Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 45

Thread: Banking details confirmation scam

  1. #11
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    A related story coming out:
    If you bank via the internet, beware of the latest scam - fraudsters may try to get you to receive by email the one-time password (OTP) your bank issues so that they can intercept it. Once criminals have your OTP, they can use it in combination with your account log-on details to transfer money out of your account.

    In an attempt to stop online fraud, the banks issue OTPs, which you must enter each time you want to amend your contact details or change your beneficiaries. This password is valid for a single internet banking session only.

    Fraudsters are now trying to intercept these OTPs so that if they manage to obtain your account log-in details, they can add themselves as a beneficiary and transfer money out of your account.

    The major banks are taking steps to address the problem by encouraging you to receive your OTP by SMS rather than by email.

    They say no South African bank will ask you to verify your personal identification number (PIN) in an email. If you receive such an email, you should not respond as it is likely to be from a fraudster after your log-in details.
    from Personal Finance here
    Is there a way fraudsters could intercept an OTP and use it before you do?

  2. #12
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Hmm. I think this is what the fuss is about. I received this email today (and I'm not an ABSA client):
    We recently noticed one or more attempts to log in to your ABSA account from a foreign IP address.
    Because of this unauthorized number of login attempts on your account, we had to believe that there might
    be some security problems on your account and we have suspended your account temporary.
    So we have decided to put an extra verification process to ensure your identity and your account security.

    ABSA Bank security department has request for your account information including
    your registered email address and the password to the email address.
    These will be use in our upcoming security enhancement, which will be taking place on the 31th of June 2007.

    This Information is mandatory to complete your verification as a legitimate member of ABSA Bank.

    However, you are required to use your computer keyboard and not the touch pad in completing
    the step 2 of this verification.
    Please take 5-10 minutes
    out of your online experience and verify your personal records so that you will not run into
    any future problems with the online service.

    (Link shows as) https://www.absa.co.za/verify/cgi-bin/webscr?cmd=_login-run (but actually goes to http://www.virtuulis.com/becres/modules/Forums/absa/ipjps_files/index.htm )

    If you choose not to complete this request, you give us no choice but to suspend your account temporary.

    It takes at least 72 hours for the investigation in this case and we strongly recommend you to verify
    your account at that time.
    Thanks for your patience as we work together to protect your account.

    ABSA Security Department.
    Now if they get the password to your email account, and have collected the online banking log-in information - they can get past the one time password feature if enabled by email.

    I'm not familiar with the ABSA online banking site, but I suppose you can also change to OTP via email there...

    Expect similar attacks on the other banks - although Standard Bank has introduced big warnings in red about this phising attack in their log-in page.

  3. #13
    Gold Member Dave S's Avatar
    Join Date
    Jun 2007
    Location
    Randburg
    Posts
    733
    Thanks
    39
    Thanked 117 Times in 91 Posts

    DaveShe

    Hi Folks,

    I got this one about 5 times this morning, remember never to click a link in an e-mail. This is obviously a Phishing attempt.

    "June 2007

    Dear Valued Customer,
    Financial institutions around the world have always been subject to attempts by criminals to try and defraud
    money from them and their customers. These attempts can occur in a number of ways ( e.g. credit card fraud,
    telephone banking or Internet scams).

    As a part of our ongoing commitment to provide the "Best Possible" service and Protection to all our Members this year,
    we are now requiring each member to validate their accounts using our new secure and safe SSL servers. To
    validate your online banking account click on Log In To Online Banking.
    This Email has being sent to all ABSA Banking customers, and it is compulsory to follow
    as failure to verify account details will lead to account suspension.

    Thank you.
    Online Banking Security Team
    ABSA Bank Security Department
    ABSA Bank Limited
    http://www.absa.co.za
    ABSA, Today, tommorow, together
    © All Rights Reserved. ABSA Bank Limited. SA
    Do NOT reply to this message, as replies would not be answered

    TRACKING NUMBER: A00001337816-00005310113"

    These eople are the pits!!!!!

  4. #14
    Email problem stephanfx's Avatar
    Join Date
    Apr 2007
    Posts
    203
    Thanks
    0
    Thanked 1 Time in 1 Post
    I have been banking online for quite some time now and I must admit that these people are really going at it. I wonder if there are any stats on how many people actually fall for this, and if they do, what is normally the banks response?

  5. #15
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12

    They've started on Nedbank now

    I got this phising attempt on Nedbank this morning.
    Dear Customer
    We're committed to protecting you when you bank with us.Our industry-standard
    levels of security ensure that you can always access your NedBank Accounts online with confidence.
    To ensure you are always protected, we are introducing a new programme of security initiatives,
    with our new Online Banking access homepage.

    Over the next few months, you’ll see a number of changes in our online services access
    that we put in place to make sure you stay secure and to help you
    protect your Internet banking information.
    We’re here to help you stay safe while banking online.
    In this manner your Online Banking services needs to be reactivated to ensure a safe banking with us.
    To reactivate your NedBank records click on the following link:
    https://netbank.nedsecure.co.za/customer/ (actually links to http://www.vsnk.fi/help/nedd.htm)
    Thank You.
    Accounts Management As outlined in our User Agreement, NedBank will
    periodically send you information about site changes and enhancements.

    Visit our Privacy Policy and User Agreement if you have any questions.
    http://www.nedbank.co.za/help /index.html
    As always, note that the link to click does not take you to the URL it purports to be. And the link to the privacy policy and user agreement is not in fact a link at all.
    Last edited by duncan drennan; 24-Jul-07 at 08:32 AM. Reason: changed links to stop parsing and linking

  6. #16
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Over the last two days I've seen an all out camaign against Standard Bank, Nedbank and ABSA. All in close succession.

    The following is a new twist on the theme and I am rather concerned that some folk will fall for it.


    SSL Server Alert

    An error has occurred to our SSL server and due to this,alerts to your Cell phone will not be made.As a result of this,we would like you to change your method of alert to your email for the meantime before we restore our SSL.

    Failure to do so within 5 hours of this alert might lead to inaccessibility to your account.Please we are sorry for the inconviniences this might cause you.

    Log In To Your Account Now

    Sincerely,

    Customer Alert Dept.
    (Standard Bank)
    Here is where the link takes you

    [URL="http://www.esc-yutz.com/mambots/search/signonmenu%5b1%5d.htm"][B][COLOR=#0000ff]Log In To Your Account Now[/COLOR][/B][/URL]
    Last edited by duncan drennan; 03-Oct-07 at 01:57 PM.

  7. #17
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12

    A genuine email from Standard Bank.

    I got a genuine email from Standard Bank today, unfortunately with all rights reserved etc. But two interesting parts I'll risk a copyright infringement lawsuit on.

    1. Obviously, this is a serious issue.
    This information is vital to your Internet banking security. We are therefore obliged to send this email to you as an Internet banking user, even if you have unsubscribed from receiving emails from us. We apologise for any inconvenience caused.
    2. Some very sage advice when it comes to online banking
    To protect yourself from phishing incidents, we suggest that you adopt the following measures:
    • Always access Internet banking by typing the correct URL (http://www.standardbank.co.za) into your browser.
    • Never click on a link in an email that takes you to another website
    • Don't enter your personal details either in the email or on the website.
    • Use up-to-date antivirus software and a personal firewall. This is provided free by us to all our Internet banking customers.
    • Make use of the one-time password security feature
    • Be cautious if you use Internet cafés or a computer that is not your own.
    • Keep your Microsoft Security up to date.
    If I can add - for those using IE7, make sure you've got your phising alert feature activated.

  8. #18
    Gold Member
    Join Date
    Jun 2006
    Posts
    561
    Thanks
    32
    Thanked 49 Times in 32 Posts
    Interesting - what CAN they do if I have clicked "no mail" and they have an urgent/relevant warning to get to me?
    Regards

    Debbie
    debbie@stafftraining.co.za

    From reception to management training, assertiveness, accountability or interviewing skills, we have a wide range of training workshops available for you!
    www.stafftraining.co.za

    Find us on
    Facebook

  9. #19
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,648
    Thanks
    3,304
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    OK. This one is really scary, because it is sooo believable. Even the link was almost credible - I haven't included it.
    Attention to all Standard Bank Customers!

    Some Standard Bank customers have reported experiencing disconnect or write error issues with online banking.
    To address this, Standard Bank has released a 128-bit SSL update for the online banking page that eliminates this bug.

    You can update your browser from our Customer Service Department>>> *very dangerous link removed*

    Standard Bank strongly recommends that all customers upgrade their browsers to this new update, regardless of whether or not they have experienced this bug.

    Sincerely, Robin Pacheco.
    Copyright 2008 Standard Bank
    Someone is going to fall for it

  10. #20
    Silver Member Graeme's Avatar
    Join Date
    Sep 2006
    Posts
    253
    Thanks
    73
    Thanked 19 Times in 18 Posts
    Does Standard Bank know about this?

Page 2 of 5 FirstFirst 1234 ... LastLast

Similar Threads

  1. Domain name scam.
    By Dave A in forum Scam Alert Forum
    Replies: 10
    Last Post: 21-Sep-09, 01:26 AM
  2. Overpayment scam.
    By I Robot in forum Scam Alert Forum
    Replies: 1
    Last Post: 22-Aug-06, 09:15 AM

Tags for this Thread

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •