EMAIL HACKING AND TECHNICAL TELEPHONE SCAMS

What is Email Hacking?This happens when fraudsters get hold of your email account and password information and use it to impersonate you to commit a number of fraudulent activities, including:

Notifying business clients or debtors of a supposed change of

banking details.

Requesting banks to make transactions on your behalf.

Ordering goods or services.

CYBERCRIME IS HERE TO STAY, DON’T GET CAUGHT WITH YOUR HEAD IN THE CLOUDS!

How do they access my email account?

You will typically receive an email that pretends to be from Hotmail, Google, Yahoo, etc, scaring you into thinking you need to click on a link to save your account.

The email will often say the following:

From: fakeperson@hotmail.com

To: your email address

Subject: Important information

username

login

What else can cybercriminals do with my email account?

They can move any emails from a specific sender to folders located on their computers.

If your credit card details are stored on your Google or Hotmail account, they can use

these details to buy items online.

They can trawl through your mailbox and use sensitive documents (such as copies of ID,

bank statements, etc).

Your inbox is full. Click on this link to delete messages or increase your mailbox size.

Important and for immediate attention: Please log in using the link provided.

Due to anonymous registration of accounts, we are closing some email accounts. If you would like to keep this email account, please click on this link.

When you click on this link, it will take you to a fake site that is similar to your service provider’s site with a fake form to complete. Once you enter your login details, cybercriminals capture your details and use it to hijack your email account.

Email authentication

Many of our clients send us email instructions, email instructions need to be properly authenticated with a call back to ensure that the client’s instruction is validated to protect you, the client and the bank.

You receive complaints about spam being sent from your mailbox to contacts.

You do not receive any emails or some emails appear to be missing.

If you receive large numbers of undeliverable messages for emails you did not send.

You cannot login to your email account.

Unknown emails appear in your sent items folder.

Your personal email address may be compromised if…

Guidelines for authenticating an email instruction

Ensure that there is an email indemnity in place. NEVER assume. ALWAYS check.

Be mindful of the fact that the legitimate client’s email account could be hacked and the instruction could have been sent by fraudsters using the clients email account. Always contact the client to confirm the email instruction.

Before calling the client to confirm the email request, check the system to determine if the client’s contact numbers have been changed or updated recently. If they have been changed or updated recently proceed with caution. We would like to recommend that if the numbers were changed recently that you contact the client on the old number first.

Authenticate the client before confirming the transaction request to ensure that you are talking to your client and not a fraudster.

Read the email carefully and ensure that the grammar used in the body of the email is correct and that there are no spelling errors.

Check the client’s account to see if the transaction makes sense based on the normal transaction patterns.

Do not be rushed into processing a transaction, fraudsters often place pressure on bankers to try and get them to process a transaction without following the required processes.

We have had cases where fraudsters have created an email address that looks very similar to the clients and they then send an instruction hoping that the banker will not pick up on the differences in email addresses. Always scrutinise the email address and compare it to the email address on IBS/BP and on previous correspondence.

What is a telephonic technical-support scam?

TOP TIPS to avoid telephonic technical-support scams

When someone posing as a representative from an IT company (eg Microsoft) calls you to offer help solving a computer problem (eg remove viruses) or tries to sell you a software licence.

Fraudsters will ask you to go to a website or to click on a link that will allow them to access your computer so they can do the repairs, remove viruses or download the software you bought.

Never give a third party control of your computer, unless you can confirm (from other sources) that it is a legitimate representative of a computer support team from a company that you trust.

IT companies will never call you to do repairs on your computer or to sell you software.

Never give your credit card information to someone claiming to be from an IT company’s (eg Microsoft) technical support team.

Make sure that your computer antivirus software is up to date.

Nedbank Ltd Reg No 1951/000009/06. Authorised financial services and registered credit provider (NCRCP16).

nedbank.co.za

Once they access your computer, they can do the following:

Trick you into installing malware that captures sensitive data, such as online banking usernames and passwords. (They may even charge you to remove this software afterwards).

Take control of your computer remotely and adjust your security settings to leave your computer vulnerable.

Ask for your credit card information so they can bill you for repairs or software you have ordered.

Direct you to fraudulent websites to enter your credit card and other personal information.