The South African Banking Risk Information Centre (SABRIC) has warned bank clients that cybercriminals are exploiting the current “Coronamania” panic to spread Coronavirus scams.
Coronavirus scams exploit people’s concerns for their health and safety and pressure them into being tricked using social engineering. Social Engineering is manipulative and exploits human vulnerability because criminals know that the weakest link in the information security chain is the human being.
These new scams include spoofed emails offering products such as masks, or fake offerings of vaccines, leading to phishing websites. These emails come from seemingly realistic and reputable companies which manipulate people into clicking on links. Some of these websites prompt the user for personal information which ending up in the hands of cybercriminals.
Cybercriminals are also using SMS Phishing, more commonly known as SMishing, to trick victims into clicking on a link disguised as information on a Coronavirus breakout in their area to steal their credentials. Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the Coronavirus.
Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.
“Although some spoofed emails can be difficult to identify, we urge bank clients to think twice before clicking on any link, even if an email looks legitimate. Any suspicious emails should not be opened and are best deleted,” says SABRIC acting CEO, Susan Potgieter.
SABRIC urges bank clients to take note of the following tips to protect themselves:
Phishing and SMishing
- Do not click on links or icons in unsolicited emails
- Never reply to these emails. Delete them immediately
- Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm
- Check that you are on the authentic/real site before entering any personal information
- Do not click on links or icons in unsolicited SMSs
- Do not reply to these SMSs. Delete them immediately
- Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
- Regard urgent security alerts, offers or deals as warning signs of a hacking attempt