myDigitalLife Blogs

Blogs about Digital, Lifestyle, current news and opinions

Gone Phishing!

Posted by: sgb

Tagged in: Security , phishing , Banks


There has been a marked increase in phishing attempts by 'bank-look-alikes' in the past year. They are also becoming more sophisticated, correcting spelling and grammar, and starting to copy the 'look and feel' of the genuine item. So how to combat it?

A report came out about two weeks ago basically telling people to:

  • * ignore these emails (naturally) as the banks will never ask you to confirm your details in this manner;
  • * forward these emails to the respective banks so they can take action against the sender (if they can trace them) (see comment below);
  • * always go in to your bank's website by typing in the webaddress and confirming that it is https: and not http: (see comment below).

Forwarding the emails to your bank / contacting your bank

I looked up the website to the four top banks trying to find a contact email address, specifically for fraud. I remember the report gave the email addresses but they were not obvious at all (I seem to remember one was something like '').

* Standard Bank contact us page: No email or telephone number to report fraud: an email address for specific Internet Support (;

* ABSA Bank contact us page: telephone hotline to report fraud: no email address for fraud:an email address for specific Internet Support (;

* Nedbank contact us page: no telephone number for fraud: no email addresses at all!!

* FNB contact us page: no telephone number for fraud: a general email (

I also checked SARS efiling:

* SARS efiling contact us page: no specific telephone number, email for fraud:general number for queries, general email for queries (

While there is a possibility that these numbers and email addresses are elsewhere on the site, this is not good enough. The 'Contact us page' should contain ALL important contact information. I dont feel like searching sites, when it is easier to just delete the offending email.

Recommendation to all financial institutions:

Create a common email address (e.g.,, etc) and put it on your contact us page. (who in their right mind remembers sup4, or even ibsupport?)

Type in bank's web address

I find this recommendation a bit strange as:

  • * in the early days of the web (and maybe still carrying on) there was a lot of fraud by people registering domains similar to correct domains. For example typing instead of (an easy typo) took you to a porn site,
  • * if you just type in your banks name you are relying on Google, Bing, etc recognising fraud sites and discarding them and taking you to your correct site,
  • * the bank's home page (as opposed to the on-line banking home page) is 'http' and not 'https' so is just a cause for confusion!

I therefore tend to store these pages in my favourites (or Bookmarks in Firefox) and rely on my anti virus to ensure these are not changed.

Recommendation to all financial institutions:

Put your home page in https. I know it is not necessary for security, but if you are using your links to go to the on-line banking site then it would be safer.

Create a 'common name' for on-line banking and publicise it. e.g etc.


Add to Technorati Favorites3948JDENYAHT

Comments (0)Add Comment

Add your 2Cents
You must be logged in to post a comment. Please register if you do not have an account yet.


Member Login