By Tom Head for The South African
If you’re a subscriber to the network, take note. At least five major DStv scams have been identified this year: here’s how to play it safe.
‘Tis the season to be cautious, folks. There are a myriad of DStv scams waiting to trip-up some unsuspecting victims this Christmas. The network have confirmed that a number of schemes have already been detected, and bosses have raced to warn South Africans about the dangers they face.
It isn’t just the technophobes and boomers that are getting duped by the sophisticated rouses, either. These DStv scams have caught-out people across the board. But what do we need to look out for?
The gift card phishing scam
Customers receive an email informing them that they’ve won a cash gift card or huge sums of prize money from a MultiChoice competition. However, targets are then asked to provide personal details in order to claim the prize. It’ll be for a competition you definitely didn’t enter, so please, don’t hand any of your information out.
The “final notice” SMS scam
Some DStv customers have received an SMS claiming to be from DStv demanding payment for a DStv Explora account. It threatens action if payment is not made today and includes banking details. However, the network do not send such crudely-worded communications. You can contact them to find out the status of your account if you feel unsure.
Recruiting for social media jobs
There are dangerous scams disguised as recruitment ads for MultiChoice. One of the most popular ones offers applicants the chance to be driven to an interview. MultiChoice does not offer such a service, under any circumstances. Use the Afrizan website to verify any offers.
The DStv Premiem upgrade scam
Opportunists are contacting customers – via email or telephone- and offering them DStv Premium for a fixed once-off fee per yea, where the customer pays the fee directly to the scammer. Customers are asked to disregard such offers, and they are asked to refrain from letting a third-party upgrade an account for them.
Say no to installation offers
Don’t let your desire for a festive bargain cloud your common sense. If someone offers you a discounted DStv subscription at a once off payment, treat this with suspicion and check it with the network. Anyone offering “free package upgrades” or “free DStv for life” in a cut-price deal will be trying to rip you off.
How to avoid these DStv scams
The network have issued the following statement, advising consumers on how they can stay safe this year:
“There are usually tell-tale signs that can help you spot if something is a scam. Like receiving an email or SMS from us claiming that you’ve won a huge prize for a DStv competition you never entered, and for which you must either pay a fee or verify yourself by sending personal details – sounds too good to be true? It probably is.”
“MultiChoice will never request your personal details via email or SMS – please do not hand over your personal information to anyone claiming to be from DStv. Always check the email address and emails containing spelling and grammatical errors. MultiChoice only use one domain for emails (multichoice.co.za).”
By Aaron Holmes for Business Insider US
The most effective way to protect yourself against hackers is to build good password habits, experts say.
Cybersecurity experts shared straightforward tips with Business Insider that can make it exponentially harder for hackers to break into your account.
There’s no reason that your password should be a single word – a “passphrase” consisting of multiple words is much safer.
If your password is one word, you’re doing it wrong – it’s time to upgrade to a multi-word “passphrase.”
Password strength is one of the most important pieces of online security. The vast majority of hacks result from phishing – the act of guessing users’ login credentials based on information gleaned from messages and online profiles – which stems from human error and is easily preventable.
Hackers are also developing increasingly sophisticated methods to track and exchange peoples’ passwords, making preventative action all the more crucial.
Business Insider spoke to cybersecurity experts, who outlined simple steps users can take to make sure their online accounts are secure. Here’s what they recommend.
“‘Password’ is a bit of a misnomer. What you should actually be using is a passphrase,” says Kiersten Todt, managing director of the Cyber Readiness Institute and a former cybersecurity adviser to the Obama administration.
“Make that passphrase as long and difficult as possible,” Todt added. Four words long is safe, and five is even safer.
Contrary to popular belief, it’s perfectly fine to use spaces in your password. Many major sites, like Google and Facebook, accept “space” as a valid password character.
A “passphrase” is stronger than a single password because it increases entropy, or the amount of randomness in a password, making it harder to guess.
The creators of ProtonMail, a security-minded email service, say multi-word passphrases are a solution to the problem that “we humans are bad at creating randomness, and we’re bad at remembering things.”
Unlike complex one-word passwords with lots of special characters, passphrases are easy to remember. If your ‘secure system’ isn’t easy to use, people won’t use it, negating the security benefit,” the ProtonMail team argues.
Even when using passphrases, it’s crucial to change your password: “The people who are getting hit by hacks are the low hanging fruit who reuse the same passwords,” according to Alex Heid, chief technology officer at SecurityScoreCard.
Retailers are increasingly coming under attack by cybercriminals, and there is little wonder why. They process payments on oftentimes unprotected Point of Sale (POS) systems, transfer large sums of money, and store and process sensitive customer information, such as banking and card information. They also process more online banking and card transactions. Cybercrime attacks on retail businesses tend to spike over the festive season, starting with Black Friday and Cyber Monday when transactions spike dramatically.
Protecting customers’ payment information at every stage of the payment process is vital. Point-to-Point encryption is becoming more critical as it facilitates secure communication channels between devices and company servers, and so protects payment data in transit. POS systems should be designed to encrypt sensitive data from credit cards the moment information is received and again when it is sent to the payment server, such as passwords, configurations and other critical confidential data. The Payment Card Industry’s Data Security Standard (PCI DSS) increases the governance around cardholder data to reduce credit card fraud. Many banks urge organisations to be PCI DSS compliant to have the right to make credit card payments. Review systems regularly to make sure these standards are followed.
“Most cyber-attacks on retail companies happen in the e-commerce space. However, in-store POS systems are not immune to the treats. With Black Friday around the corner and the festive season looming, it is a boom time for cybercriminals. Retailers must be aware and implement strategies to guard their businesses, both online and in-store,” says Charl Ueckermann, CEO at AVeS Cyber Security.
According to Ueckermann, AVeS Cyber Security has encountered numerous organisations that have limited to no protection on POS devices. This has a direct impact on cyber security for organisations because most times, the POS and corporate systems run on the same infrastructure and network. What this means is that when a POS system is compromised, a network breach can occur for the corporate network as well, leading to confidential client information breaches.
“Protecting POS systems, therefore, requires a multi-faceted and multi-layered approach. You want a highly-effective detection and protection tool to identify and remedy vulnerabilities proactively. The solution should have anti-virus capabilities specifically designed for POS systems. You also want to ensure that the POS software itself is up to date to the latest version, at all times. This is especially important for high transaction times, such as Black Friday and Cyber Monday.”
POS systems are vulnerable to attack when they are old or outdated because the software would not have been designed with today’s modern-day hackers in mind, making them vulnerable and susceptible to malicious code. Attacks on POS systems are becoming quite sophisticated, and cybercriminals are known to use both hardware and software to hijack payment card information and steal business data. Malware targeting POS systems is common and is one of the many ways to steal payment card details. Malware is used to obtain sensitive information, and in some cases, to even steal money directly from bank accounts.
“Your security technology should be able to detect malware, tampering, rooted/jailbroken POS devices, and more. The security stack should include a feature that proactively alerts retailers and POS providers when it is not safe to use the POS devices for making payments or performing other electronic transactions. If not, your system and your business will be vulnerable,” stresses Ueckermann.
Attackers also exploit mobile POS applications to steal personal and sensitive information that is used to make fraudulent purchases. This can result in big financial losses and damage to credit reputations for unsuspecting customers, and worse still, identity theft.
The backend of mobile applications can also be used by cybercriminals to compromise POS systems as well as the majority of business transactions that are processed on the server’s side. This gives them a way into internal business systems. Once the attacker gets inside the network or central system of POS vendors or retailers, they are able to access the compromised POS application as well as other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and Ueckermann says countless large-scale security breaches have been caused by this method.
He concludes: “The onus is on retailers to do the due diligence to protect their customers and data against cyber-attacks over the holiday shopping season and beyond. Strategies and measures should be in place to provide a safe and secure experience for customers online and in-store.
“Card and online payment processes should be secured and encrypted, controls should be in place to check and ensure the integrity of handheld POS devices, and mobile payment systems should be subjected to regular patches, updates, and equipment upgrades to protect against continually evolving threats.”
Source: Supermarket & Retailer
Criminals will likely target the influx of shoppers bustling to get their festive season shopping done over the next few weeks, says Charnel Hattingh, national marketing and communications manager at Fidelity ADT.
Hattingh said that shoppers should particularly cautious of follow-home attacks.
“We are urging all shoppers to be vigilant at malls and shopping centres and to be aware that we generally see a spike in follow-home incidents at this time of year,” she said.
In most cases shoppers are followed home from the malls and hijacked in their driveways.
“Criminals are aware these shoppers have a car full of newly-purchased items and are generally easy, distracted targets.”
“If you suspect you are being followed drive immediately to your nearest police station or security provider guardhouse,” Hattingh said.
Fidelity ADT said drivers should also remember general hijacking safety tips such as waiting in the road for the gate to open before driving in, and making sure the gate is closed properly behind the vehicle before getting out.
Safety tips at malls
“When in the mall or centre carry as little as possible in your handbag or pockets and rather leave unnecessary bank or store cards and large amounts of cash at home,” said Hattingh.
“A packed clothing store or supermarket is the prime hunting-ground for a pick-pocket or bag-snatcher. And, never leave a handbag, purse or wallet in a trolley.
“If you don’t use a bag or do not take one along, keep your wallet or purse in the front pocket of your jacket or trousers. Criminals are also targeting phones so make sure your phone is out of sight either in a zipped-up bag or in a front pocket.”
“If you are drawing large amounts of cash, take someone along to keep watch while you are at the ATM and to keep a lookout for any suspicious individuals or vehicles on the way home. If you can avoid drawing large sums of cash, do so. Electronic payments are the safer route,” she said.
Your safety outside the mall is just as important as it is inside, Fidelity ADT said.
“Before you exit the mall, have your keys ready so that no time is wasted to get your purchases and yourself into the car. This also means that you’ll be able to hold onto your handbag as you walk. If someone does try to snatch your handbag, let it go. Do not resist or fight back,” Hattingh said.
Lastly, she suggested avoiding shopping late at night.
“While the idea of a quieter shopping mall may seem appealing, you are more vulnerable in the car parks, mall bathrooms and the likes. If you have no other choice, be vigilant and report any suspicious individuals to the mall security.”
Armed gangs are increasingly invading construction sites across the country, harassing workers and threatening violence unless their employment demands are met.
Databuild CEO Morag Evans believes that unless contractors take a firm stand against these so-called business forums, also known as the construction mafia, the scourge will only get worse.
The violence first reared its ugly head in KwaZulu-Natal but soon spread to Gauteng, the Eastern Cape, Mpumalanga and eventually other provinces.
The attacks stem from the promulgation in 2017 of new regulations to the Preferential Procurement Policy Framework Act (PPPFA), which stipulate that 30 per cent of all contract value on state construction contracts must be allocated to certain designated groups, including black South Africans, women and people with disabilities.
Even though the regulations specifically refer to government contracts, private sector construction sites have also fallen prey to the violence.
The gangs demand either a 30% stake in the project or 30% of the total contract value in cash as “protection” against further violent disruptions and work stoppages. Recently, they have begun targeting shopping centres with demands to be employed as tellers or refuse collectors.
“Their actions amount to nothing more than extortion and giving in to these thugs only serves to encourage the abuse,” says Evans.
“The fact is,” she points out, “the perpetrators of these site disruptions have misunderstood the PPPFA regulations, which are geared to including designated groups in state contracts on a national level and do not necessarily refer to local communities.”
The damage inflicted by these gangs often means that projects are delayed for months, which causes costs to spiral, Evans continues. “Additionally, construction insurance policies do not always cover damage or loss in these circumstances. Consequently, many businesses, including black-owned small and medium enterprises, are facing financial ruin.”
Evans calls on law enforcement to be more proactive when it comes to the policing of construction sites to ensure the safety of workers and infrastructure and assist contractors in standing up to the gangs. “The police cannot work in isolation, however. Contractors have a responsibility to ensure that sites are properly demarcated with access-controlled entry and exit points. Effective safety and emergency measures, which include a communication plan, must be set up and additional security can also be employed, if necessary.
“Furthermore, politicians should refrain from creating unrealistic expectations for employment on construction projects. While the involvement of local contractors is essential, egotistical attempts to win popularity points merely fuel the disruptive attacks when false hopes cannot be met.
“There are also legal avenues to follow to mitigate the violence,” she adds. “Leading attorneys have won numerous court interdicts on behalf of construction companies against those inflicting the disruptions and claim significant success in radically minimising delays resulting from violence committed by business forum members.
“Harassment, violence and extortion are not the means to achieve transformation in the construction industry. Such actions are criminal in every sense of the word and cause more harm than good,” Evans concludes.
On 25 October, the City of Johannesburg tweeted that it had been the victim of a network breach, where it was forced to shut down various systems including its website, e-services, and billing systems.
Business Day reported that a ransom note, sent by Shadow Kill Hackers, demanded 4 bitcoin (about R435,000) before 28 October, or else it would upload the sensitive data online.
Nearly two weeks later, the City of Johannesburg’s website is offline and its call centre is unreachable, leaving residents unable to register for e-services or receive their bills.
The city has responded to complaints on Twitter, confirming that its systems are “temporarily down” – but there has been no further information about the cause of the outage or how long it will last.
According to MyBroadband, attempts to call City of Johannesburg hotlines reportedly “resulted in callers being told that the number does not exist, while attempts to access the City of Johannesburg’s website are unsuccessful.”
It is unclear whether the website’s current downtime is linked to the Shadow Kill Hackers’ cyber-attack.
South Africa is facing one of the largest cyber attacks it has ever seen, with banks, ISPs, and the government being targeted.
In the last two months:
- The City of Johannesburg fell victim to a cyberattack which led to its information systems becoming compromised, and its systems (including the website and billing) being such down. A ransom was demanded but the City is refusing to pay
- The banking industry was hit by a wave of DDoS attacks targeting consumer-facing services
- ISPs were hit by a number of DDoS attacks, as previously reported in My Tech News. In September, Cool Ideas and Atomic Access suffered an attack that severely affected their services; in October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days; and recently Afrihost, Axxess, and Webafrica were hit by a very large DDoS attack which affected DSL and fibre subscribers
Parmi Natesan, CEO of the Institute of Directors in South Africa (IoDSA), told MyBroadband that “these attacks should serve as a wake-up call to companies” – who may not be taking adequate steps to protect themselves.
Discovery Bank discovered a system flaw on Monday which allowed the incorrect credit card card verification value (CVV) numbers to be used for online payments.
The CVV is the last three digits on the back of a bank card, and is considered a critical as a last-ditch security measure against certain card fraud.
Business Insider South Africa was tipped off about the flaw, and on Monday morning was able to make payments with a random CVV code, such as 000.
- Discovery Bank said it was alerted about the issue last week
- The bank suffered no fraud losses due to the issue
- The flaw has now been fixed
- Previously, the Bank didn’t require further authorisation such as an OTP (one-time pin)
- When Business Insider later tried to use an incorrect CVV number, a call centre agent phoned to let them know it was incorrect us after the transaction to alert us that an incorrect CVV number had been used.
Passengers on a recent Mango flight from Johannesburg to Cape Town were terrified when the aircraft suddenly nosedived, forcing the pilot to make an emergency landing in Johannesburg. A subsequent investigation into the incident has highlighted the extent of South African Airways’ problems.
- A faulty part was fitted to the aircraft by SAA Technical
- SAA admitted that it has been infiltrated by an international criminal syndicate
- The syndicate has supplied the company with suspicious aircraft parts and looted “hundreds of millions of rands”
- Defective parts cause incidents such as the nosedive of the Mango Boeing 737
- Comair, which operates British Airways in South Africa, has ended its relationship with SAA Technical
- Airlines have been grounded for such activities
- The government has pumped almost R50-billion into the airline in the last decade
The National Stokvel Association of South Africa (Nasasa) is warning South Africans about WhatsApp stokvel scams which are targeting victims through social media.
These WhatsApp stokvels catch unsuspecting victims by promising them a large return on investment in a short period of time.
For a R200 upfront investment the scammers promise that people will be paid R1,200 if their recruit more people into the scheme.
Participants said that as soon as they paid their money to the “WhatsApp stokvel”, the rest of the members disappeared.
Andrew Lukhele, founder and chairperson of Nasasa, warned that these WhatsApp stokvels are pyramid schemes.
As it is a pyramid scheme, only a few people who form part of the stokvel will get paid out. The rest will lose their money.
Lukhele warned that criminals are using the popularity of stokvels to promote their scams.
The SA Police Service (SAPS) has also warned South Africans about these scams, saying that members of cash savings clubs (stokvels) must be cautious.
The SAPS said it has received multiple complaints from people who were scammed by criminals through a WhatsApp stokvel.
The police have asked the victims of the scams, or those who have knowledge about them, to contact the SAPS Crime Stop helpline on 0860 010 111.