myDigitalLife Blogs

Blogs about Digital, Lifestyle, current news and opinions

Gone Phishing!

Posted by: sgb

Tagged in: Security , phishing , Banks

sgb

There has been a marked increase in phishing attempts by 'bank-look-alikes' in the past year. They are also becoming more sophisticated, correcting spelling and grammar, and starting to copy the 'look and feel' of the genuine item. So how to combat it?

A report came out about two weeks ago basically telling people to:

  • * ignore these emails (naturally) as the banks will never ask you to confirm your details in this manner;
  • * forward these emails to the respective banks so they can take action against the sender (if they can trace them) (see comment below);
  • * always go in to your bank's website by typing in the webaddress and confirming that it is https: and not http: (see comment below).

Forwarding the emails to your bank / contacting your bank

I looked up the website to the four top banks trying to find a contact email address, specifically for fraud. I remember the report gave the email addresses but they were not obvious at all (I seem to remember one was something like 'se4@yourbank.co.za').

* Standard Bank contact us page: No email or telephone number to report fraud: an email address for specific Internet Support (ibsupport@standardbank.co.za);

* ABSA Bank contact us page: telephone hotline to report fraud: no email address for fraud:an email address for specific Internet Support (sup4@absa.co.za);

* Nedbank contact us page: no telephone number for fraud: no email addresses at all!!

* FNB contact us page: no telephone number for fraud: a general email (info@fnb.co.za).

I also checked SARS efiling:

* SARS efiling contact us page: no specific telephone number, email for fraud:general number for queries, general email for queries (eFilingAssist@sars.gov.za).

While there is a possibility that these numbers and email addresses are elsewhere on the site, this is not good enough. The 'Contact us page' should contain ALL important contact information. I dont feel like searching sites, when it is easier to just delete the offending email.

Recommendation to all financial institutions:

Create a common email address (e.g. fraud@standardbank.co.za, fraud@efiling.co.za, etc) and put it on your contact us page. (who in their right mind remembers sup4, or even ibsupport?)

Type in bank's web address

I find this recommendation a bit strange as:

  • * in the early days of the web (and maybe still carrying on) there was a lot of fraud by people registering domains similar to correct domains. For example typing www.yahop.com instead of www.yahoo.com (an easy typo) took you to a porn site,
  • * if you just type in your banks name you are relying on Google, Bing, etc recognising fraud sites and discarding them and taking you to your correct site,
  • * the bank's home page (as opposed to the on-line banking home page) is 'http' and not 'https' so is just a cause for confusion!

I therefore tend to store these pages in my favourites (or Bookmarks in Firefox) and rely on my anti virus to ensure these are not changed.

Recommendation to all financial institutions:

Put your home page in https. I know it is not necessary for security, but if you are using your links to go to the on-line banking site then it would be safer.

Create a 'common name' for on-line banking and publicise it. e.g online.absa.co.za etc.

 

Afrigator
Add to Technorati Favorites3948JDENYAHT

Comments (0)Add Comment

Add your 2Cents
You must be logged in to post a comment. Please register if you do not have an account yet.

busy

Member Login