Posts

Phishing

Oh, the joys of sitting down and enjoying a sip of your favourite drink whilst you wait for the fish to bite! “Open your eyes, yes, you!” No, we are not really fishing; however, and ironically, if you do not open your eyes and become more aware of another form of fishing, you will not be having a good time at all.

What is Phishing?

Phishing is a form of cybercrime where a target or targets are contacted by email, text, or telephone by someone posing as a legitimate institution. Their goal? To lure individuals into handing over sensitive data such as personal or company identifiable information, passwords, credit cards, and banking.

How to be more aware of Phishing?

  1. Phishing emails and text messages often look like they are from a company or individual you know and trust. You may have seen emails where it appears to be from your bank requesting information from you. These are the most dangerous;
  2. Phishing emails and text messages often come with a lengthy explanation encouraging you to click on a link or open an attachment. If it seems at all odd, do not open or click;
  3. They often tell you that they have noticed suspicious activity or log-in attempts against your account (which is the ultimate eye-blind), and want you to confirm your personal information so they can help you;
  4. Phishing emails will often include a fake-looking invoice which you immediately want to click on;
  5. Some phishing emails or messages will tell you that you have qualified to receive a government refund;
  6. The email may offer you a coupon where you can receive free stuff.

Phishing

What steps to take to protect yourself and your business against phishing attacks

  1. Before clicking on anything, first, contact the third party with the contact details you usually use. Then, validate if they sent you any emails or SMSs that requires personal information;
  2. Educate yourself and your staff about the dangers of phishing attacks. Teach them how to recognise these emails and messages (we run a fantastic Cybersecurity Awareness Training Program);
  3. Protect all your computers by using updated and automatic security software;
  4. Look after your mobile phones by ensuring you have the latest and automatically-updating software;
  5. Safeguard all your online accounts by upgrading to multi-factor authentication. This is where two or more credentials are needed in order to log in, and this could be a password married with a pin code or for phones, often a fingerprint or face recognition software. Multi-factor authentication deter scammers from logging in to your accounts;
  6. Back up your data on all devices. Make sure those backups are cloud-based and not linked to your home connection. (Dropbox and OneDrive are not backup solutions)

If you are at all unsure or suspicious about a possible phishing attack, please do reach out and let us assist you.

For more about what we are about and what services we offer, do reach out to us by heading on over to our about and services pages or simply giving us a call on +27 21 556 3524.

We look forward to welcoming you into the Complete IT Business Solutions family.

phishing scams

The COVID-19 pandemic has had such far-reaching effects that fraudsters are stepping in and taking advantage. How? Cyber-attacks come in many packages from phishing scams and fraudulent products to insolvency fraud and misappropriation of assets. The demand for PPE has created a perfect environment for cybercriminals to develop fraud schemes. And, South Africa has seen plenty of cyber-attacks recently.

Currently, with the way businesses are operating – with staff working from home – many employees are more susceptible to fraud such as phishing scams, vishing, and zoombombing. Many companies have had to attend to quick internal changes for their business to cater to remote working. In their haste, they may have underestimated the importance of IT security tools or how remote working limits these.

Phishing Scams

Email phishing scams are carried out online by tech-savvy fraudsters and identity theft criminals. What they do is use fake websites that look identical to real websites and emails. In this way, they trick employees into divulging sensitive information. And then what? Well, it’s not just about stealing your money, they can also use your information to create fake accounts in your name, ruin your credit, and steal your identity.

South Africa’s Latest PPE Procurement Scam

The most recent phishing scam has been tricking companies that supply PPE goods and services to government. In this case, it was face masks. National Treasury has put out a notice warning suppliers of the phishing scam. The scam came in the form of receiving a fake Request For Quotations requesting provision of face masks, disposable aprons, safety goggles, PVC books, gloves, and sanitisers. With a very scary twist, when one goes to search for the specific item in question (and, often the RFQ is for a very specific PPE), you are taken to a website which has an amazing special on that item.  So, it stands to reason that these phishers have researched thoroughly on this particular scam.

It’s important to remember that the onus remains with suppliers to ensure the RFQs are legitimate and need to verify their validity themselves. Fraudsters are using departmental letterheads to send out fake tenders to companies and requests to supply equipment and goods.

The National Department of Health has alerted the relevant law enforcement authorities to investigate the scam. If you suspect that you are a victim of a scam urgently contact the police and the NDoH.

How to Identify a Phishing Scam

Phishers often look legitimate – with their website looking real and their message seemingly genuine. Here are some tips for identifying a scam:

  • Requests for confidential information come in over email or instant message;
  • The use of emotional language, scare tactics or short deadlines to meet; often gets you to respond quickly;
  • Misspelled URLs and the use of sub-domains for example correct domain for Department of Justice – someone@nullhealth.gov.za – what a typical fraudster would use could be someone@nulldohgov-za.co. Both are valid and usable domains, but the one is totally fake.
  • Links within the body of a message;
  • Lack of personal greeting or customised information;
  • Contact person’s name and telephone number don’t correspond to the correct business details;
  • Banking details of fraudsters are in a private name, not a business name, however not always. We have seen a fraudster that set up a valid company with a proper company bank account with Nedbank.

How can we help you?

At Complete IT Business Solutions, we offer a system audit and can set your business up with top IT security tools, antivirus software protection, firewall, and anti-spyware protection to ensure you avoid cybercriminals and threats to your business. Let us worry about the technical part, while you focus on the critical things.

For a free system audit, reach out to us here
Email us or
phone on +27 21 556 3524.

And, please do follow us.