Hi all
I'm an IT support freelancer with a comfortable client base. A sizable proportion of those clients utilize Mweb for their E-mail in some form - either through hosted domains, or because they have legacy accounts on domains such as iafrica.com, icon.co.za, worldonline.co.za, etc -- accounts which they are hesitant to close due to them having already being used so extensively.
I've noticed a disturbing trend that is affecting my Mweb-based clients far more than any of the other clients (including those who use telkomsa E-mail, for instance). These users are persistently receiving mails allegedly from Mweb claiming that their mailboxes are full and that they should change their passwords, which is always positively identified as a phishing scam. But besides for the "your mailbox is full" or "your password is going to expire" messages, I have faced two isolated cases already, where corporate E-mails between two business entities, amidst discussing deals, were actively intercepted by a middle man who then managed to hijack the conversation and trick those clients, the one of whom lost nearly a hundred grand as a result. The reason those clients were tricked was due to the extent of the forgery, as even signatures and E-mail addresses were spoofed. These users also seem to be more prone to phishing scams involving South African branded banks in particular and the human manipulator seems to be based locally - not abroad. In the case of another client, the scammer literally wrote an E-mail to Nedbank asking them to release a sum of money on his behalf. All local stuff.
Since picking up on this trend, I have moved a number of domains away from Mweb/Synaq's hosted platform and those users are reporting that the incidence of such scams has already subsided
I suppose this serves as a caution, based on my own experiences and subsequent action taken - but I'm wondering if anyone else is aware of the same and perhaps knows something about this that I don't? Seems awfully sinister to me which is why I've decided to post it here
I'm an IT support freelancer with a comfortable client base. A sizable proportion of those clients utilize Mweb for their E-mail in some form - either through hosted domains, or because they have legacy accounts on domains such as iafrica.com, icon.co.za, worldonline.co.za, etc -- accounts which they are hesitant to close due to them having already being used so extensively.
I've noticed a disturbing trend that is affecting my Mweb-based clients far more than any of the other clients (including those who use telkomsa E-mail, for instance). These users are persistently receiving mails allegedly from Mweb claiming that their mailboxes are full and that they should change their passwords, which is always positively identified as a phishing scam. But besides for the "your mailbox is full" or "your password is going to expire" messages, I have faced two isolated cases already, where corporate E-mails between two business entities, amidst discussing deals, were actively intercepted by a middle man who then managed to hijack the conversation and trick those clients, the one of whom lost nearly a hundred grand as a result. The reason those clients were tricked was due to the extent of the forgery, as even signatures and E-mail addresses were spoofed. These users also seem to be more prone to phishing scams involving South African branded banks in particular and the human manipulator seems to be based locally - not abroad. In the case of another client, the scammer literally wrote an E-mail to Nedbank asking them to release a sum of money on his behalf. All local stuff.
Since picking up on this trend, I have moved a number of domains away from Mweb/Synaq's hosted platform and those users are reporting that the incidence of such scams has already subsided
I suppose this serves as a caution, based on my own experiences and subsequent action taken - but I'm wondering if anyone else is aware of the same and perhaps knows something about this that I don't? Seems awfully sinister to me which is why I've decided to post it here
Last edited: