak in 2014 used information they’d gained from public posts to guess the answers to user’s secret questions. If your secret question is “The city I was born in” and you post that information on Facebook, then hackers have an easy way into your account.

5. Pay attention to Web page URLs

When you see “http” in a web page URL that means your communication with that page is unencrypted. Any communication could be easily read by a hacker waiting on that page; “http” is a warning sign to look out for if you ever think you might have stumbled onto a phishing or generally suspect website. If you’re ever entering sensitive information like credit card numbers or personal details, make sure the website has “https” in the website url. That way you’re more secure.

6. Update your software

Software is updated for a reason. Usually companies like Microsoft or Apple will discover a vulnerability that might let hackers in, fix it, then offer an update. Always take them up on it. We saw with the WanaCry attack earlier this year what happens when organizations don’t install patches (updates bringing computer systems to the most up-to-date version) and security updates. Unpatched vulnerabilities offer gaps into your systems that hackers use to install malware and ransomware, or to just gain control of your systems.

7. Encrypt everything

Should a breach happen, you want to make sure whatever information hackers get their hands on is, at the very least, difficult for them to understand. Encrypting your hard drives and databases with a modern algorithm like AES256 is a key defensive tool to protect your data in the event of a breach. It’s quick and easy to do. For more info you can check out this post by FreeCodeCamp to do it in under an hour.

Knowledge is the key to cybersecurity, but it’s important to think about the underlying structure of your business and the way it handles data more broadly. Organization-wide controls and data-protection policies help define sound technological defense, and ensure you know how to respond in the event of a breach. Just remember that industry standards like an ISO27001 certification and SOCII are beneficial, but only when combined with education and good user behavior.

By Sam Nixon for CIO Today

Counting the cost of corruption

Corruption costs the SA gross domestic product (GDP) at least R27 billion annually as well as the loss of 76 000 jobs that would otherwise have been created, according to Minister of Economic Development Ebrahim Patel.

This is according to a recent exercise by his department to quantify the cost of corruption in the public sector, based on just a 10% increase in price in infrastructure projects as a result of corruption.

Collusion increases the costs of doing business, stunts the dynamism and competitiveness that is needed and has a negative impact on growth and jobs, Patel said at the Competition Law, Economics and Policy Conference at the Gordon Institute of Business Science.

The culture of “rampant acquisition” is spreading so widely that the professional standards of integrity which are a hallmark of functioning institutions are under enormous pressure. There are some troubling matters to address in looking at corruption and the collusion therewith by professional firms, from auditors to lawyers and others.”

A World Bank study on competition in SA noted, for instance, that in the case of four cartels in maize, wheat, poultry and pharmaceuticals – products which make up 15.6% of the consumption basket of the poorest 10% – conservative estimates indicate that around 200 000 people stood to be lifted above the poverty line by tackling cartel overcharges.

“There are things we can do, practical things, while the wider battle to ensure integrity in the public and private sectors is pursued,” said Patel.

The construction industry, through the seven largest companies, for example, has embarked on a major transformation programme, with three prominent companies selling a large block of their shares to black South Africans. In all, the deal will place construction turnover of “billions of rand” in the hands of black South Africans over the next seven years.

Competition policy is going through something of a golden age, with enormous public interest in the work of the competition authorities and widespread public debate on what is done and what should be done.

Public interest

“The past seven years have seen a focus by government on the public interest consequences of mergers and acquisitions, specifically on employment, small business development, ownership by black South Africans and local industrial capability,” said Patel.

“This is not surprising in a society with so many people who are unemployed, where poverty levels are deep, many citizens feel excluded from the economy and wider inequalities threaten the social stability of our still-young democracy. This is a fertile field for demagogues who offer simplistic solutions to the many who are desperate.”

He pointed out that some commentators, lawyers and economists – while acknowledging the extent of the problems of joblessness – have asked whether it is the proper remit of competition policy to deal directly with unemployment and with the strong focus on public interest issues.

“Two decades ago, economic goals in many countries were framed in the language only of rates of economic growth, with the widespread presumption that growth always, often automatically, results in wider benefits for society,” said Patel.

“Today we live in a wiser world where there is compelling evidence that strong growth has in many cases gone with deepening inequalities and social exclusion, for example of young people. Today there is a broad consensus on the need for inclusive growth.”

There is also a growing constituency of policy-makers across the world who see value in well thought-out and transparent public interest conditions being attached to mergers and acquisitions to bring out the inclusivity of the growth.

“In 1994, at the start of the democratic era, the new incoming government identified high levels of economic concentration as a critical challenge. Today, some 23 years later, the public discussion has returned to this issue,” said Patel.

Manufacturing

In research currently being done on concentration ratios in the manufacturing sector, preliminary results suggest that the top five firms in the sector as a whole accounted for 13.7% of total manufacturing sales in 2011. By 2014 this had risen to 16.2%.

In a three-year period, the data seem to show a growth of 2.5 percentage points in market share – or based on estimated rand value, it may be equivalent to as much as R54bn of additional sales that, had market share ratios remained the same, would have gone to smaller firms.

“Some of this may be due to efficiency gains or other reasons that could be enhancing overall welfare. But clearly, if increased concentration has the effect of displacing smaller companies, issues of social equity loom large. These levels of concentration may be economically unjustified and, if so, should be addressed,” he emphasised.

Racially skewed

In addition, many parts of the economy are still faced with stubbornly racially-skewed ownership profiles, according to Patel.

“The exclusion of most historically disadvantaged South Africans from the ability and opportunity to own productive assets must be remedied to unlock the competitive and development benefits of full participation by all in the economy,” he said.

“The effect of these two structural features of these markets is to stunt economic growth, prevent entry of new players, reduce consumer choice, limit the levels of innovation and dynamism in the economy and feed a growing resentment among black South Africans of the failure to realise the promises made by the Competition Act and the vision of the constitution.”

Source: Business Tech

South Africa’s most dangerous cities

National crime statistics offer only cursory indicators to understand crime levels. The second State of Urban Safety report, to be released on Wednesday, offers a city-by-city breakdown and seeks to understand why certain crimes thrive in different urban areas. Once again, Cape Town topped most categories of violent crime.

Nelson Mandela Bay and Buffalo City round out the top three in the list of South Africa’s most dangerous cities.

Compared to eight other cities, the City of Cape Town has the highest rates of murder, robbery and property-related crimes in South Africa, says a new report produced by the Urban Safety Reference Group (USRG), working with the South Africa Cities Network (SALC) and the GIZ-Inclusive Violence and Crime Prevention (VCP) Programme.

The key question is, why? “Cape Town’s urbanisation indicators are moderately serious, with a lower rapid population growth than Johannesburg and Tshwane, and a lower population density than Johannesburg and Ekurhuleni. Its marginalisation factors also compare very well to the other cities: Cape Town boasts the lowest level of poverty (as measured by the Human Development Index), the lowest income inequality, and the second lowest youth unemployment rate,” reads the report.

“An answer may lie in the disproportionate access to alcohol, drugs and firearms, which is more than twice that of any other city.”

The 2017 State of Urban Safety Report breaks down crime statistics in the country’s nine largest urban areas and puts them alongside subjective, social, structural and crime prevention strategies to add deeper insight.

Cities are responsible for a disproportionate amount of crime. The nine urban areas covered in the report are home to approximately 40% of the country’s residents, but they account for 77% of carjackings, 74% of vehicle thefts, 64% of aggravated robberies, 58% of residential robberies and 47% of murders. “These statistics show that cities are places not only of opportunity but also of inequality and high levels of violence and crime,” said SACN CEO Sithole Mbanga and GIZ-VCP programme manager Terence Smith.

The report pointed to key problems in Nelson Mandela Bay. Between 2014/15 and 2015/16 the municipality’s short-term increases in crime appeared worse than any other city. If they continue, interpersonal violent crime could reach Cape Town’s levels. Of the nine cities, Nelson Mandela Bay had the second highest murder rate, third highest robbery rate, and was fourth in assault and sexual offences. A key problem might be the city’s youth unemployment, the highest of any of the measured cities.

While residents reported low levels of fear and experience of crime in Mangaung, the city also has key problems. The report found it had the highest rate of sexual offences and second highest level of serious assault and property-related crime. Manguang and Cape Town were the only cities to record increases in the murder rate in the last decade.

Buffalo City has seen general declines in the crime rates over the last decade, like most cities, but it has problems potentially related to its service deprivation, high levels of informal housing, youth unemployment and income inequality. Buffalo City came in first for assault, second for sexual offences and third for murder.

Gauteng metros again faired surprisingly well. “Compared to the other cities, the City of Johannesburg’s crime rates are low to moderate, except for robbery where it ranks second,” said the report, suggesting the city must focus on reducing robbery, in particular carjacking and residential robbery, which Johannesburg had the highest rates of when the numbers were broken down. Despite the city’s reasonable successes on crime, residents still have “moderately high levels of fear of crime”. The report said Johannesburg’s crime issues are largely related to its lead position in rapid population growth and the effects of urbanisation and inequality. The city had the highest level of income inequality among the nine measured.

Ekhurhuleni’s challenges mirror Johannesburg’s. It had comparatively low rates of most crimes, but robbery was dominant and the city ranks second to Johannesburg in both population density and income inequality. “The City of Tshwane has the lowest murder, assault and recorded sexual offences rates of all the cities,” said the report. However, it still featured significant rates of robbery and non-violent property crime. Tshwane came in second after Johannesburg in terms of population growth, which could cause crime problems if poorly managed.

Crimes and the experience of crime are not the same within a city and one of the 2017 State of Urban Safety Report’s strongest points is its analysis on three hotspots – Johannesburg’s Hillbrow, eThekwini’s KwaMashu and Cape Town’s Philippi East. Each area has disproportionately high levels of crime compared to their cities and effective strategies in such hotspots could help reduce a city’s overall crime.

One of the most interesting results from interviews in the three hotspot areas is that residents significantly limit their involvement in public life and economic activity because of their fear of crime. In interviews, around 40% of respondents s from Hillbrow, KwaMashu and Philippi east said they are scared of running a business from home, passing forest or bushy areas, or letting their children play outside because of their fear of crime.

Interviews in the three areas revealed there are six core factors across the hotspots that lead to rampant crime:

There’s a lack of people who can deter offenders from committing crimes, such as police, security or community members;
Offenders’ obviously have their own motives;
They can isolate and target a victim;
They have access to weapons or transport to commit a crime;
There’s a dearth of close contacts who can convince someone not to commit a crime;
And, neglected spaces with poor infrastructure are more prone to crime.
“South African cities face a myriad of cross-cutting factors that drive violence and crime, including rapid population growth, social incoherence (family disruption), poverty, income inequality, (youth) unemployment and substance abuse,” reads the report.
It says South African cities do have progressive policies to combat crime, but it makes a number of recommendations.

The report says all city service delivery plans must take into account crime and safety issues. Plans shouldn’t just involve communities but all spheres of government, civil society and the business sector. It recommends that SAPS precincts align their boundaries to municipal demarcations. The level of crime data collected from cities must improve to inform policy planning and cities must allocate sufficient resources to improving safety and leveraging their efficiencies.

By Greg Nicolson for Daily Maverick

Beware this Apple phishing scam

A new Apple phishing scam is doing the rounds.

The scam informs user that their “Apple ID’ has been locked and threatens them with the fact that their information is now insecure.

In order to fix the “issue”, users are requested to follow a link which looks on the surface like an Apple-related site. Browsers and anti-virus quickly block the site as suspicious.

City of Joburg hit by malware

The City of Johannesburg has said it suspected that malware has infected one of the servers hosting its Web site, causing major downtime last week.

This is just one in a long string of woes for the city.

The billing system, inherited from the ANC when the DA won the metro, has been in crisis for some months. The City tried to fix it by rolling out a new system, which automatically requires payment on the 15th of the month unless rate payers ask for it to be the 28th, by way of e-mail or the call centre.

As a result of the change in date, as well as a lack of postal notices and SMS notices, many household have unintentionally fallen behind in payment – or worse, have not, but have been cut off anyway. Re-instatement of electricity is a costly and time-consuming exercise, and falling behind on payments can impact credit ratings.

Local councillors instructed their ward members to use the CoJ Web site to ensure they know what they owe and don’t fall behind on payments.

However, the city’s website – https://joburg.org.za/ – was inaccessible through browsers like Google Chrome for almost two days last week, due to a malware warning from Google.

When attempting to access the site, Google’s safe browsing warning turns users away, stating that it contains harmful content – including pages that “send visitors to harmful websites”.

The city said it was aware of the issue, and had an investigation underway.

“Preliminary indications suggest that one of the servers hosting the website may be infected with malware. It is also possible that the outage may be a result of corrupted code,” said the City of Johannesburg.

“Fortunately, the city’s customer data has not been compromised as it resides in separate servers.”

According to the ZACR’s records, the City of Johannesburg is the registrant of the domain, while Internet Solutions is the sponsoring registrar.

Although the issues with the site have since been fixed, it leaves many questioning what kind of security is in place for one of the city’s most important databases.

Source: MyBroadband; My Office News

How to identify a scam e-mail

Spam, scam e-mails and phishing: every day we receive hundreds of e-mails that may or not be linked to criminals trying to steal information from us.

My Office News took a look at an email we received and dissected it piece-by-piece to show you how to identify spam.

 

When the short link is clicked, it redirects to a site that downloads malware to your device.

Should you receive an email from someone claiming to be a service provider (such as a bank or ISP), rather call their main office to check the validity of the information.

Myth, busted: the missed-call scam

Warnings of a “one-ring scam” in which telephone customers return hang-up calls from foreign phone numbers, only to find they’ve been charged hefty fees and have their details stolen, are only partly true.

Although returning the call can cost some serious money, rumours are rife that these calls can somehow result in your list of contacts being downloaded or your banking details being compromised. This is fake news.

The scam
Telephone customers return one-ring calls from foreign phone numbers and are charged hefty fees.
This scam has been brought to the fore recently by news networks like MyBroadband and The Citizen, while providers such as Vodacom and MTN have sent customers warnings.

South Africans who received missed calls from as far afield as Guinea returned the calls, only to find that they have been billed exorbitant amounts, even if they were only on the line for a short time.

“Someone just told me she called back a missed call from Guinea and got charged R780 for a few seconds!” social media law specialist Emma Sadleir reported on Twitter.

MTN told MyBroadband that this is the resurgence of an old scam that originated in Japan known as Wangiri.

Wangiri literally translates to “one and cut”, implying that the phone is allowed to ring once before cutting the call.

Computers randomly dial numbers and drop the calls in the hope that unsuspecting victims will return them, only to be billed at premium rates.

“Our investigation has found that some of these numbers are designed to prolong customers to stay longer on the line by a recorded ring-tone or a long recorded message,” MTN says.

Vodacom sent out an advisory about the surge in Wangiri fraud, and told its clients not to return calls from unknown international numbers.

Fact versus fiction
Here’s the fact and the fiction surrounding this scam.

False: Returning a “one-ring” foreign call will enable scammers to download your contacts list and access your financial account information.
This is an impossibility. The only way this information can be compromised is if you provide the scammer with it.

True: Phone scammers sometimes lure potential victims through the use of “one-ring hang-ups”. Numbers can be set up to charge a premium fee, and when calls are returned unsuspecting victims are billed exorbitantly.
Scammers may also use their wits to elicit sensitive and confidential information from victims, such as financial details.

Origins
The “one ring” telephone scam is similar in form to the venerable 809 area code scam in that both involve trying to dupe unwary phone customers into calling a foreign phone number in order to stick them with hefty charges. While the 809 scam involves sending pages, faxes, voicemails, or e-mail messages that supposedly relay important information (e.g., news about a distressed family member or a notification of prize winnings) in order to lure the recipient into calling a provided phone number, the “one ring” scam employs a simpler technique: the scammers place calls to blocks of phone numbers (sometimes with the use of robo-call devices), disconnect each call after a single ring, and hope that the owners of some of those numbers will be curious enough to call back.

Dubbed “one-ring hang-ups,” the scheme targets millions of mobile-phone lovers. Unscrupulous operators make thousands of random calls from normal phone lines, letting the phones ring once before hanging up. They count on inquisitive folk, or those anxious not to miss a single call, ringing back the number shown on their screens.

Once hooked, the victims of the “one ring” scam are supposedly separated from their money through a variety of means: keeping them on the line for as long as possible while they rack up international call tolls, duping them into unknowingly calling premium-rate phone numbers (akin to the 900 Pay-Per-Call services), or enticing them into signing up for pricey services. As with the 809 scam, however, it appears that the prevalence of the one-ring scam and the potential damages its victims might suffer are considerably lower than the circulated warnings about it often suggest.

It’s certainly not true, as stated in the example cited above, that the mere act of calling a particular number would allow a phone user’s contacts and banking information to be stolen by someone else. That sort of information would be compromised only if another party somehow hacked into the user’s phone (via a malicious app or other code) and/or the user actively did something to enable access to it. (In either case, there’s no obvious reason why such a scheme would require the victim to place a call to the information-stealer rather than the other way around.)

Some versions of this warning maintain that “You may also be charged a monthly fee for joining some club you know nothing about. By calling the number, you ‘authorize’ them to place a fee on your cellphone bill.” However, it seems to be more the case that victims aren’t subscribed to services simply through the act of calling a phone number, but rather that the scammers use social engineering techniques (including harassment) to persuade them to subscribe to pay services or give out their credit card information.

Those who do [call back] find themselves listening to advertisements for all sorts of dodgy services. Some firms try to hook callers into subscribing, say, to high-priced chat-lines or Internet services. Others dupe callers into providing credit-card numbers. Using caller-identification in reverse helps to harass more users. Some victims decide it is easier to pay than face fresh hassles. Even if only a small fraction are snared, it is still a lucrative ploy: their own charges are small since they never give their quarry a chance to answer.

Other versions of the warning caution that cell phone owners who return one-ring calls are charged $19.95 for an “international call fee” and then a “$9.00 per minute charge” on top of that. But Sprint currently lists its standard rate for placing calls from U.S. cell phones to the countries mentioned in the above example (Belarus and Latvia) at between $2.65 and $2.69 per minute (and as low as $0.41 to $0.43 per minute if the caller subscribes to an international long-distance plan), so a victim who returned such a

call and stayed on the line for a couple of minutes before hanging up might realistically be out $5 or so in toll charges. Phone customers can generally get any “premium service” (i.e., “international call fee”) charges tacked on to such a call reversed by contacting their phone service providers and documenting the circumstances of the call.

Many forms of this warning list specific country/area codes that phone users should never place calls to (because of their association with various phone scams), including 473 (Grenada), 268 (Antigua), 876 (Jamaica), 809 (the Dominican Republic), 375 (Belarus), 371 (Latvia), and 284 (the British Virgin Islands). There is, of course, nothing wrong with connecting to numbers with these country/area codes if you happen to know whom you’re calling: all cautions regarding the one-ring scam (and similar schemes) apply only to solicitations to contact entities unknown to you. If you have to call a number associated with a dialing code that’s unfamiliar to you, you can use a code lookup site to check it out first.
Do not return phone calls from foreign numbers you do not recognise. If the person on the other end is legitimately looking for you, the chances are they will not hang up are one or two rings, and they will leave a voicemail message.

By Barbara Mikkelson for Snopes; Jan Vermeulen for MyBroadband

Platinum:

       

Gold:

Silver:

           

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top