By Kaya 959 News
According to Cybersecurity firm, J2, Post Office scams are rapidly increasing.
The firm’s CEO, John Mc Loughlin warned that scams are lulling unsuspecting people into believing there is a package for delivery.
“The email is made to look like a notification from the South African Post Office and prompts the recipient to make a payment to have the parcel delivered,” he said.
Loughlin said the South African Post Office does not require customers to make any payment before parcels are released.
“The cybercriminals bypass your email security by using a trusted service and website like Survey Monkey. If you click on the fake payment link, you are directed to the Survey Monkey page that the cybercriminal has created,” he said.
Criminals steal credit card information
Mc Loughlin explained that most people don’t realise this is a Survey Monkey site and they are then enticed to click to be redirected to the criminal’s fake payment page.
“You are then asked to insert your credit card details to make payment for your delivery. At this point the criminal will be stealing your credit card information,” he said.
Once the person is redirected, the cyber criminal’s fake landing page will request payment. To make it look authentic, the criminal syndicates copy the logos of trusted South African payment gateways. This entire process is fake, these criminals are out to steal information.
Their next step to complete the card theft is to get the person to enter the card PIN. Sadly, many people are still convinced this is real and when they enter their PIN, the criminal will have all they need to sell the card details and also use it.
“The attacker will keep you there as they now have an automated process to not only steal your card number and PIN, but they will process a transaction if you’ve given them the correct details. The next step to process their stolen goods is to get your OTP,” Mc Loughlin said.
Here are some guidelines to prevent being scammed in future:
Know that you are the target, everybody is
Check the sender’s email address
Deploy a layered, monitored and comprehensive cyber resilience program
Take note of the URL of every webpage you are directed to
If you didn’t request something, then it is fake
Check that you are using only known and trusted websites
NEVER enter your PIN or give it out over the phone
Educate your users, friends and family
If you are unsure, verify the authenticity with a little bit of research and do not rely on information contained in the email you receive
Without a layered cyber resilience program, these criminals cannot be stopped. Also, cyberattacks evolve daily, so it’s important to question every unsolicited email, call and payment request received.