M&G readers targeted by scam gang

Since early November last year, a gang has been systematically targeting visitors to mg.co.za with a clever scam that, by exploiting a loophole in our security architecture, closely mimics a Windows anti-virus warning. When unsuspecting readers click on the "clean computer" button, they are shown a realistic (but fake) scanning process, and are then prompted to "upgrade" their anti-virus by paying a fee with a credit card. When they do so, they effectively hand their credit card details over to the scammers.

If you suspect you have revealed your credit card details to these scammers, please do the following:

  • Immediately cancel your credit card;
  • Check your most recent statement for any fraudulent activities and report them to your bank;
  • Contact us with the details so that we can confirm the fraud with your bank;
  • Check that your computer is not infected with any viruses. We can recommend some good options for antivirus systems if you need one.

How could the M&G let this happen?
We're deeply sorry that this happened and we accept full responsibility for this lapse in our security. As a major publisher we are under constant attack by hackers and scammers, all looking for an unguarded loophole to exploit. For the last two years our security has proved sufficiently tight to mitigate these attacks, but in November the criminals changed tactics.

Traditionally, hackers and scammers will target the computers ("servers") which host a website. By gaining covert access to these servers they can then use them to infect unsuspecting readers with computer viruses or fool them with scams such as the one described above. But as security has improved it has become harder and harder to break into these servers.

By comparison, online advertising services are much more open. Many of them offer self-service systems that allow advertisers to place their own advertisements. Criminals have now realised that they can use these systems to attack large publishers.

The attack works as follows:

  • The criminals set up a fake advertising network as a front for their activities;
  • They then offer to buy advertising space at market rates, either directly from publishers or via other networks. They negotiate 30 day payment terms with no intention of paying;
  • They use one or more self-service advertising systems to create what seem to be legitimate adverts and send code to the publisher that will pull ("serve") these adverts onto the publisher's site;
  • They serve the fake adverts for a few days and then replace these adverts with the scam code;
  • The scam automatically sends readers who fit a particular profile (normally related to the version of Windows they are using) to a site that pops up the fake anti-virus warning;
  • Before reports of this attack can filter back the publisher, the criminals switch the scam with the fake advert, rendering it undetectable again;
  • They repeat this for as long as they can before being caught.

One factor that makes this criminal activity so hard to detect is that they appear to be legitimate advertiser networks with credible corporate websites, willing to pay market-related rates to reach our readers. And by running the scam in short bursts, they dramatically reduce the chances of being caught and shut down. These are clear signs of how organised and sophisticated these criminal gangs are becoming.

Our commitment to our readers
Now that we're aware of this new vector of attack we will be radically overhauling our security practices around advertising. We will not accept anonymous ad code from self-service platforms, and we will thoroughly vet all advertisers and networks before agreeing to do business with them.

Frankly, these practices should have been in place before this attack and we apologise that they were not. We should not have been caught by surprise. The fact that other large publishers, including Yahoo, have also been duped does not excuse our lapse.

We strongly believe that we have identified and stopped these criminals, but we need your help to confirm that this is the case. If you see any virus warnings when you visit our site please immediately contact us via this online form. They may be using more than one vector of attack and your feedback will be invaluable in rooting them out if this is the case.

Once again, we apologise. If you have any questions or need any assistance, please use the same form to contact us.

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Related stories


Subscribers only

Poachers in prisons tell their stories

Interviews with offenders provide insight into the structure of illegal wildlife trade networks

Covid-overflow hospital in ruins as SIU investigates

A high-level probe has begun into hundreds of millions of rand spent by the Gauteng health department to refurbish a hospital that is now seven months behind schedule – and lying empty

More top stories

The politics of the Zuma-Zondo showdown

Any move made by the Zondo commission head or by former president Jacob Zuma must be calculated, because one mistake from either side could lead to a political fallout

Museveni declared winner of disputed Uganda election

Security personnel out in force as longtime president wins sixth term and main challenger Bobi Wine alleges rigging.

Pay-TV inquiry probes the Multichoice monopoly

Africa’s largest subscription television operator says it is under threat amid the emerging popularity of global platforms like Netflix and Amazon Prime

​No apology or comfort as another Marikana mother dies without...

Nomawethu Ma’Bhengu Sompeta, whose funeral will be held this weekend, was unequivocal in calling out the government for its response to the Marikana massacre

press releases

Loading latest Press Releases…