By Terence Zimwara for Bitcoin.com
According to local media, leading South African financial institution FNB is denying allegations of a banking relationship with the recently collapsed crypto investment company, Africrypt. FNB also insists it did not enable the investment company’s transactions which helped Africrypt’s two directors disappear with billions of dollars in investor funds.
Disappearance of investor funds
The financial institution’s denial comes nearly two months after Africrypt abruptly stopped operating. At that time, the crypto investment firm’s management claimed Africrypt’s trading system had been breached. This breach compromised client accounts, wallets, and nodes, thus forcing Africrypt to freeze all accounts, the directors claimed.
However, shortly after the so-called breach, Africrypt directors Ameer Cajee and his brother Raees Cajee are alleged to have “transferred the crypto investment’s pooled funds from its South African account(s) through bitcoin on the blockchain in April 2021.” South African media reports estimate that as much as $3.6 billion in investor funds cannot be accounted for.
Meanwhile, in his response to a media inquiry, FNB spokesperson Nadiah Maharaj refused to acknowledge the existence of any relationship between FNB and Africypt. According to a media report, Maharaj, who cites client confidentiality restrictions, stated:
FNB once again confirms that it does not have a banking relationship with Africrypt. Due to client confidentiality, FNB cannot provide any information on specific bank accounts.
Use of crypto mixers
An investigation by local media suggests that after successfully siphoning investors’ funds, the Cajee brothers fled to the United Kingdom. These findings are also corroborated by another investigation by Hanekom Attorneys, a law firm that has been retained by victims of the Africrypt fraud. In addition to these findings, the law firm’s investigations further reveal that Africrypt directors had used mixers in an attempt to obfuscate the flow of the funds.
While the case has now been reported to the Hawks (South Africa’s elite police unit), the founder of the law firm, Darren Hanekom, is quoted in the report as suggesting Africrypt’s accounts with FNB have already been “drained” and that “the entirety of investors’ funds” may have been subjected to the mixing service.
Source: Roodepoort Record
Take extra caution when you use your WhatsApp, as a phishing scam on the app is allegedly making the rounds.
According to Honeydew CPF, scammers pretend to be a friend or family member and send a reset code to your phone, and in turn say they need the code urgently. Public relations officer for the Honeydew CPF, Michael Steyn said, “The request will come from a friend/ family member’s WhatsApp and it will look very legit.”
He warned users not to share the six-digit code, saying, “The code is actually your WhatsApp account. If you do send it they will simply hack you and you will have no access to your account. They will then follow the same process and pretend to be you when contacting your friends.” He added that the objective of this scam is unknown, but a few residents have already fallen victim to it.
The police describe phishing scams as methods to deceitfully obtain information such as passwords, identity numbers and credit cards by calling, sending emails or cellphone messages that look like they come from trusted sources.
Keep the following in mind regarding your internet activity or personal information:
• Never respond to emails or cellphone messages appearing to be from your bank, which request your personal details. Remember that no bank will ever ask you to confirm or update your account details by email.
• Never provide your online ID, password or PIN to anyone, and never write them down or share them.
• Do not save your internet banking password on your desktop.
• Do not leave your computer unattended after you have entered your internet banking password.
• Always log off or sign off at the end of a session.
• Avoid doing internet banking in public areas such as internet cafés, or on any computer that can be accessed by people you do not know.
• Change your PIN and passwords frequently.
• Put sensible transaction limits on your accounts.
• Only provide your credit card details to reputable companies.
• If it looks too good to be true, it usually is.
• NEVER send money or give credit card or online account details to anyone you do not know and trust.
According to a recent Business Tech article, businesses are often unaware that by giving a third-party or software programmes access to their financial information, they are potentially being exposed to the risk of screen scraping. This is a data gathering technique that tricks users into providing internet banking login details to a third-party website.
- The third-party logs onto to your Internet banking using your details. This exposes you to potential risks of fraud, financial crime and data privacy risks
- There are risks associated with instant online EFT (electronic fund transaction) payments
- There are risks for businesses that sign over authority to a third party to access their banking and client information
- The most common screen scraping from a business perspective would be when businesses use software that are authorised to access banking transactions.
- This may also leave your business vulnerable to third parties accessing your company data and even that of your clients.
- Companies that use screen scraping to facilitate transactions on your behalf may have no intention of compromising your account or committing fraud, but the risk remains.
FNB: how to protect your company data
- Be vigilant when it comes to reading through any terms and conditions on any software or website before you click “accept”.
- Make use of an application security testing tool before you sign any agreements authorising access to your company data.
- Cloud-based software is not without its own risks. Insist on having both testing and sandbox environments, providing analysis for security gaps.
- Find out from your third-party software vendors if they use open-source tools in their product. How they deal with open source can be a high risk if not done properly.
- Do not share login credentials with any third parties and never enter these into any third party websites other than their own bank’s legitimate platforms.
The Ombudsman for Banking Services (OBS) says it continues to receive complaints on a daily basis from consumers who were deceived into providing confidential banking information to fraudsters.
- The OBS recorded more than 640 new fraud complaints
- A bank customer will receive a phone call from someone who says they are from the customer’s bank
- The customer is informed that funds have been fraudulently taken from their account or that they (the bank representative) is helping the customer to claim from a rewards program that is offered by the bank. For this to take place, the customer needs to confirm their details so that the funds can be credited to their account.
- Alternatively, customers are told that they need to act quickly and urgently, as fraudsters “are about to take funds out of their account, but this can be stopped, if they act quickly and co-operate”
- The fraudster already has the customer’s phone number (he/she is calling the customer) and may have a host of other personal information at his/her fingertips. This includes addresses, ID numbers, other contact details, email addresses, employment details, or NB even a customer’s bank card number.
- The customer is asked to update or verify their details, possibly on their cell phone.
- The customer is then requested to provide everything required to access their bank account, such as card details, the cards pin number, transaction OTPs, and mobile or internet banking passwords. The fraudster says that this is necessary for them to assist the customer, to redeem the rewards, to do a transaction, stop a fraudulent payment, or recover the stolen money.
- Once the customer has provided the requested details, their accounts are emptied.
- This scam is devastating to elderly citizens and pensioners
- It is not possible to recover any of the funds which have disappeared
- Unless the money is stolen at the bank or lost through the fault of an employee or a technological glitch at the bank, it is ultimately up to consumers to do all they can to protect themselves by staying informed about banking scams
Security researchers have found that phishing emails are more likely to originate from certain countries in parts of Eastern Europe, Central America, the Middle East, and Africa.
The country where emails originate and the number of countries they are routed through on the way to their final destination offer important warning signs of phishing attacks.
For the study, researchers at cloud-enabled security solutions provider Barracuda Networks teamed up with Columbia University researchers.
They examined the geolocation and network infrastructure across more than two billion emails, including 218,000 phishing emails sent in the month of January 2020.
In phishing attacks, attackers use social engineering tactics to lure victims into providing personal information such as usernames, passwords, credit card numbers, or banking information.
Thus, to detect the same, the entire focus should be on the content of phishing emails and the behaviour of attackers.
As phishing attacks become more complex, increasingly sophisticated methods are required to defend against them.
After analysing the geography of phishing emails and how they are being routed, Barracuda researchers identified that over 80 per cent of benign emails are routed through two or fewer countries, while just over 60 per cent of phishing emails are routed through two or fewer countries.
Senders that produce a higher volume of phishing emails (more than 1,000 emails in the dataset) with a higher probability of phishing originated from countries or territories including (in descending order) Lithuania, Latvia, Serbia, Ukraine, Russia, Bahamas, Puerto Rico, Colombia, Iran, Palestine and Kazakhstan, said the study.
These are some of the territories from where senders produce a higher volume of phishing emails with a higher probability of phishing.
“With phishing attacks expected to play a dominant role in the digital threat landscape and cybercriminals adjusting their tactics to bypass email gateways and spam filters, it’s crucial to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover,” Murali Urs, Country Manager of Barracuda India, said in a statement.
“Deploy a solution that doesn’t rely on malicious links or attachments but uses machine learning to analyse normal communication patterns within an organisation to spot anomalies that may indicate an attack.”
Meanwhile, employees should be provided up-to-date awareness training for recognising attacks and knowing how to report them to IT right away, Barracuda Networks said.
By Hanno Labuschagne for MyBroadband
Mobile users in South Africa should be wary of scammers claiming to offer data or airtime packages at suspiciously low prices.
An online-based scam which claimed to sell unlimited prepaid data, voice calls, and messaging bundles was recently pointed out by MyBroadband Forum members.
A party calling itself “Unlimited Prepaid Bundles” was selling several mobile products which it claimed worked on Vodacom, MTN, Cell C, and Telkom’s networks.
The scammers had also taken out sponsored ads on Facebook for these “unlimited” bundles.
Upon visiting the Facebook page for “Unlimited Prepaid Bundles”, we discovered several early warning signs of trouble.
The first was the suspiciously low pricing of the bundles, which included an uncapped monthly data bundle at R249 and yearly uncapped data at R799.
After MyBroadband lodged these queries, the Facebook page and website of the scammers were taken down.
MyBroadband notified African Bank of the site and provided the details of the bank account which was being used to scam buyers. The bank confirmed it had launched a forensic investigation into the account.
Source: Talk of the Town
The SA Social Security Agency (Sassa) has warned the public not to be duped by a fake e-mail doing its rounds in which an “official” calls for people to contact its offices regarding a tender for the three-year supply of food parcels in the Free State.
Sassa spokesperson Sandy Godlwana told TimesLIVE that the agency was concerned that members of the public “will find themselves having to pay money with the hope that they will get the tender, where this is fake and a scam”.
The fake correspondence has been sent in the name of Sassa regional executive manager Themba Matlou.
“This misinformation is devoid of truth and is tantamount to causing chaos and anarchy which may lead to unrest and the undesirable consequence of damage to government property,” said Matlou in a statement issued on Monday night.
“The process to appoint service providers has just started and is only an evaluation process. Successful bidders will be duly contacted through proper channels at an appropriate time.
“The agency warns all bidders against this scam and any other bid where people purport to take money claiming they are from Sassa.
“The social relief programme is intended to assist to meet basic needs of indigent persons by means of rendering temporary and immediate material assistance in response to a crisis.We are working around the clock to ensure that suitable service providers are appointed in line with Sassa supply chain prescripts,” he said.
Source: Business Insider SA
Push notifications allow websites to send alerts to your phone. These kind of notifications are popular for breaking news, with many media news sites sending alerts to subscribers.
You must subscribe to receive push notifications online. But criminals are building copycat sites that look like reputable platforms, and you may in fact be subscribing for harmful push notifications.
“While originally (push notifications) were meant as a tool for rapid information of users on breaking news, today they can be exploited to target shell websites visitors, filling their devices with unsolicited ads and sometimes links to potentially dangerous websites,” says cybersecurity firm Kaspersky’s Artemy Ovchinnikov.
“To achieve that, users are hoaxed into subscribing to notifications, for example, by passing subscription consent off as some other action. The victim ends up subscribed to ad deliveries, while at the same time quite unable to get rid of the annoying messages, being unaware of their source or origin.”
In the past month, Kaspersky has intercepted more than 181,000 of these unwanted push notifications to South Africans.
The good news is it’s easy to get rid of these unwanted push notifications, you don’t need specific coding skills, says Ovchinnikov. You can turn pushes off by changing your browser settings.
How to remove notifications in Google Chrome:
- Click the menu icon (the three dots in the upper right corner of the browser)
- Select Settings
- Scroll down the page that opens and click Advanced
- Among the options, go to Site Settings
- Open Notifications
- Under Allow, click the three-dot icon next to the address of the website from which you do not want to receive notifications
- Select Block
You can also install a security solution on your device and avoid getting annoying notifications or scam ads by making sure you are not redirected to a fake website when you subscribe.
“Where possible, block all subscription offers, unless they come from popular and trusted websites,” says Ovchinnikov.
By Bombi Mavundza for Business Insider SA
Despite the name change, the ‘stokvel’ still has the same modus operandi. Members deposit R200 – and hope to make huge profits.
The National Stokvel Association of SA (Nasasa) has previously warned South Africans that WhatsApp stokvels are most likely to be pyramid schemes rather than genuine savings vehicles – and those who have joined them have probably been scammed.
Like most pyramid schemes, the first few to join received a pay-out, but those who followed often lost all their money.
Many victims who have joined such stokvels in the past have seen group administrators disappear after making payments into the stokvels.
According to Nasasa founder and chairperson of Nasasa, Andrew Lukhele, scammers were using the popularity of stokvels to create pyramid schemes and take advantage of people.
Traditional stokvels are based on trust where everyone in the stokvel knows each other, and the terms of payout have already been set.
The Whatsapp scams often involves anonymous people, so it is impossible to track or trace the money when it disappears.
A stokvel, derived from “stock fair”, is a savings scheme where a group of people come together to save or increasing invest together.
Source: Abnormal Security
Attackers have been impersonating notifications from Microsoft Teams in order to steal the credentials of employees. Recently, Microsoft Teams has seen one of the largest increases in users as a result of the shift to remote work given the ongoing COVID-19 pandemic.
Since the onset of the COVID-19 outbreak and the shift to remote work, there has been a remarkable increase in the usage of collaboration software. This particular attack impersonates Microsoft Teams, one of the leading collaboration software tools in widespread use.
These attackers crafted convincing emails that impersonate automated notification emails from Microsoft Teams. The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider. In one of the attacks, the sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated to either Microsoft or the IRS.
Attackers utilise numerous URL redirects in order to conceal the real URL used that hosts the attacks. This tactic is employed in an attempt to bypass malicious link detection used by email protection services:
In one attack, the email contains a link to a document on a domain used by an established email marketing provider to host static material used for campaigns. Within this document there is an image urging the recipient to log in to Microsoft Teams. Once the user clicks this image, the URL takes the recipient to a compromised page which impersonates the Microsoft Office login page.
In the other attack, the URL redirect is hosted on YouTube, then redirected twice to the final webpage which hosts another Microsoft login phishing credentials site.
Should the recipient fall victim to this attack, this user’s credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user’s Microsoft credentials via single-sign on.
Why is this attack effective?
- Convincing e-mail and landing page – the email and landing page the attackers created were convincing. The webpages and the links the email direct to are visually identical to legitimate Microsoft Teams and Microsoft login pages. Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials.
- Timing – given the current situation, people have become accustomed to notifications and invitations from collaboration software providers. Because of this, recipients might not look further to investigate the message.
- Urgency – a recipient may feel more compelled to quickly login to access the page because of the urgency felt when contacted by a coworker.