Mweb/Synaq E-mail privacy invasion/ongoing security breach

fragtion

Expert Member
Joined
Dec 26, 2004
Messages
2,899
Reaction score
195
Location
Cape Town
Hi all

I'm an IT support freelancer with a comfortable client base. A sizable proportion of those clients utilize Mweb for their E-mail in some form - either through hosted domains, or because they have legacy accounts on domains such as iafrica.com, icon.co.za, worldonline.co.za, etc -- accounts which they are hesitant to close due to them having already being used so extensively.

I've noticed a disturbing trend that is affecting my Mweb-based clients far more than any of the other clients (including those who use telkomsa E-mail, for instance). These users are persistently receiving mails allegedly from Mweb claiming that their mailboxes are full and that they should change their passwords, which is always positively identified as a phishing scam. But besides for the "your mailbox is full" or "your password is going to expire" messages, I have faced two isolated cases already, where corporate E-mails between two business entities, amidst discussing deals, were actively intercepted by a middle man who then managed to hijack the conversation and trick those clients, the one of whom lost nearly a hundred grand as a result. The reason those clients were tricked was due to the extent of the forgery, as even signatures and E-mail addresses were spoofed. These users also seem to be more prone to phishing scams involving South African branded banks in particular and the human manipulator seems to be based locally - not abroad. In the case of another client, the scammer literally wrote an E-mail to Nedbank asking them to release a sum of money on his behalf. All local stuff.
Since picking up on this trend, I have moved a number of domains away from Mweb/Synaq's hosted platform and those users are reporting that the incidence of such scams has already subsided

I suppose this serves as a caution, based on my own experiences and subsequent action taken - but I'm wondering if anyone else is aware of the same and perhaps knows something about this that I don't? Seems awfully sinister to me which is why I've decided to post it here
 
Last edited:
EMail is the most insecure protocol. So some new mail servres do SMTP over TLS and so their is encryption between servers. But anything in the middle can intercept it. EMail should never be a secure means of communication. POP3/IMAP is also insecure by default, least try enable TLS on that too. Rather use something like Office365 which does everything by ssl and uses tls be default. Email to external users may be not be encrypted.
Although Mweb is a common thing here but there is more in the chain than just that!
 
I agree that E-mail is disastrously archaic and insecure in its current implementation. The problem I have is that my clients are all based in different regions in the country and each utilizing different ISP's for their connectivity, and yet I'm seeing the same pattern and nature of phishing and man-in-the-middle attacks on their mailboxes where the only common denominator is that they are hosted with Mweb. While Mweb are usually very quick to respond to support tickets, their abuse team failed to respond to my concerns in this regard which I find highly disturbing in this context. Caveat Emptor
 
If your clients have their own domain then the answer is Office 365. Microsoft's servers have no failed us once in the last 3-4 years we have been using them. Other providers have failed us so we simply moved all our clients to Office 365.
Sadly if there is any form of social engineering going on there is sweet bugger all you can do about it. Your users/clients just have to be very vigilant.
 
Interesting observation OP.
Absolutely agree on outdated and insecure email hosting.
Would be interesting if anyone picks up on your theory.
 
Top
Sign up to the MyBroadband newsletter
X