Cyber Alert: Phishing and Spoofing

De Wet De Villiers

Cyber-crime has risen tremendously over the years, with cyber-criminals continuously looking for new ways to defraud victims. The main motive behind cyber-crime is financial gain, and evidently large losses in terms of money and protected information. It involves any crime that is committed using a computer, network, or hardware device.

According to Timeslive, in 2018 South Africa had the third highest number of cybercrime victims worldwide, losing about R2.2 billion a year in cyber-attacks. And, as the attacks become more sophisticated and more frequent, we are reminded yet again to educate ourselves about cyber-crime.

We hear all the jargon and get daily warnings about identity theft, viruses, malware, and phishing and spoofing; but what does it really mean? Since knowledge is power, we have decided to provide information on two of the most common types of cyber-crime, namely phishing and spoofing.

Phishing

Phishing is extremely popular amongst cyber criminals, because they easily trick people into giving up their private and sensitive information. By disguising themselves as trustworthy entities, they steal anything from usernames and passwords to credit card details and identity information.

The cyber criminals aim to make the receiver believe that they have received an email, SMS or WhatsApp message from a trustworthy company or source, such as a bank, SARS or insurance company. They even go so far as to make you believe that you are connected to a trusted website, such as your bank, when it is actually not the case.

This is also where web spoofing comes into play.

Spoofing

As strange as the name may sound, spoofing is also a form of forgery. For example, a cyber-criminal may create a hoax website that is almost identical to the original (real) website. This will allow the criminal to extract confidential, and very often financial information from unsuspecting users.

In other words, spoofing is when a cyber-criminal disguises communication, through deceptive emails and forged websites, to obtain personal and confidential information from innocent users.

Tips

Fortunately, there are ways in which we can protect ourselves from these criminals. Users can use the following actions, as identified by Lesameet alia, to protect themselves from spoofing and phishing:

DO

Pay attention to the salutation in the email. It should mention your full name.
Open your browser, and type the link to the site on the address bar yourself.
If spoofing is suspected, login by typing any characters. Some new spoof versions display ‘login failed’ in any case, so it doesn’t raise suspicions. Thus, your login failure is not an indication that the website is authentic. Watch for further clues.
Know that financial institutions are very aware of spoofing and will not contact you by email if there are account problems.
Know that no bank will ask you to enter your credit/debitcard PIN number, or driver’s licence number, online for authentication purposes.
Examine the URL on the address bar. If it contains numbers followed by the website’s name, it is a spoof. A hijacked URL bar is shifted and blurry. Examine cookies and the status bar.

DON’T

Believe an email if it greets you by your email address or “Dear customer”.
Click on a link to a site in an email or from a chat room.
Try to login immediately. Look for suspicious give-aways. Even if a ‘login failed’ message asks you to try again, do not enter your real login name and password, but watch for more clues.
Panic if you receive an email about accounts problems.
Give or enter your PIN number. No bank will request such information online or by phone.
Continue if the address bar doesn’t clearly show the real web address. If in doubt, close the browser, then re-open and re-type.

Source: Lesame, Z, Mbatha, B & Sindane, S (eds). 2012. New media in the information society. Pretoria: Van Schaik.

014 592 1077

info@dwdv.insure

67 Brink Street, Rustenburg

Cyber Alert: Phishing and Spoofing