Skip to main content

Blog

Beware of the Post Office Scams

We have recently seen an increase in these types of cyber attacks. The cyber criminal bypasses your email security by using a trusted service and website (in this example they use Survey Monkey, with a free account). The email is made to look like a notification from the South African Post Office. This tells the user that they have a parcel for delivery, which requires a payment to be delivered.

Beware of the Post Office Scams SA Post

If you click on the fake payment link, you are directed to the Survey Monkey page that the cyber criminal has setup. If the user does not notice this is a Survey Monkey site (which most do not) they are then enticed to click to be redirected to the criminal’s fake payment page. If you have not deployed a layered cyber resilience program, the user will not be stopped. The cyber-criminal uses these hops to make sure they have the highest success rate. 

Beware of the Post Office Scams post office

If you make use of J2 cyber resilience services, this is where the attacks would stop. Beware of the Post Office Scams j2 cyber
Beware of the Post Office Scams Unpaid Charges For the sake of education, I will let you know what will happen if you do not.
Once you are redirected, you will be taken to the cyber criminal’s fake landing page to make your payment.
Most people will most likely not take note of the website they land on. This should be a big red-flag.
You are then asked to insert your credit card details to make payment for your delivery.
At this point the criminal will be stealing your credit card information.
Beware of the Post Office Scams payments
 Beware of the Post Office Scams

When you proceed, the criminal syndicate have even resorted to using trusted South African payment gateway’s logo to continue with their attack as they steal your data. This is not real and they have simply scraped the logo from the real website.
This entire process is fake.

Their next step to complete the card theft is to get you to enter your credit card PIN.
Sadly, many people are still convinced this is real and when they enter their PIN the criminal will not have all they need to sell your credit card details and they will use it.
DO NOT ENTER YOUR PIN
The attacker will keep you there as they now have an automated process to not only steal your card number and PIN – they will process a transaction if you have given them the correct details.

Beware of the Post Office Scams card verification
payfast 2 The next step to process their stolen goods is to get your OTP. They do this with yet another fake page and if your details correspond your money will be stolen and your credit card details will be sold.
With your money gone, you wait excitedly for your delivery which never comes. visa
payment successful  

Cyber attacks evolve daily and please question every unsolicited email, call and payment request you receive. A few comments and tips that you may want to use in your daily life: 

  • Know that you are target, everybody is.
  • Check the sender’s email address.
  • Deploy a layered, monitored and comprehensive cyber resilience program.
  • Take note of the URL of any website you land up on.
  • If you didn’t request something, then it is fake.
  • Check that you are using only known and trusted websites.
  • NEVER enter your PIN or give it out over the phone.
  • Educate your users, friends and family.
  • If you are unsure, verify the authenticity with a little bit of research and do not rely on information contained in the email you receive.

Stay safe.
#J1TopTip

  • Created on .
  • Hits: 1723