Topics

Internet Banking SCAM (Standard Bank, ABSA, FNB)

I have now received this e-mail about 5 times, I have received it from all 3 banks and considering I only bank with one of them, immediately warning bells should go off.

Firstly, the e-mail does NOT come from your bank… this is an internet scam playing on your emotions and your fear about your banking security.

Here is what the e-mail says.

 

———————————
“Dear Customer,

During our security research, we observed that our new 2010 Security Certificate Portfolio Launch was not successfully configured for your online account , you can complete this section with online security page below for  the program security software to  be automatically Launched for you online  or  you can also visit your nearest branch for this special security program. Note:  this program is designed to protect you from any online Phishing attacks and unauthorized access to your online account

Please Click Below and follow the steps.

http://standardbank-security/logon.htm

 

Standard Bank  Internet Banking Team.

Standard Bank email disclaimer and confidentiality note
Please go to site/homepage/emaildisclaimer.html to read our email disclaimer and confidentiality note. Kindly email disclaimer@standardbank.co.za (no content or subject line necessary) if you cannot view that page and we will email our email disclaimer and confidentiality note to you.”
————————————

 

So let’s look at a the problems with this e-mail.

1/ The e-mail comes from “STANDARD BANK IB SUPPORT” …. But wait a minute, if you actually look at the e-mail address and not just the name, the e-mail comes from secretshopper@aboutface.com. Does that really sounds like a Standard Bank e-mail address to you???

2/ The first paragraph is a load of rubbish, do you really think your bank would EVER send you an e-mail telling you to login to their webpage because they failed to update your account correctly??? Of course not! What would happen is the next time you logged into your internet banking account, there would be a big warning message that would pop up that would tell you to please complete your details again (or something to that effect)… Let me just say that again… AFTER you logged into your account…. on your OWN accord, not because some silly e-mail told you to do so.

3/ The last line of paragraph 1 is the real slap in the face, they tell you that is to protect you from online Phishing, when in fact this IS a phishing attack!

4/ They then ask you to click on the below link. Now for safety reasons, I have not made the link above work on this website or I would be helping these criminals. Although this link LOOKS like it is going to take you to a Standard Bank website it doesn’t. This is a simple HTML link reference that has the actual web address camouflaged. Let me demonstrate, hover your mouse over this link yourbank.whatever (now look at the bottom left of your web browser, you should see the address that you would go to if you clicked on this link), this would take you straight back to http://www.reviewsaboutanything.com/ if you clicked on it, but it’s really easy as you can see to have the link say something and redirect you somewhere else. Now if you have received this scam e-mail  and you did hover your mouse over the link it would be pointing to a completely different website, one that has NOTHING to do with your bank at all!

5/ Let’s assume that in point 4 above, you didn’t hover your mouse over the link, and you just clicked on it. This would take you to a website that looks EXACTLY like your banks website. This can be achieved by a web programmer with 1 weeks experience, in under 5minutes. But what should you be looking for on your internet banking website is the address at the top of your browser, is that the address of your banks website? In this case, NO!, so get the hell out of there!. The second thing to look  for is if there is a padlock icon indicating that this website is a secure website and that your data is encrypted, which there isn’t in this scam.

6/ These scam artists got even more clever for FNB customers out there. Although my e-mail above was one supposedly from Standard Bank, this scam has been used for pretty much all the banks in world. However, FNB clients think they can’t be caught with this one since you receive a One Time Password (OTP) from your bank to your cell phone before you can log on. What happens here is that you connect to the criminals website, you type in your details, and they FORWARD all that information to your banks REAL website. Your bank then sends you your OTP to your cell phone which you then type into the criminals website!!! Take a wild guess what they do with it, yip, they FORWARD it to your real banks website as well, which means they are now logged into your internet banking website, and your browser says “the page cannot be displayed”. Right now your money is no longer under your control and you have no idea about any of this.

7/ How nice of the criminals to put the e-mail disclaimer at the bottom of their e-mail… this is just to make it look more authentic so you don’t suspect that there is anything wrong.

So, how to protect yourself?
1/ NEVER EVER EVER, click on a link in an e-mail that will take you to ‘your banks website’. I don’t care WHAT that e-mail says. You all know how to go to your banks websites directly without clicking on a link in an e-mail.

2/ ALWAYS look at the address at the top of your browser to make sure you are actually on your banks website.

3/ Read the security documents on your banks websites to find all the methods to double and triple checking that you are using your banks website. Just because it looks right,  doesn’t make it right!

I hope this helps you all out, and that none of you get scammed with this!


Related posts:

  1. DOWNLOAD: Internet Banking Update!! (SCAM Targetted at Absa clients)
  2. E-mail Phishing for bank account information
  3. Another Internet Banking Phishing E-mail Scam
  4. ABSA Refunds Procedures (Phishing Scam!!!)
  5. R3,182.50 Tax Refund Process For March 2011. (SCAM!!!!)

19 comments to Internet Banking SCAM (Standard Bank, ABSA, FNB)

  • Jay

    I have just received another e-mail, very similar tone… Also a scam!

    —————————
    Important security:

    Your Standard Bank Internet Banking One-time password (OTP) service has been successfully deactivated. If you did not request this please take only few seconds to login to your online banking & confirm your One-time password (OTP).: Sign On

    REGARDS,THE INTERNET BANKING TEAM.
    Sincerely,
    standardbank.co.za
    Security Advisor
    ——————-

    If you really are worried that your account might have been deactivated, rather just go to Standard Banks website directly, don’t click on the link in the e-mail.

  • Johan

    is this another scam??

    Secure message received:

    We request information from you for the following reason: Unauthorized login attempt.

    Please visit your account and make necessary steps before your account is locked for security reasons.

    If this is an unauthorised login attempt, we strongly advise that you immediately log on to profile and change your password.
    It is recommended that you regularly change your password and keep your passwords unique from all other passwords.
    Management.

  • James

    LOOK AT THE NEW SCAM

    Hello,

    James Du Plesis made an electronic funds transfer to your account. The details of this transaction are shown below.
    Amount: R39 470.00
    Description: PAYMENT
    Reference #: TL55
    To view the transaction, please click here

    If you have any questions related to this message or the funds transfer,
    please contact James Du Plesis.

    Please do not reply to this message as your message will not go anywhere.
    Sincerely,
    Standard Bank

  • Sayed

    Hi the last scam, the one about James du Plesis, if I went and clicked on the ‘click here’ it didnt go anywhere obviously what would happen. Please urgently advise.

  • Jay

    Hi Sayed,
    I have not received this e-mail yet to see exactly what it is they are trying to achieve with the James du Pesis scam.
    Assuming that you did click on any link though, and it did nothing, then nothing in theory has will happen. However, this is not the case when clicking on attachements or file attachments. Usually with scams relating to money, they will try get your details out of you, or will get you to log onto a website that is not the website you think it is.

    Hope this helps

  • Pretty good post. Really enjoyed reading your blog posts.

  • Anne

    I have received some of these emails but I was still caught off guard one morning when I received an email from ”Standard bank” with my online statement.. I can kick myself for logging and I lost all the money in my account. This happened irrespective of the one time password that is supposed to protect you which was somehow deactivated by the fraudsters.
    Yes, you have to be more vigilant and awake when it comes to these things but what is the banks doing about this?

  • gargi

    Continuously from last 3 months, I am getting mails claiming to be from standard bank and asking me to click the HTML web page and release some funds and all which came in my account. Latest mail I got yday where they telling me my SARS refund is waiting for me to click the link and release. Worse part is when I am getting my online statement kind of things.

  • gargi

    TAX Refund R 5,182.52 ZAR

    Dear Customer ,

    South African Revenue Service ” Tax Refund ”

    Standard Bank:-) R5,182.50 Tax Refund Process From Sars @ May 2011.

    We received notification from South African Revenue Service about the TAX refunds of R5,182.50 .

    We advice you to DOWNLOAD on our Secure server Attachment sent along with this Message to conclude the process of your TAX Refund Today without delay

    Regards.

    Payment Refunds Notifications Department.

    Another helpful innovation by Standard Bank.

    For more information Download the Secure Account Attachment we sent along with this Message and Login into your Account for confirmation .

    please download it by opening the attachment sent along with this message , Then login into your account to Download:

  • JAQUES

    As long as the bank is not resposible to pay back money that has been stolen by means of PHISHING ATTACKS or SIMSWAPS,the fraud will not stop.The public must not forget that the Banks and the Cellular networks works together to make money.Remember this,when a fraudster does a simswap to steal money from your account,the cellular company makes money,the bank in turn makes money when a fraudster does transactions on your account (bankcharges).You now have to pay the cellular company again to get your own cellphone number back on which they make money again.WHY would the bank or the cellular network stop something that they make money on.I have a patented product that gives you a secure connection to the banks URL,meaning that no fraudulent websites can be uploaded onto the device,you need to enter a pincode to access the device,there is also no possibility to do a simswap because the device works with a simchip that cannot be removed from the device,furthermore,the bank forward the OTP to the device,not to a cellphone.The best part is that the banks URL gets removed from the public domain,so you need the device to log onto the Internet banking of the bank.If a fraudster think that there is a chance to commit fraud,he/she will need 1)To STEAL A DEVICE,2)GET THE PINCODE TO ACCESS THE DEVICE,3)KNOW YOUR ACCOUNT NUMBER,4)KNOW YOUR PINCODE AND PASSWORD,Only after they have obtained all of these information,which is very unlikely,will they be able to get into your account,and then the fraudsters must make sure that you did not blocked the device(reported it stolen.)The unit will connect to the banks Url from any computer,even if you dont have Internet.The bank that we proposed the idea to,turned it down after 9 months of meetings, even after it was approved for testing,they say that it does not go with their customer strategy.The device only cost R265,00,and what bothers me is,if you can use an ATM card to do transactions at an ATM,why not use a device to do transactions at a computer.WHATS THE DIFFERENCE IN CUSTOMER STRATEGY.

  • I,ve received e-mails 4rom eBaymotors.saying i hv 2 make a deposite to western union agent. available at absa,actual i was looking for a vehicle at some owners saying they live overseas.anyone whos has this info pls reply!

  • Kenneth Bumpers

    I’m receiving scam mail from Nigeria, Ghana, about Widow who want to leave their inheritance to someone for they say charity purpose

  • Hey there, You’ve done a great job. I’ll certainly digg it and in my view recommend to my friends. I am sure they’ll be benefited from this web site.

  • Wow, this paragraph is good, my younger sister is analyzing these
    kinds of things, so I am going to let know her.

  • I know this if off topic but I’m looking into starting my own weblog and was wondering what all is required to get setup? I’m assuming
    having a blog like yours would cost a pretty
    penny? I’m not very web savvy so I’m not 100% certain.
    Any suggestions or advice would be greatly appreciated.

    Many thanks

  • Hi, I do believe this is an excellent website. I stumbledupon it ;) I am going
    to revisit once again since I book-marked it.
    Money and freedom is the greatest way to change, may you be
    rich and continue to guide other people.

  • Dude, your site is slow. Go to hostgator and use the coupon HAPPYHOUR2014 and get 25% off on all hostings.

  • That is a great tip particularly to those fresh to the blogosphere. Simple but very precise information… Thanks for sharing this one. A must read post!

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>