Something’s Phishy, Unless You’re A Nedbank Client
I’ve been a Nedbank client for, well, since my very first Permlazer card. It’s been a relationship of up’s and down’s, more up’s otherwise I wouldn’t still be banking with them. As it stands, my entire business and personal banking portfolio, except for my bond, is with them.
Lately they’ve been irritating me with the odd unsolicited SMS asking if I need a personal loan. Ironically, it’s an impersonal, generic, spammy way to connect with me. Actually, I mentioned my frustrations while speaking at a conference a while back, which got top management really excited, and received a phone call from client services who promised they’d make my SMS’s go away. No such luck. That’s not the point of this mail.
Gmail, my fav email platform, has a great spam filter. Thank goodness for that. It’s so good however that I regularly sift through the rubbish to check that it hasn’t caught an important business mail. This happens once every 200 or 300 spams, but has saved my skin on a number of occasions (like when I found a personalised email from the CEO of Ernst & Young tucked away in between a Gwammi Mufasta 419 and a ‘Make your pole like iron’ Cialis ad – LOL).
Recently I’ve noticed a shocking increase in the number of ‘phishing’-related emails in my spam folder. According to Wikipedia, phishing is criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication”. A phishing email can be easy to mistake for an email from your bank – everything looks and feels right, but if you look closer, the links don’t quite add up and any info you submit will be captured and re-used illegally.
Yikes.
I’ve picked up a few patterns in phishing mails caught in my Gmail spam. Most conspicuously, Nedbank never features. Or at least not yet. I’m aware they’ve had phishing issues in the past, but I have never once seen a Nedbank phishing mail in my spam folder. FNB looks worst hit, and ABSA and Standard Bank have sporadic mentions. I’ve checked out some of these sites, and they are pretty convincing even to the trained eye.
Please – learn how to tell the difference, use a top quality spam filter, educate less tech-savvy members of your family err on the side of skepticism.
Popularity: 5% [?]
The ODD phone call/SMS?! You must be one of the lucky ones
A lot luckier than me at least.
by Ian
on 01. Jun, 2007
[...] According to Wikipedia, phishing is criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a … …more [...]
by engineering » Blog Archive » Shmuly punk'd the Seattle Post-Intelligencer through social …
on 02. Jun, 2007
Hi
I have read the posting and the responses with great interest. It is important to remember that security in the cyber world needs just as much attention as in the real world. I have attached a few security related issues that we pass on to our customers.
Regards
Ross Linstrom
Standard Bank Press relations
We view our customers’ security as a top priority.
One-time password (OTP)
A one-time password (OTP) is a unique and time-sensitive password used as an added security on Internet banking. The password will be sent to you by email or SMS and is valid for one Internet banking session.
This password will be sent to you whenever you perform the following functions on Internet banking:
Add beneficiaries
Amend beneficiaries
Make once-off payments
Reset your CSP and password. You don’t need to go to a branch
Amend your personal details on the profile page
Pre-paid purchases
The benefit of OTP is that you authorise the transactions on your accounts using a unique password. If you do not have an OTP you will not be able to perform any of the above activities. There is no charge for using the service.
Secure connection
Our Internet banking service complies with international Internet security standards and is built according to the highest encryption specifications (128-bit secure encryption). This means a secure link is established every time you perform an online transaction and that any information you send us can only be interpreted by our Internet banking system. No third party can access any of your personal information. KPMG and Deloitte and Touche have audited our service and secure encryption infrastructure.
Firewall and anti-virus software
These can be downloaded directly from our Internet banking site once you have logged on.
This service is currently free.
Keeping your logon information secure
Remember, to protect the security of your account never give your ATM card PIN, CSP or password to anyone, not even our consultants.
SMS updates
If you register for this service you will receive instant SMS notification when you log-on, when beneficiaries are loaded or amended, when your Internet banking profile is amended and when making a once-off payment. To register for the service, click on Profile, then Notification on the sub menu and follow the instructions.
This service is currently free.
Internet Security Tips
Never allow your browser (Internet Explorer or Netscape) to save your PIN.
Keep your Internet banking, ATM PIN and customer-selected PIN (CSP) safe. Don’t keep them in the same place as your card.
Do not run any program files unless you know where they come from and that they are safe.
Ensure you are on our Internet banking website by checking the address and that the site is secure by looking for the security certificate in the bottom right corner of your browser.
Install the anti-virus package and keep it updated.
Control access to your computer. Do not allow anyone to install programs on your computer without first checking that it is safe to do so.
To access Internet banking, log on to http://www.standardbank.co.za and click on “Internet banking” or type in our full Internet banking address (https://www.encrypt.standardbank.co.za). This is more secure than linking from other sources.
Microsoft patches
Ensure that your operating system and browser patches are kept up to date as these often include important security enhancements. Last year Standard Bank introduced a unique facility that allows you to authenticate and update your Microsoft software, which reduces the risk of malicious programs such as, worms, viruses or spy ware attacks.
step by step guide
Anti-virus and Firewall software
Install and update your anti-virus and personal firewall software. We suggest any reputable anti-virus and personal firewall software such as McAfee, Norton and Symantec. Software can be purchased over the Internet or at any reputable software dealership.
Other compulsory security practices
Do not follow any links in emails to reach our Internet Banking website. Always key in our website address which is http://www.standardbank.co.za, to connect to our Internet Banking website. We recommend you do not use your “favourites” or “bookmarks” in your browser.
Keep your card number(s), customer selected PIN and password(s) secure and never provide or share this information with anyone.
by Ross Linstrom
on 03. Jun, 2007
[...] us surmise using the real example of a blog post I wrote a while back about phishing. Here is an excerpt: I’ve picked up a few patterns in phishing mails caught in my Gmail spam. [...]
by Guerrilla Kindness - Setting The Record Straight | Mike Stopforth
on 27. Nov, 2007