Independent Online

Sunday, August 7, 2022

Like us on FacebookFollow us on TwitterView weather by locationView market indicators

Microsoft ‘spoofing’ scammers on the prowl

It's business as usual for US military's social media sites despite the fact that hackers broke into the Pentagon's Twitter account.

It's business as usual for US military's social media sites despite the fact that hackers broke into the Pentagon's Twitter account.

Published Apr 22, 2013


Johannesburg - They know where you live and they call you at home.

This is the tactic used by “spoofing” scammers – people claiming to be from Microsoft who tell you that your PC or laptop is under threat from malicious software (malware).

Story continues below Advertisement

They promise to help you fix it, but actually end up infecting your computer.

Anneliese Burgess said she received a call on April 4 from someone claiming to be from a Microsoft call centre.

She was initially sceptical because she uses an Apple Mac, but also uses Microsoft’s Office for Mac, so thought he could be calling with regard to that software.

“He was so convincing; he was so professional-sounding.”

The man also had her physical address and contacted her on her landline, which she said made it more believable.


Story continues below Advertisement

According to Microsoft’s chief security adviser in South Africa, Dr Khomotso Kganyago, this scam first emerged last year.


The scammers convince you to download malware (malicious software) onto your computer, which allows them to take control of it remotely.

Story continues below Advertisement

“The cold caller will then spend some time on the computer, trying to demonstrate where the ‘problems’ are and, in the process, convinces the victim to pay a fee for a service that will fix the computer,” said Kganyago.

Online forums suggest the malware can also record keystrokes, thus allowing the scammers to see your passwords and bank account details.

Burgess eventually realised something was not right and hung up. She posted what happened on Facebook and soon 10 of her friends had shared their experiences of the same scam.

Story continues below Advertisement

‘Lucky winners’ could be losers

Some of the messages are so ridiculous, they are funny. But fraud is certainly no laughing matter.

“You are advice (sic) to note that payment for income tax fee can not be deducted out of your transfer amount of Forty Two Million Eight Hundred and Sixty Thousand United States Dollars (US 42, 860 000.00),” read a phishing e-mail sent out, claiming to represent FNB and Sars.

The memo was followed by another phishing message, claiming to be sent by Sars, which also said the person needed to pay $5 500 (about R50 000) in order for this “transfer to go through”.

At the card security week conference held in Sandton by FNB and Visa last Thursday, FNB’s credit card division chief executive, Johan Maree, said fraud cost the card industry in South Africa about R900 million a year.

Some South African online forums urge users to share incidents of scams they may have fallen prey to. For example, a 2009 e-mail asked the recipient of the message to provide their bank details so that £1 million could be paid into their account.

They said this amount had been authorised by former UK prime minister Gordon Brown at the G8 summit in Italy in 2009.

How could the “lucky winner” get hold of the leader of a world superpower to receive his or her money, according to the SMS? By e-mailing him on his private Gmail account.

Other bloggers have said they had received e-mails claiming Brown had approved £2m (R28m) to be paid into their account.

The message ends with the warning: “TAKE NOTICE: That you are warned to stop further communications with any other person(s) or office(s) different from the staff of the State for Foreign and Commonwealth Affairs to avoid hitches in receiving your payment.”

Terms you should know

l Phishing: an attempt to acquire personal and/or financial details, which would be used to gain access to your bank account or credit card details. These scams often use trustworthy company names in a bid to lure you into a false sense of security, and ask the victim to provide their account details for money to be transferred,

l Smishing: the same as phishing, but uses the medium of SMS.

l Spoofing: impersonating someone to try to trick you into doing something you ordinarily wouldn’t do. Spoof e-mails often claim to have come from banks, for example, and ask you to click on a link to their website. This link will download malware onto your computer without your knowledge and can record sensitive data you may enter, including bank details and passwords. Although this is similar to phishing, spoofers may not always seek financial gain but may want you to download malware. However, phishing scams often use “spoofing”, as people would be more willing to trust a reputable company.

How to protect yourself against fraud

If you fear you may already have been scammed, Microsoft’s chief security adviser in South Africa, Dr Khomotso Kganyago, said you should:

l Change your computer’s password, change the password on your main e-mail account, and change the password for any financial accounts.

l Scan your computer with the Microsoft Safety Scanner to determine if you have malware on your computer.

l Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)

l Keep an eye on your bank accounts and report any fraudulent activities.

l Ensure the operating system is fully updated and that all security updates are installed. - The Star

Related Topics: