Absa fraud warning
Absa has warned customers of a phishing scam where fraudsters send links to fake bank statements that redirect victims to dodgy websites.
The websites closely resemble the official Absa website, just with different URLs, and entering your online banking login details on these sites makes it easier for fraudsters to access your bank accounts.
“Please be aware of a recent scam where fraudsters send emails claiming to contain your latest stamped Absa eStatement,” Absa said.
“These emails typically include a link directing you to download the statement from a website.”
Absa said it will never send customers an email requesting that they click a link to access account statements.
“Always verify the source of any communication and avoid clicking on suspicious links. If in doubt, contact Absa directly through official channels,” it stated.
The bank shared examples of the emails, and the from addresses should immediately raise red flags for customers who receive them.
One of the emails is from “ebanking <[email protected]>”, and another is from “officialmail <[email protected]>”.
Neither of these email addresses resembles the official Absa domain, which should immediately make recipients suspicious.
The second scam email appears to take a different approach, actively warning recipients that they will never be asked to enter their PIN or password.
However, it includes a link to “View eStatement” that can be opened with the recipient’s 13-digit ID number, presumably designed to phish victims’ ID numbers.
Another example, sent from “officialmail <[email protected]>” includes a link to “Open Absa eStatement” and says recipients should follow the easy instructions.
The “easy instructions” presumably require recipients to disclose sensitive information, which can put their identity and bank account at risk.
Besides the obvious red flags raised by the email addresses, the rest of the emails appear fairly legitimate and accurately replicate Absa’s logos and slogans.
Absa account security scam warning
Absa also warned customers of a common scam where fraudsters contact them, claiming that there is a security issue with their account.
They typically claim that numerous devices are logged into the victim’s account and ask the victim to click a phishing link to unlink devices the victim is not using.
“To induce fear, the fraudster uses the phrase: to avoid temporary suspension,” Absa added. “NB: Absa would never send you an email requesting you to click on a link.”
The bank shared an example communication, which includes a fake link for the victim to delink their devices. The message is quoted below.
Fake Absa message to clients
Dear Client,
Your account is logged in to multiple gadgets, to avoid temporary suspension, please click HERE to log out of the device you’re not using.
Absa included an image of the webpage to which the link directs victims. The page convincingly resembles the Absa Internet Banking sign-in page.
However, its URL is completely different: https://pouiyt.tech. As with the email domains in the eStatement scam, this URL doesn’t resemble an Absa URL and should immediately raise red flags.
Another account security-related scam technique used by scammers is the claim of suspicious transactions on victims’ accounts.
“Please be aware of the latest scam where the fraudster pretends to be an Absa staff member,” Absa said.
“The fraudster tries to cause panic by stating that a suspicious IP address tried to log into your Internet banking, and due to this, your service has been suspended.”
They then direct victims to a fraudulent link through which they can supposedly restore their service. Again, these communications typically come from unofficial channels, which should raise eyebrows.
Another technique targets customers with emails claiming their Homeowners Insurance Policy will be renewed at a hefty premium. Absa shared an example of such an attempt sent via email.
This example is concerning, as it appears to be an email from a spoofed Absa domain: Absa <[email protected]>, and has an attachment that supposedly provides more information.
While Absa noted that the email may appear legit, there are still red flags to watch out for, such as the email’s greeting being “Dear Valued Customer”, rather than being personalised.
“Look out for the following: the From: and To: email address is the same, there is no account number or a masked account number would appear, and the email is not personalised,” Absa said.
Loading ...