Johannesburg - In our tech-savvy world many of our interactions are online. Our cellphones, tablets and computers open our world to a wealth of communication.
They also make us vulnerable to a plethora of online threats. To ensure software safety we come up with complex passwords, put up firewalls and instal antivirus software, but it seems that cybercriminals are always one click ahead of us.
Cyberscams have always been a threat to online safety and in this era of booming social network sites, the threat has moved on to our screens.
To stay ahead, cyberscammers have altered their bag of tricks to include Facebook cloning schemes, faux competition SMSes and Sars eFiling fraud e-mails.
To understand these scams better, The Star sat down with Jacques Van Heerden, an IT security specialist whose job involves online forensic investigation along with teaching corporates how to hack. He has worked in IT for 10 years and believes teaching people how to hack their own systems teaches them how to protect them. He spoke to us about four types of scams:
With this scam a Facebook account is cloned by either taking a screenshot of the account or copying its details, including the account’s friends.
The cloned account is then used to send friend requests to those friends. When the request is accepted, a message is sent asking the friend for money. Sometimes they say they’ll pay you back or that they are in dire need.
According to Van Heerden the cloning happens when your account setting is on “public”. “This means that anybody from the public can see you, see your details and has access to your friends,” he explained.
“When that happens they’ll create a separate account, which looks similar to your account.”
This scam is popular in Ghana – hence its name. It is executed by sending a seductive and intriguing Facebook message to someone declaring your interest in them and stating you have “something very important” to tell them. When the message elicits a response, the scammer then tells a sad story – either they’re living in a refugee camp in west Africa or their entire family were murdered. Then they ask for financial assistance.
This scam is more drawn out because the scammer wants to build a relationship with the victim.
“The point of these scams is to extort money,” explained Van Heerden.
“It’s typically men from either Nigeria or Ghana and they upload a picture of a beautiful woman.
“They usually say they have a large pay cheque they can’t bank, or they need to come to South Africa, and when you pay the money over to them that money is gone, that person never existed.”
Van Heerden said cybercriminals have begun to put effort into emotional manipulation. “All I need to do is create something with an emotional value on top of it and then ask you do to something for me,” he said.
This e-mail scam lures you into clicking on a link by promising you a reward for eFiling. The link usually takes you to a fake bank page where you are instructed to enter your details. Through that the scammers get your bank details and access to your money.
“The intent is always to direct unsuspecting victims to click on a link where they will be asked to respond to questions of a confidential nature,” said Kalyani Pillay, the chief executive of the South African Banking Risk Information Centre. Pillay said the Sars logo and the logos of all major banks are on the e-mail sent out during tax season.
Van Heerden said people should look out for spelling mistakes and check if they mention the wrong bank. He said the scammers warn you not to respond to the e-mail.
The SMS scam seems to be the most well-known one. You receive a text telling you that you have won a large amount of money from a cellular network or a cellphone manufacturer and should call a number to claim it. You’re asked not to respond to the SMS. When you call the number, you’re either asked for a lawyer’s fee or your personal details. “That happens very often,” said Van Heerden. “We don’t know why people fall for that.” He advises people to ignore these texts and delete them immediately.
How to avoid being caught
l Never respond to e-mails appearing to be from your bank that request your personal details.
l Remember that no bank will ever ask you to confirm or update your account details via e-mail, SMS or telephonically.
l Never follow a link on a mail or SMS to access your bank’s webpage.
l Source the properties information of the scam mail that was sent to you and advise the bank whose name or branding is being abused immediately.
l Do not open any link or attachment received viae-mail.
l You may delete the mail if you did not respond.
l Always access the webpage by physically typing the name of the web address that you were given when you signed up for internet banking in your browser and confirm that you are on a secure site by looking for the little “lock” icon on your browser before logging on.
l Confirm that you are on a secure site by checking on your browser as well as the “s” after http in the website address.
l If you have responded to a scam e-mail and you are a victim of crime, it will form part of the evidence that will be required by law enforcement.
Types of scams
l Phishing: Phishing is a method of deceitfully obtaining personal information by sending e-mails that look like they come from trusted sources, such as banks or legitimate company.
l Smishing: Fraudsters make use of SMSes that purport to come from credible sources, requesting personal information from a victim. - The Star