Beware of the Post Office Scams
We have recently seen an increase in these types of cyber attacks. The cyber criminal bypasses your email security by using a trusted service and website (in this example they use Survey Monkey, with a free account). The email is made to look like a notification from the South African Post Office. This tells the user that they have a parcel for delivery, which requires a payment to be delivered.
If you click on the fake payment link, you are directed to the Survey Monkey page that the cyber criminal has setup. If the user does not notice this is a Survey Monkey site (which most do not) they are then enticed to click to be redirected to the criminal’s fake payment page. If you have not deployed a layered cyber resilience program, the user will not be stopped. The cyber-criminal uses these hops to make sure they have the highest success rate.
|If you make use of J2 cyber resilience services, this is where the attacks would stop.|
|For the sake of education, I will let you know what will happen if you do not.|
|Once you are redirected, you will be taken to the cyber criminal’s fake landing page to make your payment.
Most people will most likely not take note of the website they land on. This should be a big red-flag.
You are then asked to insert your credit card details to make payment for your delivery.
At this point the criminal will be stealing your credit card information.
When you proceed, the criminal syndicate have even resorted to using trusted South African payment gateway’s logo to continue with their attack as they steal your data. This is not real and they have simply scraped the logo from the real website.
Their next step to complete the card theft is to get you to enter your credit card PIN.
|The next step to process their stolen goods is to get your OTP. They do this with yet another fake page and if your details correspond your money will be stolen and your credit card details will be sold.|
|With your money gone, you wait excitedly for your delivery which never comes.|
Cyber attacks evolve daily and please question every unsolicited email, call and payment request you receive. A few comments and tips that you may want to use in your daily life:
- Know that you are target, everybody is.
- Check the sender’s email address.
- Deploy a layered, monitored and comprehensive cyber resilience program.
- Take note of the URL of any website you land up on.
- If you didn’t request something, then it is fake.
- Check that you are using only known and trusted websites.
- NEVER enter your PIN or give it out over the phone.
- Educate your users, friends and family.
- If you are unsure, verify the authenticity with a little bit of research and do not rely on information contained in the email you receive.
- Hits: 384