Internet Banking SCAM (Standard Bank, ABSA, FNB)
I have now received this e-mail about 5 times, I have received it from all 3 banks and considering I only bank with one of them, immediately warning bells should go off.
Firstly, the e-mail does NOT come from your bank… this is an internet scam playing on your emotions and your fear about your banking security.
Here is what the e-mail says.
During our security research, we observed that our new 2010 Security Certificate Portfolio Launch was not successfully configured for your online account , you can complete this section with online security page below for the program security software to be automatically Launched for you online or you can also visit your nearest branch for this special security program. Note: this program is designed to protect you from any online Phishing attacks and unauthorized access to your online account
Please Click Below and follow the steps.
Standard Bank Internet Banking Team.
Standard Bank email disclaimer and confidentiality note
So let’s look at a the problems with this e-mail.
1/ The e-mail comes from “STANDARD BANK IB SUPPORT” …. But wait a minute, if you actually look at the e-mail address and not just the name, the e-mail comes from firstname.lastname@example.org. Does that really sounds like a Standard Bank e-mail address to you???
2/ The first paragraph is a load of rubbish, do you really think your bank would EVER send you an e-mail telling you to login to their webpage because they failed to update your account correctly??? Of course not! What would happen is the next time you logged into your internet banking account, there would be a big warning message that would pop up that would tell you to please complete your details again (or something to that effect)… Let me just say that again… AFTER you logged into your account…. on your OWN accord, not because some silly e-mail told you to do so.
3/ The last line of paragraph 1 is the real slap in the face, they tell you that is to protect you from online Phishing, when in fact this IS a phishing attack!
4/ They then ask you to click on the below link. Now for safety reasons, I have not made the link above work on this website or I would be helping these criminals. Although this link LOOKS like it is going to take you to a Standard Bank website it doesn’t. This is a simple HTML link reference that has the actual web address camouflaged. Let me demonstrate, hover your mouse over this link yourbank.whatever (now look at the bottom left of your web browser, you should see the address that you would go to if you clicked on this link), this would take you straight back to http://www.reviewsaboutanything.com/ if you clicked on it, but it’s really easy as you can see to have the link say something and redirect you somewhere else. Now if you have received this scam e-mail and you did hover your mouse over the link it would be pointing to a completely different website, one that has NOTHING to do with your bank at all!
5/ Let’s assume that in point 4 above, you didn’t hover your mouse over the link, and you just clicked on it. This would take you to a website that looks EXACTLY like your banks website. This can be achieved by a web programmer with 1 weeks experience, in under 5minutes. But what should you be looking for on your internet banking website is the address at the top of your browser, is that the address of your banks website? In this case, NO!, so get the hell out of there!. The second thing to look for is if there is a padlock icon indicating that this website is a secure website and that your data is encrypted, which there isn’t in this scam.
6/ These scam artists got even more clever for FNB customers out there. Although my e-mail above was one supposedly from Standard Bank, this scam has been used for pretty much all the banks in world. However, FNB clients think they can’t be caught with this one since you receive a One Time Password (OTP) from your bank to your cell phone before you can log on. What happens here is that you connect to the criminals website, you type in your details, and they FORWARD all that information to your banks REAL website. Your bank then sends you your OTP to your cell phone which you then type into the criminals website!!! Take a wild guess what they do with it, yip, they FORWARD it to your real banks website as well, which means they are now logged into your internet banking website, and your browser says “the page cannot be displayed”. Right now your money is no longer under your control and you have no idea about any of this.
7/ How nice of the criminals to put the e-mail disclaimer at the bottom of their e-mail… this is just to make it look more authentic so you don’t suspect that there is anything wrong.
So, how to protect yourself?
2/ ALWAYS look at the address at the top of your browser to make sure you are actually on your banks website.
3/ Read the security documents on your banks websites to find all the methods to double and triple checking that you are using your banks website. Just because it looks right, doesn’t make it right!
I hope this helps you all out, and that none of you get scammed with this!
28 comments to Internet Banking SCAM (Standard Bank, ABSA, FNB)
WordPress · BFA Wordpress Layouts · Custom Wordpress Layouts