Standard Bank Phishing e-mail
Jan
16
Written by:
2009/01/16 11:17 AM
Yesterday I received this e-mail. I have taken out any url links for security purposes. The e-mail stated that it was from standard bank and that I have been using my credit card for two accounts. IT also stated that I needed to go to their website to correct the errors. But it is clearly a phishing e-mail.
Yesterday I recieved this e-mail. I have taken out any url links for security purposes. But it is clearly a phishing e-mail.
************************************************
Dear Standard Bank client
________________________________
Closing Accounts and Limiting Account Access
This is your official notification that your account has been Limited. We recently reviewed your credit card and it seems that you are using the same credit card for 2 accounts. As you can read in our User Agreement ( section 5.11 ) opening multiple accounts is strictly forbidden. You are now requested to provide information relevant to your account. Standard Bank will investigate the matter promptly and if the investigation is in your favor, we will restore your account.
* Standard Bank Email ID PP812B22
________________________________
How can I restore my account access?
Click here and complete the steps to remove limitations.
Completing all of the checklist items will automatically restore your account access.
Thank you for using Standard Bank!
The Standard Bank Team
Copyright © 2007 Standard Bank Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. Standard Bank is located at 2211 N. First St., San Jose, CA 95131.
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Standard Bank account and choose the "Help" link in the footer of any page.
*****************************************************
This is clearly a phishing e-mail. How do I know. Well a few things are obvious.
- I have a Standard Bank rules and junk mail rules set-up in my mail client. The first thing I noticed was that this was sent to the junk mail folder. Any legitimate Standard Bank e-mail, would have gone to the Standard Bank folder.
- Next, I have definitely not used my credit card on two accounts. In actual fact, I am in a bid of a bind, and my credit cards have been put on hold. A process I initiated myself to help me with my financial situation.
- Then, the most obvious is the url found linked to the "here" in the "Click here to ..." portion of the e-mail. The first thing you notice is that the TLD, or Top Level Domain is something suspect. Standard bank is a registered TLD at standardbank.co.za. The redirect to the so called page to fix your so called credit card problem definitely does not come from standard bank.
- The normal Standard Bank web pages have a URL that tell you that the page is securely encrypted: https://www12.encrypt.standardbank.co.za/ibsa/InternetBanking. If you are unsure about whether it is or isn't a scam you can also check out their Security Centre online which provides you with information on current and past phishing methods used to get you to submit you details: https://www.standardbank.co.za/secure/securitycentre/phishing.html
- Then, all the banks in South Africa have explicitly said that they will never require you to edit or input any account details over the internet. For this, you have to go into your branch with positive ID in order to change or update those details. Details like phone numbers can be changed on the internet, but never account details.
- Also, I did a Google search on the subject of the e-mail, "Closing Accounts and Limiting Account Access", and found various different forms, some for eBay, some for Amazon, some for banks in the UK and US.
- Lastly this is reported and published on various phishing watchdog blogs and sites, one of which is http://www.millersmiles.co.uk/report/5632
So what is phishing then? According to Webopedia: "(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information."
You can read more about this on Wikipedia and Webopedia.
So, basically its an e-mail claiming to be a legit organisation, trying to get you to browse to a bogus website and bogus web page, to solicit and get financial information and personal banking details out of you. This is then used to defraud you or your details used to purchase large amounts of goods and paying for them out of your account.
So what do you do. The obvious, is to just delete the e-mail. But if you have been unfortunate enough to be conned into actually giving away your details. I would suggest you contact your bank immediately and put stops on you accounts and credit cards.
I would appreciate a little feedback. How many of you have received this e-mail or one similar? What other phishing type e-mails have you received? Have you or do you know of any one that has been caught out by such a scam?
Let me know, drop us a comment..
blog comments powered by