Companies / 16 July 2018, 11:52am / Gabriella Steyn
CAPE TOWN - Absa customers should be on the look-out as cyber-criminals have started taking advantage of Absa’s new logo to target the bank’s customers in an email scam across South Africa.
In a phishing email using the banks re-branding, they are tricking users to click on a fake website.
The scam email that is being sent to customers states that it comes from Absa CEO Maria Ramos, but comes from the email “[email protected]”.
It starts by informing victims that “today marks a very significant day in the Absa journey”. “With this change in name, we have the extraordinary opportunity to take the best of what we have built, and move ahead with a new purpose: to bring your possibility to life.”
Additionally, the email uses Absa’s slogan, saying “We are also launching a new, fresh and vibrant Absa logo and identity that reflects our commitment to you, our customers”.
Users are then encouraged to click on their “New Absa eStatements” in PDF format, which is actually an HTML file that takes users to a phishing attack website.
This is what the phishing attack email looks like:
Business Report reached out to Absa for comment and the bank said that their customers should be on the look-put for scamsters taking advantage of Absa’s brand refresh to target them in a new phishing scam.
"Cyber-criminals such as these employ increasingly sophisticated methods to access customer internet banking information and email phishing scams are but one of the methods they use" said Absa.
"Other methods include sim swaps and telephone calls (also known as “vishing”), where scamsters impersonate the bank and use your personal data such as your identity number, full name or email address to win your trust"
"Once they have won your trust, they will then request sensitive information such as your card PIN, card CVV or online banking password.It is important to note that Absa will never contact customers and request sensitive information (card PIN, card CVV or online banking password)", said Absa.
Absa added that they will never request customers to access their online banking profile via hyperlinks or attachments provided in an email.
The bank added that customers should never respond to a suspicious looking email or message, or click on a link in a suspicious looking email, but rather delete the email or message.
"If you believe that you may have fallen victim to a phishing email or a vishing call, contact the Absa Fraud Hotline immediately on 0860 557 557 to alert us to the possibility that your information may have been compromised", said Absa.
There are three types of phishing, According to Absa:
Phishing: Occurs when a fraudster deceives you into providing sensitive information (such as bank account details and passwords) by falsely claiming to be from an actual business, bank, internet service provider or other entity with which you do business, and typically provides a link in an email for you to click on.
Spear-phishing: Occurs when a fraudster sends you a phishing email disguised as a legitimate email originating from a department, such as HR or IT, within your company. The email could either be intended to solicit confidential banking information or used to install malware that secretly records confidential information as you enter it on legitimate websites, which the fraudster will retrieve and use to commit fraud
Smishing: Is similar to phishing, but it is executed via SMS/text message.
Surecheck 2FA Authentification
"As a bank, we have been advising our customers to beware and vigilant at all times as fraudsters are always thinking of new ways to scam them", said Absa.
"One such a measure we have introduced is Surecheck 2Factor authentication (2FA): an enhanced security that allows customers to approve digital transactions using the Absa Banking App", said Absa.
If you receive a secure code/OTP/SureCheck and you are not transacting, reject it and contact the Absa Fraud Hotline immediately.
Absa provides tips on how to protect yourself from scammers:
Always keep your personal access information secure, and change your PIN and passwords regularly.
Never open on a link or an attachment within an email claiming to be from Absa as this may link to a fraudulent website or download a virus or keylogging software that will compromise your security.
Please do not disclose your secret access credentials to any 3rd party, as this will allow them access to your online profile.
Be aware that phishing scams have also been received through instant messaging systems such as GoogleTalk or Skype; as well as through Social Networking websites such as Facebook.When in doubt of the authenticity of a link or a claim, simply don’t click it and delete the message.
Install good quality security software and ensure that you have updated to the latest version of your browser. Most of the newer browsers have the inherent ability of detecting fraudulent websites.
Don’t bank or shop online when using public WiFi such as those found in internet cafes, hotels, coffee shops, airports or student labs. Key-logging software could be present on the computer and will send all your personal information through to the fraudster, who could then use this information to clear out your account.
Before you bank online, ensure that you are actually within the secure internet banking website. Once you visit www.absa.co.za and click on the Internet Banking link, you will be redirected to an available banking server. Once there, check the browser address. It should begin with ‘https://’ (not ‘http://’) – the ”s” indicates it is a secure site.
Also check the browser for a closed lock and/or key icon – which should either be at the top or the bottom of the screen.
When leaving your computer, always end the current session by closing your browser window, and never leave your computer unattended during an Internet Banking session.”