computerwoche.de

Archiv

Phishing hits South Africa

18.05.2005
Von Computing SA

In what seems to be the first phishing scam imitating a South Africa bank, a rapidly spreading e-mail is illicitly attempting to obtain the details of unsuspecting online bankers.

According to local anti-virus company NOD32 South Africa, the e-mail seems at first glance to have been sent by First National Bank (FNB), and appears extremely authentic.

Closer examination however reveals that it is not a genuine FNB e-mail, but the latest in the recent spate of international "phishing" e-mail scams. Until now, however, phishing scams have traditionally only targeted users of major banks in the UK and USA.

"The e-mail appears to the end-user to be coming from a genuine FNB employee, and coerces the user into clicking a Web site link, which attempts to obtain their Internet banking username and password. The Web site actually uses a part of FNB"s real Web site, as well as a site redirection trick to appear extremely authentic," says NOD32 CEO, Justin Stanford.

"At first glance, even to users familiar with computers, it is very convincing."

"This is among the first SA bank specific phishing e-mails seen in the country, and, because of its authentic appearance, we expect many users may have already stepped in to the trap. Users are advised to be extremely cautious when receiving such an e-mail, and to ignore it completely. If unsure, contact your bank to double-check its authenticity."

It is feared that scores of details will already have been captured by the scam perpetrators.

Below is a copy of the e-mail and the original link:

*********

From: First National Bank [BriettaBurleson@fnb.co.za]

Subject: First National Bank Email Verification

Dear First National Bank Member,

This e-mail was sent by the First National Bank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your First National Bank User ID and Password.

This is done for your protection - because some of our members no longer have access to their e-mail addresses and we must verify it. To verify your e-mail address and access your bank account, click on the link below:

http://www.fnb.co.za/H1RhpHCOEOvmgdfVjXHq3AqrnjZr0iUjZPaPyRLaWu6wEVH26lmz7fC9dhks72g6

*********

Note that the "From:" has been reported to vary from e-mail to e-mail, and this represents only one possible example.

Any FNB customer who has received such an e-mail, and has supplied a username and password to the scam Web site, is advised to immediately contact FNB to have their username and password changed.