‘Spear phishing’: scam uses sophisticated methods to bypass detection

2011-02-24 00:00

FIN24 recently reported that in the last couple of months, e-mail scams exploiting South African bank account holders have more than tripled since the start of 2010.

Earlier this year, Carte Blanche reported on an evolved version of e-mail scams namely “spear phishing”, featuring an American cyber crime expert, Brian Krebs, who explained the modus operandi of spear phishing in America.

Unfortunately spear phishing is not restricted to America. It is very active in South Africa and even closer to home in KwaZulu-Natal.

Carte Blanche further reported that the South African banking ombudsman, Advocate Clive Pillay, has handled over 700 cases involving spear phishing in 2010.

Unlike random e-mail scams easily identified by their use of templates containing misspelled words, spear phishing targets specific groups of people or organisations with personalised content.

We analysed a number of spear phishing e-mails and found that it employs more sophisticated methods to bypass detection.

In the past we have been educated to ensure that an online banking website address starts with “HTTPS”; there is a padlock visible at the bottom right hand of your Internet browser.

However, with spear phishing we noticed that the e-mail scam usually informs you that a deposit of funds requires your attention; you are redirected to a website that is an exact clone of your bank’s online webpage; the website address starts with HTTPS; there is a padlock visible at the bottom right hand of your Internet browser.

The cloned website will allow you to log in to your bank account while intercepting everything you type during the login process, including your one-time pin (OTP).

By now you are wondering how to avoid becoming a victim, especially since you access your e-mail account via your cellphone.

Take note of the fact that a bank will never redirect you to verify a deposit and that the cloned website address won’t match that of your bank’s official website address.

Also note that the padlock visible at the bottom right-hand of your Internet browser will have an exclamation (!) mark over it that indicates the cloned website is not digitally signed and should therefore not be trusted.

We as consumers need to take more responsibility in ensuring our safety and not rely solely on banks to protect us against cyber-attacks.

For more information call KPMG at 033 347 7600.

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.