Tag: scam

Whatsapp Stokvels are back

By Bombi Mavundza for Business Insider SA

Despite the name change, the ‘stokvel’ still has the same modus operandi. Members deposit R200 – and hope to make huge profits.

The National Stokvel Association of SA (Nasasa) has previously warned South Africans that WhatsApp stokvels are most likely to be pyramid schemes rather than genuine savings vehicles – and those who have joined them have probably been scammed.

Like most pyramid schemes, the first few to join received a pay-out, but those who followed often lost all their money.

Many victims who have joined such stokvels in the past have seen group administrators disappear after making payments into the stokvels.

According to Nasasa founder and chairperson of Nasasa, Andrew Lukhele, scammers were using the popularity of stokvels to create pyramid schemes and take advantage of people.

Traditional stokvels are based on trust where everyone in the stokvel knows each other, and the terms of payout have already been set.

The Whatsapp scams often involves anonymous people, so it is impossible to track or trace the money when it disappears.

A stokvel, derived from “stock fair”, is a savings scheme where a group of people come together to save or increasing invest together.

Source: Abnormal Security

Attackers have been impersonating notifications from Microsoft Teams in order to steal the credentials of employees. Recently, Microsoft Teams has seen one of the largest increases in users as a result of the shift to remote work given the ongoing COVID-19 pandemic.

Since the onset of the COVID-19 outbreak and the shift to remote work, there has been a remarkable increase in the usage of collaboration software. This particular attack impersonates Microsoft Teams, one of the leading collaboration software tools in widespread use.

Email attack
These attackers crafted convincing emails that impersonate automated notification emails from Microsoft Teams. The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider. In one of the attacks, the sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated to either Microsoft or the IRS.

Payload
Attackers utilise numerous URL redirects in order to conceal the real URL used that hosts the attacks. This tactic is employed in an attempt to bypass malicious link detection used by email protection services:
In one attack, the email contains a link to a document on a domain used by an established email marketing provider to host static material used for campaigns. Within this document there is an image urging the recipient to log in to Microsoft Teams. Once the user clicks this image, the URL takes the recipient to a compromised page which impersonates the Microsoft Office login page.
In the other attack, the URL redirect is hosted on YouTube, then redirected twice to the final webpage which hosts another Microsoft login phishing credentials site.

Result
Should the recipient fall victim to this attack, this user’s credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user’s Microsoft credentials via single-sign on.

Why is this attack effective?

  1. Convincing e-mail and landing page – the email and landing page the attackers created were convincing. The webpages and the links the email direct to are visually identical to legitimate Microsoft Teams and Microsoft login pages. Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials.
  2. Timing – given the current situation, people have become accustomed to notifications and invitations from collaboration software providers. Because of this, recipients might not look further to investigate the message.
  3. Urgency – a recipient may feel more compelled to quickly login to access the page because of the urgency felt when contacted by a coworker.

Beware of these corona-related scams

The South African Banking Risk Information Centre (SABRIC) has warned bank clients that cybercriminals are exploiting the current “Coronamania” panic to spread Coronavirus scams.

Coronavirus scams exploit people’s concerns for their health and safety and pressure them into being tricked using social engineering. Social Engineering is manipulative and exploits human vulnerability because criminals know that the weakest link in the information security chain is the human being.

These new scams include spoofed emails offering products such as masks, or fake offerings of vaccines, leading to phishing websites. These emails come from seemingly realistic and reputable companies which manipulate people into clicking on links. Some of these websites prompt the user for personal information which ending up in the hands of cybercriminals.

Cybercriminals are also using SMS Phishing, more commonly known as SMishing, to trick victims into clicking on a link disguised as information on a Coronavirus breakout in their area to steal their credentials. Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the Coronavirus.

Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.

“Although some spoofed emails can be difficult to identify, we urge bank clients to think twice before clicking on any link, even if an email looks legitimate. Any suspicious emails should not be opened and are best deleted,” says SABRIC acting CEO, Susan Potgieter.

SABRIC urges bank clients to take note of the following tips to protect themselves:

Phishing and SMishing

  • Do not click on links or icons in unsolicited emails
  • Never reply to these emails. Delete them immediately
  • Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm
  • Check that you are on the authentic/real site before entering any personal information
  • Do not click on links or icons in unsolicited SMSs
  • Do not reply to these SMSs. Delete them immediately
  • Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
  • Regard urgent security alerts, offers or deals as warning signs of a hacking attempt

SABRIC (South African Banking Risk Information Centre) has warned bank clients to protect their mobile devices.

The theft of mobile phones is not a new phenomenon; however, there is an emerging trend where mobile phones that are being snatched from owners, affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.

Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment. Despite these benefits you must always remain vigilant because your mobile phone stores far more information than you may be aware of. This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account

“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously,” says Susan Potgieter, acting CEO of SABRIC.

There are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you:

  • Criminals access all open applications on your unlocked phone and view your sensitive data
  • Social engineering is used to obtain your usernames and passwords stored in the cloud
  • Vishing might occur, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PIN’s or passwords
  • Phishing occurs where you are sent an email, which you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PIN’s or passwords. Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited.
  • Your credentials could also be compromised through shoulder surfing in public places such as restaurants.

In the event that your mobile phone is lost or stolen, borrow a phone and contact your bank immediately so that they can deactivate your banking app, block cards on other apps containing your bank card details and block your bank account. Make sure you always have your banks hotline number stored somewhere other than on your mobile phone. If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to Vish or Phish you. If you receive an email or SMS after doing this, don’t click on any links as these are not safe.

“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, however, their highest priority should be protecting their money,” concludes Potgieter.

Tips for banking clients

PINS and passwords

  • Reset/change your passwords and PINs often
  • Set different and complex passwords for each app or service. Ensure that these are not stored on a password manager app or on the phone itself
  • Never save your banking app username and password on your device in the contacts or notes
  • Never autosave your banking app username and password on your device
  • Disable the autosave function on your smart phone
  • Ensure that you have set additional security controls on your device for adding biometrics such as fingerprint or facial recognition, for instance you can enable your device to ask for the device password to add another person’s biometric on your device.

Behaviour

  • Do not click links in SMSes or emails stating that your lost or stolen device has been located as criminals use this as a way to get your banking app credentials
  • Always be vigilant by being aware of who is around you when using your phone in public

Your device

  • Treat your mobile device the same way you would treat your bank card
  • Pickpocketing is prevalent so ensure that your handbag or and backpacks are properly closed or zipped
  • If your mobile device is lost or stolen notify your Bank immediately to freeze your banking profile and prevent the perpetrators from using your banking app
  • In addition, contact your mobile service provider to block/stop your SIM card and handset to prevent criminals from getting any One Time PINs for fraudulent transactions
  • If your Apple device is stolen, log onto to your iCloud account to restore all factory settings so that all your personal data is wiped from the device
  • Avoid using Public WiFi “hotspots”. It is risky to connect your smartphone to just any available WiFi hotspot. Savvy hackers can spoof a WiFi connection and gain access to usernames and passwords stored on your smartphone
  • Consider keeping your banking app on two devices – this will enable you to block the stolen mobile from the other device and also change the log in credentials at a moment’s notice. Most banks will still ask you to call them to report the theft to ensure that all access is blocked for the stolen phone. Your bank can also advise how to get passwords changed
  • When calling the bank to report the phone as stolen, request that they place a temporary hold on your entire account to allow you the time to change, replace and update all of your info

Banking app

  • Always log out of your banking app manually once you have finished transacting
  • Keep your daily EFT and ATM limits low as some banking apps and internet banking profiles will require that contact be made with the bank before the limit can be increased on your profile

By Phillip de Wet for Business Insider SA

Scammers are separating helpful South Africans from their money in what appears to be a wave of fraud that relies on hijacking WhatsApp accounts – and then simply asking for money.

The scammers first take control of a victim’s phone number, usually by porting the number to a new service provider, and so associating it with a SIM card under their control. That allows them to receive confirmatory SMSes from WhatsApp, and so take control of an existing account, while the now-offline victim is none the wiser.

Now able to impersonate the victim, the scammers access the phone numbers of friends and acquaintances, in many instances seemingly just waiting for incoming messages, or by way of WhatsApp groups to which the victim belongs. Then they simply ask for money.

Number porting has in the past often been used to intercept one-time PIN (OTP) numbers – but that requirers scammers to have control of bank accounts, either by skimming credit card information or stealing login details for online banking.

In the current wave of scams, the attackers do not need such access. Friends of victims are asked to send money via services such as First National Bank’s eWallet, which sends the code required to withdraw money from an ATM via SMS – with the cash immediately available.

As of Wednesday it was not yet clear how widespread the new scam was, with network operators saying they were detecting only a small number of fraudulent attempts to port numbers – while many people said they were receiving worrying notifications, or had already seen their friends approached for money.

Here’s how to protect yourself against both sides of the latest WhatsApp hijacking scam.

Turn on security notifications in WhatsApp.
WhatsApp security code settings
WhatsApp will alert you when a contact changes their phones – if you let it. For those in many big WhatsApp groups – with people who like to switch phones – the constant messages that a contact’s “security code has changed” can becoming annoying, so some people turn it off.

If you are one of those people, turn those notifications back on by going to “settings”, then selecting “account”, and from there “security”.

Should a “friend” ask for money shortly after their security code changes, be extremely suspicious.

Don’t ignore porting SMSes.
Cellphone companies will send out notification, by SMS, before porting a number – but will consider no response as permission. If you receive an SMS that warns your number is to be ported, do not ignore it.

If you are worried that message might be a scam in itself, phone your network provider on the usual service number.

Don’t turn off your phone if you’re getting annoying calls.
Some victims of porting say they were bombarded by annoying phone calls before their numbers were hijacked. The idea behind constantly ringing your number is to make you turn off your phone – so that you won’t receive porting notifications, and won’t notice you have suddenly been kicked off the network.

If someone keeps phoning then putting down the phone before you can answer, or you keep receiving calls with nobody on the other side, assume you are being scammed, and rather put your phone on silent while watching out for SMSes.

Don’t ignore a loss of cellphone signal.
If your phone suddenly won’t connect to your mobile network – and you aren’t in the middle of nowhere, or in an area being load-shed – assume your number is being hijacked, and get in touch with your network service provider as soon as possible.

Don’t register a new WhatsApp account if you change phone numbers, update your number instead.
Some victims of WhatsApp identity fraud believe they were impersonated after their former, abandoned cellphone numbers were recycled by network operators.

If you are switching numbers and want to be sure nobody can pretend to be you in future, you can change the phone number associated with your WhatsApp account.

If you really care about your security, enable the PIN function on WhatsApp.
WhatsApp 2-step verification
For ultimate protection, you can create a six-digit PIN number in WhatsApp, without which it should be impossible to register on the service – so that no number-porting scam or other mechanism will let someone steal your identity.

There is no better way to protect yourself, but this two-step verification measure comes with a couple of caveats. If you do not associate an email address with that PIN, or lose access to the email address you register, you are in deep trouble if you ever forget your PIN. Also, WhatsApp will from time to time demand the number from you, which could get annoying.

The PIN activation is under “settings”, “account”, and then “two step verification”.

Five DStv scams to avoid this Christmas

By Tom Head for The South African

If you’re a subscriber to the network, take note. At least five major DStv scams have been identified this year: here’s how to play it safe.

‘Tis the season to be cautious, folks. There are a myriad of DStv scams waiting to trip-up some unsuspecting victims this Christmas. The network have confirmed that a number of schemes have already been detected, and bosses have raced to warn South Africans about the dangers they face.

It isn’t just the technophobes and boomers that are getting duped by the sophisticated rouses, either. These DStv scams have caught-out people across the board. But what do we need to look out for?

The gift card phishing scam
Customers receive an email informing them that they’ve won a cash gift card or huge sums of prize money from a MultiChoice competition. However, targets are then asked to provide personal details in order to claim the prize. It’ll be for a competition you definitely didn’t enter, so please, don’t hand any of your information out.

The “final notice” SMS scam
Some DStv customers have received an SMS claiming to be from DStv demanding payment for a DStv Explora account. It threatens action if payment is not made today and includes banking details. However, the network do not send such crudely-worded communications. You can contact them to find out the status of your account if you feel unsure.

Recruiting for social media jobs
There are dangerous scams disguised as recruitment ads for MultiChoice. One of the most popular ones offers applicants the chance to be driven to an interview. MultiChoice does not offer such a service, under any circumstances. Use the Afrizan website to verify any offers.

The DStv Premiem upgrade scam
Opportunists are contacting customers – via email or telephone- and offering them DStv Premium for a fixed once-off fee per yea, where the customer pays the fee directly to the scammer. Customers are asked to disregard such offers, and they are asked to refrain from letting a third-party upgrade an account for them.

Say no to installation offers
Don’t let your desire for a festive bargain cloud your common sense. If someone offers you a discounted DStv subscription at a once off payment, treat this with suspicion and check it with the network. Anyone offering “free package upgrades” or “free DStv for life” in a cut-price deal will be trying to rip you off.

How to avoid these DStv scams
The network have issued the following statement, advising consumers on how they can stay safe this year:

“There are usually tell-tale signs that can help you spot if something is a scam. Like receiving an email or SMS from us claiming that you’ve won a huge prize for a DStv competition you never entered, and for which you must either pay a fee or verify yourself by sending personal details – sounds too good to be true? It probably is.”

“MultiChoice will never request your personal details via email or SMS – please do not hand over your personal information to anyone claiming to be from DStv. Always check the email address and emails containing spelling and grammatical errors. MultiChoice only use one domain for emails (multichoice.co.za).”

Look out for these five WhatsApp scams

By Jamie McKane for MyBroadband

WhatsApp has become the most prominent messaging platform across many parts of the world, offering a range of features which enable faster and more convenient communication.

The application also boasts impressive security, with end-to-end encryption delivering secure communication.

Due to its high rate of adoption, however, it has also become a targeted platform for scammers and attacks which aim to either compromise the user’s details or infect their device with malware.

The nature of these scams and attacks is constantly evolving, but we have listed five of the most prominent and dangerous scams currently in circulation below.

SIM-swop takeover
SIM-swop fraud is one of the biggest threats to South African WhatsApp users, considering the meteoric rise in the number of cases reported over the last year.

By committing SIM-swop fraud and taking ownership of your number, a user can easily and instantly install WhatsApp on their own smartphone and log in with your account.

The two-factor authentication message will be sent to the number used to log in, which the attacker will now have access to.

From here, they can easily scam your contacts to divulge information or send them money by impersonating you.

This type of attack is also a serious threat to the security of platforms which use SMS two-factor authentication – including many banking apps.

Users should check immediately with their cellphone provider if reception on their cellphone is lost for no apparent reason, as this is the first sign that SIM-swop fraud has been committed.

Verification request
This type of scam is spread through compromised accounts, and usually comes from a known contact who has had their account compromised.

Victims will receive a message from a user in their WhatsApp contact list who asks them to send them their WhatsApp verification code.

If they do this, scammers will have access to everything they need to access the user’s Whatsapp account and will take over their number.

From the compromised profile, scammers will either ask the victim’s contacts for verification codes to access their profile or they will pose as the victim and ask for mobile money payments.

The easiest way to avoid this scam is to never divulge your WhatsApp verification code and be wary about sending your contacts money if they are acting strangely over WhatsApp.

WhatsApp Gold
WhatsApp Gold is a well-known hoax which has been around for years, although it still seems to resurface occasionally and catches out many people.

The scam is a simple phishing attack which comprises hoax messages stating that WhatsApp has launched a new upgraded messaging service called WhatsApp Gold.

Often this premium version is advertised as free and including features such as new themes and free voice calls.

The message contains a link to download the “latest secret update” for WhatsApp Gold, which actually leads to malicious software being installed on the victim’s device.

This malware could do anything from steal your information to spy on your messages and communications.

Avoiding scams like this is easy if you follow best practices and never click on unknown links or download unverified software onto your device.

Phishing with vouchers
This is similar to the WhatsApp Gold scam, but these messages are usually sent from a number impersonating a fake contact.

The message generally states that users have won a free voucher for a local supermarket in return for them filling in a short survey.

However, the link contained in this message goes to a fake website which impersonates the supermarket’s web page.

Once users have entered their details into this website, their information has been compromised and is fed straight to the scammers.

WhatsApp is not the only platform where this scam takes place, as this is one of the most widespread and organised types of scams operating around the world.

Malicious spy apps
During your online browsing or within a WhatsApp message, you may find a link to download a WhatsApp “spy app”.

These applications claim to be able to see what your contacts are saying to each other, along with giving you the ability to intercept their pictures, voice messages, and images.

Of course there is no way to intercept WhatsApp messages in this way as all conversations are end-to-end encrypted.

Instead, these applications usually either install malware on the victim’s device or sign them up to subscription content services which charge exorbitant fees.

It is also important to realise that the Google Play Store is not infallible and can contain many malware-infested “WhatsApp Spy” apps.

By Cheryl Kahla for The South African

The National Cyber Security Centre (NCSC), a UK cyber security watchdog, recently released their list of the most-used passwords on the Internet.

A quick look at the most common passwords is enough to know that a lot of work still needs to be done to educate computer users about cybersecurity.

The most common password was ‘123456’ which was beat out by ‘123456789’, ‘qwerty’, ‘password’ and ‘1111111’.

While these common passwords are incredibly problematic, the most pervasive problem for home internet users was a combination of these easily guessed passwords, and the fact they were being re-used across multiple sites.

Re-using passwords on multiple platforms
Password re-use is problematic as a security breach on one site could compromise a users security on every other site the password is in use.

NCSC technical director Ian Levy explains:

“We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable.

He added that re-using a password is a major risk which can be avoided because “nobody should protect sensitive data with something that can be guessed”.

Favourite celebrities
Sports teams and first names are another common choices for passwords with ‘Ashley’ the most common name used as a password and ‘Liverpool’ the most common premier league football team name used as a password. ‘Blink182’ was the most common band.

“Using hard-to-guess passwords is a strong first step, and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password,” added Levy.

There are several password management tools available that can generate unique passwords and store them in a central place for users who want to take their online security to the next level.

By Wendy Knowler for Herald Live

Credit card fraud has been rapidly outpacing all other forms of bank fraud in recent months, with many older people being sweet-talked by fraudsters posing as bank officials into revealing their one-time-password (OTP) over the phone.

The Ombudsman for Banking Services, Reana Steyn, issued a warning about the alarming trend, revealing that 58% of the bank clients who complained about falling victim to credit card fraud in the past three months were older than 61 and 11% were older than 80.

“Not long ago credit card fraud was number five in our list of complaint categories, and now it’s number two, comprising 19,45% of all complaints,” Steyn said.

“That’s up from about 12% in December. At this rate it will soon overtake internet banking fraud to occupy the top spot.”

In a typical scenario, a bank client gets a call from a fraudster claiming to be phoning from their bank. In most cases, the fraudster already has the person’s credit card number.

The fraudster has gone onto an online shopping site – two of their favourites are Takealot and Foschini, Steyn said – and, poised to buy with victim’s credit card, they convince them that in order to help the bank prevent them from falling victim to fraud, they must please read out the OTP which has been sent to them via SMS.

The victim complies, and then the shopping begins.

The fraudsters also con people into believing that the bank will give them extra bank loyalty rewards points if they answer a few questions, Steyn said.

In the process of that Q&A, they’re asked for their OTP.

In one case, a fraudster asked a woman if she would like to convert her bank rewards points into cash. With that benefit in mind, she read out her OTP.

Alarmed at getting similar calls on the same day, she phoned her bank, but had already been defrauded of R11,200.

“Credit card fraud is a growing concern as banking systems increase in speed and efficiency,” Steyn said. “At the same time, fraudsters apply more sophisticated tactics to defraud and rob customers of their hard-earned money and savings.

“All bank customers, particularly the elderly, need to be knowledgeable and vigilant about their preferred banking channels.”

What not to do:

  • Never share personal and confidential information with strangers over the phone.
  • Banks will never ask you to confirm your confidential information over the phone.
  • If you receive an OTP on your phone without having transacted yourself, it is likely that it is a fraudster who has used your personal information. Do not provide the OTP to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised.

How to complain:

  • Lodge a formal, written complaint directly with your bank’s dispute resolution department.Ask for a complaint reference number from your bank.
  • Allow the bank 20 working days in which to respond to your complaint.
  • Obtain a written response from your bank and if you are not satisfied with the outcome, please log the complaint with the Ombudsman for Banking Services.

OUTA warns of e-toll malware scam

OUTA has notified members on its Facebook page that a highly suspicious SMS is doing the rounds with regards to e-tolls.

The organisation notes that before members of the public can appear in any court for any matter, they need to be summonsed.

This SMS is a scam to cash in on people’s fear in light of the current uncertainty around e-tolls. The link contains a link to documents which contain malware. The public is advised not to open the link, and to delete the SMS immediately.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top