MWEB and Absa clients have been targeted in a new e-mail phishing attack, where they are asked to open an attachment aimed at stealing their private information.
The email asks users to open an HTML attachment, which in turn opens a form in a browser which steals the victim’s personal details.
In the past, executable keyloggers were attached to emails to steal account information from victims.
However, most security services now block users from opening an attached executable file, as most of these files are malicious.
Scammers are now using HTML pages as attachments, where users are asked to provide their personal details in what appears to be a legitimate website.
In these scams, users are encouraged to open the attached email file, which opens in a browser and requests their username and password for a service.
This information is then sent to the criminal’s email address using a basic PHP script.
MWEB and Absa scam email
This is the method used in the latest email scam which is targeting MWEB and Absa clients.
The email, which claims to come from MWEB – but is sent from “firstname.lastname@example.org” – tells users that their “invoices and/or receipts and statement that you requested attached to this email”.
The attachment is the phishing page, which in this case uses the domain “jehovalchristofficeinternatona.co.za” to host the scripts.
Without looking at the HTML code, there are many warning signs that this is a scam email:
- The email does not come from MWEB or Absa. It should be noted that an email which comes from an @mweb.co.za or @absa.co.za does not automatically mean it is authentic.
- The email is poorly structured and contains poor grammar.
- There is no personalisation in the email, with a user’s name or account details.
- It mentions a PDF file, but the attachment is a .htm file.
- Users are asked to provide their personal details to view a file – a clear sign it is a phishing attack.