M&G readers targeted by scam gang

Since early November last year, a gang has been systematically targeting visitors to mg.co.za with a clever scam that, by exploiting a loophole in our security architecture, closely mimics a Windows anti-virus warning. When unsuspecting readers click on the "clean computer" button, they are shown a realistic (but fake) scanning process, and are then prompted to "upgrade" their anti-virus by paying a fee with a credit card. When they do so, they effectively hand their credit card details over to the scammers.

If you suspect you have revealed your credit card details to these scammers, please do the following:

  • Immediately cancel your credit card;
  • Check your most recent statement for any fraudulent activities and report them to your bank;
  • Contact us with the details so that we can confirm the fraud with your bank;
  • Check that your computer is not infected with any viruses. We can recommend some good options for antivirus systems if you need one.

How could the M&G let this happen?
We're deeply sorry that this happened and we accept full responsibility for this lapse in our security. As a major publisher we are under constant attack by hackers and scammers, all looking for an unguarded loophole to exploit. For the last two years our security has proved sufficiently tight to mitigate these attacks, but in November the criminals changed tactics.

Traditionally, hackers and scammers will target the computers ("servers") which host a website. By gaining covert access to these servers they can then use them to infect unsuspecting readers with computer viruses or fool them with scams such as the one described above. But as security has improved it has become harder and harder to break into these servers.

By comparison, online advertising services are much more open. Many of them offer self-service systems that allow advertisers to place their own advertisements. Criminals have now realised that they can use these systems to attack large publishers.

The attack works as follows:

  • The criminals set up a fake advertising network as a front for their activities;
  • They then offer to buy advertising space at market rates, either directly from publishers or via other networks. They negotiate 30 day payment terms with no intention of paying;
  • They use one or more self-service advertising systems to create what seem to be legitimate adverts and send code to the publisher that will pull ("serve") these adverts onto the publisher's site;
  • They serve the fake adverts for a few days and then replace these adverts with the scam code;
  • The scam automatically sends readers who fit a particular profile (normally related to the version of Windows they are using) to a site that pops up the fake anti-virus warning;
  • Before reports of this attack can filter back the publisher, the criminals switch the scam with the fake advert, rendering it undetectable again;
  • They repeat this for as long as they can before being caught.

One factor that makes this criminal activity so hard to detect is that they appear to be legitimate advertiser networks with credible corporate websites, willing to pay market-related rates to reach our readers. And by running the scam in short bursts, they dramatically reduce the chances of being caught and shut down. These are clear signs of how organised and sophisticated these criminal gangs are becoming.

Our commitment to our readers
Now that we're aware of this new vector of attack we will be radically overhauling our security practices around advertising. We will not accept anonymous ad code from self-service platforms, and we will thoroughly vet all advertisers and networks before agreeing to do business with them.

Frankly, these practices should have been in place before this attack and we apologise that they were not. We should not have been caught by surprise. The fact that other large publishers, including Yahoo, have also been duped does not excuse our lapse.

We strongly believe that we have identified and stopped these criminals, but we need your help to confirm that this is the case. If you see any virus warnings when you visit our site please immediately contact us via this online form. They may be using more than one vector of attack and your feedback will be invaluable in rooting them out if this is the case.

Once again, we apologise. If you have any questions or need any assistance, please use the same form to contact us.

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Related stories


Subscribers only

The South African connection: How mercenaries aided Trump ally in...

The UN found that Trump ally Erik Prince violated the Libyan arms embargo. Here are the South Africans the report says helped him to do so

Q&A Sessions: African court ‘will be a tough job’ — Dumisa...

Lawyer, author and political activist Dumisa Ntsebeza talks to Nicolene de Wee about his appointment as judge of the African Court on Human and...

More top stories

In a bizarre twist VBS liquidators sue KPMG for R863mn

In filed court documents, the VBS liquidators are blaming auditing firm KPMG’s negligence for the alleged looting of the bank

Snip, snip: Mboweni eyes wage bill, other future spending cuts

Last year, the finance minister noted that increased government spending has failed to promote growth over the past decade

Budget: Mboweni pegs recovery hopes on vaccine efficacy, lower public...

The treasury forecasts 3.3% growth, but warns this will fall to 1.6% if the fledgeling vaccination programme fails to stem successive Covid waves

READ IT IN FULL: Mboweni’s 2021 budget speech

Read the finance minister's address on the budget for 2021

press releases

Loading latest Press Releases…