Phishing - First Capitec email recieved

R

rodga

Honorary Master
Joined
May 9, 2007
Messages
11,682
Reaction score
1,680
Location
Gauteng
First time I received one of these from Capitec, usually only get from the other big 4 banks.
So just a heads up.

[email protected]. <info@capi_alert.co.za>
Notice of Deauthorization


Dear Client,

Some vital details on your access profile have
been changed or incomplete, as a result your access to
use the service has been temporarily limited.

To restore your online access, kindly update your profile details by
following the reference below.

Login to continue

These features are made to provide the best protection to you as failure
to adhere may affect your future online access.
Click to expand...
 
Mine is different:

Delivered-To: [email protected]
Received: by 10.27.12.32 with SMTP id d32csp188770wli;
Fri, 17 Apr 2015 17:27:27 -0700 (PDT)
X-Received: by 10.194.21.193 with SMTP id x1mr10221488wje.144.1429316846913;
Fri, 17 Apr 2015 17:27:26 -0700 (PDT)
Return-Path: <[email protected]>
Received: from arctos.dima.hu (arctos.dima.hu. [80.249.167.208])
by mx.google.com with ESMTPS id bn6si21272874wjb.29.2015.04.17.17.27.26
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 17 Apr 2015 17:27:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 80.249.167.208 as permitted sender) client-ip=80.249.167.208;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 80.249.167.208 as permitted sender) [email protected]
Received: by arctos.dima.hu (Postfix, from userid 1852)
id 9EDEE1A03580; Sat, 18 Apr 2015 02:25:54 +0200 (CEST)
To: [email protected]
Subject: Online access message
From: Capitec services <[email protected]>
MIME-Version: 1.0
Content-Type: text/html
Message-Id: <[email protected]>
Date: Sat, 18 Apr 2015 02:25:54 +0200 (CEST)

We discovered some details on your profile are imcomplete<br>
during our routine online service maintenance.<br><br>

You are required to take a few minutes of your online experience to<br>
confirm your internet banking profile records.<br><br>

<a rel="nofollow" target="_blank" href="http://www.fotosantosmanaus.com.br/damo.php"><b>Update online access</b></a><br><br>

You could experience future problems with your internet banking<br>
access by failing to comply to this feature.<br><br>

<b>Ebanking service
</b>
Click to expand...
 
Receive these emails on a regular basis, along with other banks (some of which I never banked with), sars and one traffic fine as well.

As a rule of thumb, never click on links in email, never give full client/account details over the phone and do not share your password/pin with anyone.
 
I get about twenty scam emails a day... better to ignore most of them...
but this one was also a new type....
 
How will they even go about taking your money I wonder? They would need your token generated pin for every little thing they do, first to login, then another one to create or change a beneficiary, then another one to do a payment to said beneficiary...
 
supersunbird said:
How will they even go about taking your money I wonder? They would need your token generated pin for every little thing they do, first to login, then another one to create or change a beneficiary, then another one to do a payment to said beneficiary...
Click to expand...

Some of the syndicates that know how they operate create more elaborate fraud - the fake website that you log into will pass the login credentials and token to the official site. Every time the fraudster requires a token they'll trigger a request on the fake site.

I've seen a fake absa site like that; when you log in to absa, you are requested to complete missing characters (random) of your password. The fraudster website will trigger a "failed" password request a couple of times or ask it often, thus increasing the chance of capturing your complete passphrase. I don't have an absa account, but I could "log in" with phony credentials on the phony site.

With lots of patience and a hell of a lot of luck, they can gain access to your accounts.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X