The South African Banking Risk Information Centre (SABRIC) is warning people about coronavirus scams which include spoofed emails, phishing websites, and SMishing.
SABRIC said cybercriminals are exploiting the spread of coronavirus for their own gain by using panic to spread coronavirus scams.
“Coronavirus scams exploit people’s concerns for their health and safety and pressure them into being tricked using social engineering,” SABRIC said.
These new scams include spoofed emails offering products such as masks, or fake offerings of vaccines that lead to phishing websites.
These emails come from seemingly realistic and reputable companies which manipulate people into clicking on links.
Some of these websites prompt the user for personal information which ends up in the hands of cybercriminals.
Cybercriminals are also using SMS Phishing, known as SMishing, to trick victims into clicking on a link disguised as information about a coronavirus breakout.
Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the coronavirus.
The links take people to landing pages which are specifically designed to deceive people and steal their credentials.
Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.
SABRIC urged bank clients to take note of the following tips to protect themselves against Phishing and SMishing:
- Do not click on links or icons in unsolicited emails.
- Never reply to these emails. Delete them immediately.
- Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm.
- Check that you are on the authentic/real site before entering any personal information.
- Do not click on links or icons in unsolicited SMSs.
- Do not reply to these SMSs. Delete them immediately.
- Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.
- Regard urgent security alerts, offers or deals as warning signs of a hacking attempt.