Beware, don't be caught!
NB! We will never send you a letter or e-mail requesting you to complete your personal details by clicking on a webpage link in an e-mail other than our home address www.nbctz.com
In view of recent media reports of fraudulent e-mails being sent to customers of one of South Africa's major banks please take a moment to familiarize yourself with the latest online security tips thereby ensuring that you don't fall victim to fraudsters.
This type of online fraud is known as "Phishing" and is most commonly done through fraudulent e-mails (in conjunction with a fake website), claiming to be from a bank or other institution and asking you to confirm your personal details. Fraudsters use various ways of enticing you (see an example of phising e-mail below).
From: ABC Bank [mailto:email@example.com]
Sent: 17 May 2005 02:38 PM
Subject: ABC Bank Email Verification - firstname.lastname@example.org
Dear ABC Bank Member,
This email was sent by the ABC Bank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your ABC Bank User ID and Password.
This is done for your protection - because some of our members no longer have access to their email addresses and we must verify it. To verify your e-mail address and access your bank account, click on the link below:
The link in the phising e-mail links to a fraudulent verification page similar to the one below. Also be on the lookout for a genuine banking website in the background which is often used to create the illusion of authenticity:
Here's what to look out for:
- Deceptive Subject Lines:
These look as if they are genuinely related to the company supposedly sending the e-mail.
- Forged Sender's Address:
An easy deception method to make the e-mail appear as though it has come from the company it is claiming to be.
- Genuine Looking Content:
- Disguised hyperlinks:
E-mails may display a genuine website address, but when you click on it, the hyperlink will take you to a different website. Look out for a long website address as it will take you to the site after the ‘@' symbol. Example:
If you clicked on this hyperlink it would take you to http://fraud-site.com as it is after the @ symbol.
- E-mail Form
These forms containing your personal information are submitted to remote computers, which the fraudsters access.
To make sure you don't get hooked during a fraudster's phishing expedition:
- Never submit your personal details i.e. account number, PIN, Password or Random Verification Number anywhere else than the official NBC Internet Banking login page
- Never click on hyperlinks within e-mails as the hyperlink that you are linking to may be different to the one reflected in the e-mail. Hyperlinks within e-mail can easily be masked.
- Rather type the URL into your Internet browser address bar, or call the company/bank that the
e-mail is addressed from on a number that you have verified belongs to the company/bank.
- Use SPAM Filter Software to reduce the number of fraudulent and malicious e-mails you are exposed to.
- Use Anti-Virus Software
- Use a Personal Firewall.
- Keep Software Updated (operating systems and web browsers)
- Always look for "https://" and padlock on web sites that require personal information. Although this does not guarantee that the site you are entering is a genuine site or that it is secure, the absence of these indicates that the web site is definitely not secure.
- Keep your computer clean and free of Spyware.
- Educate yourself about fraudulent activity on the Internet.
- Check & monitor your credit reports.