M&G readers targeted by scam gang

Since early November last year, a gang has been systematically targeting visitors to mg.co.za with a clever scam that, by exploiting a loophole in our security architecture, closely mimics a Windows anti-virus warning. When unsuspecting readers click on the "clean computer" button, they are shown a realistic (but fake) scanning process, and are then prompted to "upgrade" their anti-virus by paying a fee with a credit card. When they do so, they effectively hand their credit card details over to the scammers.

If you suspect you have revealed your credit card details to these scammers, please do the following:

  • Immediately cancel your credit card;
  • Check your most recent statement for any fraudulent activities and report them to your bank;
  • Contact us with the details so that we can confirm the fraud with your bank;
  • Check that your computer is not infected with any viruses. We can recommend some good options for antivirus systems if you need one.

How could the M&G let this happen?
We're deeply sorry that this happened and we accept full responsibility for this lapse in our security. As a major publisher we are under constant attack by hackers and scammers, all looking for an unguarded loophole to exploit. For the last two years our security has proved sufficiently tight to mitigate these attacks, but in November the criminals changed tactics.

Traditionally, hackers and scammers will target the computers ("servers") which host a website. By gaining covert access to these servers they can then use them to infect unsuspecting readers with computer viruses or fool them with scams such as the one described above. But as security has improved it has become harder and harder to break into these servers.

By comparison, online advertising services are much more open. Many of them offer self-service systems that allow advertisers to place their own advertisements. Criminals have now realised that they can use these systems to attack large publishers.

The attack works as follows:

  • The criminals set up a fake advertising network as a front for their activities;
  • They then offer to buy advertising space at market rates, either directly from publishers or via other networks. They negotiate 30 day payment terms with no intention of paying;
  • They use one or more self-service advertising systems to create what seem to be legitimate adverts and send code to the publisher that will pull ("serve") these adverts onto the publisher's site;
  • They serve the fake adverts for a few days and then replace these adverts with the scam code;
  • The scam automatically sends readers who fit a particular profile (normally related to the version of Windows they are using) to a site that pops up the fake anti-virus warning;
  • Before reports of this attack can filter back the publisher, the criminals switch the scam with the fake advert, rendering it undetectable again;
  • They repeat this for as long as they can before being caught.

One factor that makes this criminal activity so hard to detect is that they appear to be legitimate advertiser networks with credible corporate websites, willing to pay market-related rates to reach our readers. And by running the scam in short bursts, they dramatically reduce the chances of being caught and shut down. These are clear signs of how organised and sophisticated these criminal gangs are becoming.

Our commitment to our readers
Now that we're aware of this new vector of attack we will be radically overhauling our security practices around advertising. We will not accept anonymous ad code from self-service platforms, and we will thoroughly vet all advertisers and networks before agreeing to do business with them.

Frankly, these practices should have been in place before this attack and we apologise that they were not. We should not have been caught by surprise. The fact that other large publishers, including Yahoo, have also been duped does not excuse our lapse.

We strongly believe that we have identified and stopped these criminals, but we need your help to confirm that this is the case. If you see any virus warnings when you visit our site please immediately contact us via this online form. They may be using more than one vector of attack and your feedback will be invaluable in rooting them out if this is the case.

Once again, we apologise. If you have any questions or need any assistance, please use the same form to contact us.

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever. But it comes at a cost. Advertisers are cancelling campaigns, and our live events have come to an abrupt halt. Our income has been slashed.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years. We’ve survived thanks to the support of our readers, we will need you to help us get through this.

To help us ensure another 35 future years of fiercely independent journalism, please subscribe.


ConCourt settles the law on the public protector and interim...

The Constitutional Court said it welcomed robust debate but criticised the populist rhetoric in the battle between Busisiwe Mkhwebane and Minister Pravin Gordhan

Small towns not ready for level 3

Officials in Beaufort West, which is on a route that links the Cape with the rest of the country, are worried relaxed lockdown regulations mean residents are now at risk of contracting Covid-19

Press Releases

Covid-19 and Back to School Webinar

If our educators can take care of themselves, they can take care of the children they teach

5G technology is the future

Besides a healthcare problem Covid-19 is also a data issue and 5G technology, with its lightning speed, can help to curb its spread

JTI off to court for tobacco ban: Government not listening to industry or consumers

The tobacco ban places 109 000 jobs and 179 000 wholesalers and retailers at risk — including the livelihood of emerging farmers

Holistic Financial Planning for Professionals Webinar

Our lives are constantly in flux, so it makes sense that your financial planning must be reviewed frequently — preferably on an annual basis

Undeterred by Covid-19 pandemic, China and Africa hold hands, building a community of a shared future for mankind

It is clear that building a community with a shared future for all mankind has become a more pressing task than ever before

Wills, Estate Administration and Succession Planning Webinar

Capital Legacy has had no slowdown in lockdown regarding turnaround with clients, in storing or retrieving wills and in answering their questions

Call for Expression of Interest: Training supply and needs assessment to support the energy transition in South Africa

GIZ invites eligible and professional companies with local presence in South Africa to participate in this tender to support the energy transition

Obituary: Mohammed Tikly

His legacy will live on in the vision he shared for a brighter more socially just future, in which racism and discrimination are things of the past

The best local and international journalism

handpicked and in your inbox every weekday