Bank Fraud over the Internet
This week friends of ours were caught with a scam where somebody emailed them a notice telling them that ABSA is upgrading their system and they wanted them to enter their username and pin on the “bank’s” web site. The short of the long story is that these scamsters emptied all 8 their bank accounts.
My question is that if these people transfered the money to another account, the bank are supposed to know who’s account that is. Nowadays you have to give all your FICA documents and whatever documents just to open an account. How the hell is it possible that these scamsters can transfer the money to another account without the bank knowing who’s account it is?
I cannot believe that there are still people who fall for this. I thought that by now everybody will know that this is a scam. Little did I know that some of my friends were caught that way.
One of the emails most frequently used has a subject line which make the recipiet believe that the email is intended to fight Internet crime. Here is an example of such an email. If you receive an email like this delete it, DO NOT respond to it:
Subject: NOTIFICATION OF PHISHING ATTACKS
Dear ABSA Customers ,ABSA customers have encountered countless issues with incessant phishing attacks on our numerous account holders, hence we are taking greater security measures to curb and curtail this attacks…
We are migrating all ABSA account holders to a new direct and more secure server, All online account holders are required to join ABSA in fighting internet fraud and crimes by upgrading and migrating to our new secured server with us. This security measure is to properly secure your online banking details from unnecessary attacks , failure to comply to this procedure will expose your account to easy attacks and we wont be liable for any loss. You must comply with this directive.
Follow the link below to complete your online banking upgrade and migrate to our new security server.
http://www.absa.co.za
Sincerely,
Security Team
ABSA
Here are some tips on how to prevent this from happening to you…
- Never enter your security details like a username, password or pin on a web site unless you use it to log in. A reputable bank, company or institution will NEVER EVER ask you to enter your details on any web site. If they are really trying to change something on the system they would ask you to first login to your account and then change whatever you have to change
- Never give your pin to strangers, friends, family or even bank employees. Your pin is your secret and nobody need to know it. The bank will NEVER EVER phone you and ask for your pin.
- Some of these Phisers use adware or viruses to record the keystrokes you use on your keybord and that way they get hold of your pin. To prvent this NEVER open any strange emails, especially those with attachments. You can open the email but do not open the attachment unless you know who it comes from. If you doubt, don’t open it.
- If you do visit hacking, gambling or gaming sites (or other bad neigberhood sites) make sure you are protected. Install a good anti virus program like AVG Internet Security. Some bad web sites can install a virus or “ad ware” program on your PC without you even knowing it.
- Last bt not least. OPEN YOUR EYES. I mean, this one is a no-brainer. If you receive an email from the bank asking you to update your details the first alarm goes of. In fact, if you receive any email from the bank where they are not trying to sell you another product or the email is not a payment notification, then already you must be worried. But if you do receive an email which asks you to click a link to go to their site, LOOK at the URL in the address line. The address line is the one circuled in the image below. This must contain your bank’s URL. If you bank with ABSA it will be absa.co.za . Sometimes the scamsters will creat a link which looks something like http://absa.somestupidname.com/update-details . Even if they do create a link which contains the bank’s name it is still easy to spot if you just use your common sense.
Open your eyes and look at the address bar.
The email I quoted above linker the text in the email to the fraudelent address. Although you see http://www.absa.co.za in the email, it has been linked to http://djolof.net/templates/security_update/absa/absa.html . Look acrefully at the URL. Although the name ABSA is mentioned in the URL, the URL points you to djolof.net and not to absa.co.za . Can you see ho easy it is to figure it out if you just look at the domain name.
The site at djlof.net looks exactly like the ABSA one, see image below. So it is easy to get confused. The only way you will know is to look at the domain name of the page you are using.
Fraudelent ABSA web site
So, if you are careful this never have to happen to you.
Remember to never give out your pin not even if they phone you and ask for it.
UPDATE:
Today 27 Aug 2009 I received a new version of the ABSA fraud email. This time they send you an one line email with subject “Message Alert!” from officialmail@absa.co.za
The email says
This is a notification from Notifyme,read urgently
If you click the link you will note that it links to http://www.taeinsys.co.kr/bbs/icon/index.htm and NOT to ABSA.
See the picture below. If you just look at the URL before you enter any data these guys will never catch you. The golden rule still apllies, “The bank will nether send you an email asking you to update your details”
Fraudelent ABSA web site, look at the URL
My account was emptied out on Monday and now they refuse to pay out. They claim I gave my login details to somebody. I was treated with such disrespect and I had to defend everything I did on that day. The best of all is I never even responded to any of the scam mails. Explain how that can happen! Even the police officers I spoke to admitted that ABSA has more fraud cases against them then any other bank. Doesnt that make you wonder how save your money is!
I also get them even though I do not have an ABSA account. The way to get rid of it is to get a gmail account. See http://pietpetoors.com/blog/how-to-stop-spam/
Trying to block them; Your are wasting your time, they use a different email and IP each day. If you have a gmail account you just forget about it.
Also remember with spam, the moment you reply to ask them to stop or try to unsubscribe, all you really are doing is confirming to them that your email is still working and they will send you more spam.
Hi Pieter
I have been getting these fraudulent emails (about 6 per day) from “Absa” and generally I ignore them. My problem is that despite blocking the sender and the domain, I still get so many of these emails! Do you have any suggestions?
Thanks Lenie
There is a new scam, the most recent emails sent are “Do you know that with Absa Internet banking, you can eliminate the cost of receiving and transferring funds from or to your account?
Please do not reply to this emails