The most targeted sectors for “phishing” attacks continue to be the financial services, online retail and internet service provider (ISP) sectors, according to law firm Jan S de Villiers’s information technology law specialist Pravesh Singh.
The Cape Town-based firm serves corporate and individual clients in areas such as corporate services, intellectual property and litigation.
Phishing, or bard spoofing, uses fraudulent e-mail messages that appear to come from legitimate companies to gain personal information for purposes of identity theft. These authentic-looking e-mails are designed to deceive recipients into divulging personal data, banking details and more.
Singh said since these fraudulent e-mails look official, recipients often respond, and this results in financial and other losses for these unsuspecting phishing victims.
“Phishing spam messages use legitimate ‘From’ e-mail addresses, logos, trademarks and links to an organisation or company in the message. The e-mails pretend to be from businesses the potential victims regularly deal with; their ISP, online payment service or bank,” Singh added.
However, there is good news for South Africa’s online banking customers, Singh noted, adding: “The banks have recognised the problem and are taking action. Absa, for example, has made a bold commitment to keep their clients who use their online, e-mail and newsletter services regularly informed of developments about phishing. They are tracking international phishing variations to ensure that their clients are able to pre-empt any international threats.”
He cautioned customers: “Read the information you receive from your bank and be alert. If you know what you are looking for you can avoid falling prey to these online fraudsters.”
On how phishing works, he said: “The fraudsters ask recipients for verification of certain information, on the grounds that they need to ‘update’ or ‘validate’ their billing information to keep their accounts active. They then direct them to a ‘lookalike’ website of the legitimate business, further tricking consumers into thinking they are responding to a bona fide request.
“Unknowingly, consumers submit their financial information — not to the business, but [to] the scammers, who use it to order goods and services and obtain credit.”
When one gets an e-mail that warns one that one’s account will be shut down unless one confirms one’s billing information, “do not reply or click on the link in the e-mail”.
“What you should do is contact the company cited in the e-mail using a telephone number or website address you know to be genuine. This is the only way to ascertain if the website is legitimate. Most companies do not ask consumers to confirm personal information by sending them an e-mail,” Singh warned.
“Consumers should avoid e-mailing personal and financial information. Before submitting financial information through a website, look for the ‘lock’ icon on the browser’s status bar. It signals that your information is secure during transmission,” he continued.
“Review credit-card and bank account statements as soon as you receive them to determine whether there are any unauthorised charges. If your statement is late, call your bank to confirm your billing address and account balances.
“Look for misspelling and bad grammar. While the odd typo can be a slip by the organisation, more than one is a tip-off to beware. If the e-mail refers you to a website, look carefully at the URL. It’s easy to disguise a link to a site,” he added. — I-Net Bridge