It could happen to you
Subject lines such as Security alert, Change your password immediately, or Urgent action required often prompt us to immediately open emails to see what is wrong or what action is required. However, this is the kind of urgent language that hackers often use to get victims to act.
Here are some real-life examples of phishing attempts that duped unsuspecting users.
Sneaky spammers can be taxing
The start of the South African tax season always provides hackers with the ideal opportunity to target South Africans who are preparing their tax returns. In July this year, some people received an URGENT: SARS LETTER OF DEMAND from notice@sars.gov.za. The recipient was warned that they if they did not action the requirements in the attached letter and pay the required amount, they would receive an imminent court summons.
Needless to say, upon discovering the scam, SARS took immediate action and warned users to be aware of suspect phishing emails over the next few months.
For more SARS-related fraud attempts, visit the SARS scams and phishing attacks page.
Gmail users get tricked into clicking on a phishy attachment
Millions of Gmail users received an email from a trusted source, asking them to view an attached Google Doc or GDoc file. Upon opening the attachment, the recipient was taken to a real Google security page and asked to give permission to manage their email account. Once permission was granted, a worm would infect the recipient’s account and also send the same message to the recipient’s contacts.
The attack lasted for roughly an hour before Google discovered and halted it. Google discovered that only contact information was affected, but experts claim it could have been a lot worse if the worm had accessed users’ entire email history – since many people use their Gmail accounts to save confidential information or to reset their passwords. Had the hackers been one step ahead of Google, nearly a billion people could have had their personal information exposed and other accounts hacked.
Natural disaster sparks increase in phishing attacks
Following the devastating aftermath of Hurricane Harvey in Houston, Texas, hackers decided make extra income by exploiting the sympathies of well-wishers. Using a fake website, they pretended to be from the US branch of the Red Cross and asked people to donate funds for those who lost their homes. Similarly, they pretended to be victims of the disaster and asked for support. As soon as authorities got word of these scams, they informed the public to be wary of these types of scams – even if the appeals looked authentic.
Stay alert
These are just a few examples that illustrate the lengths cyber criminals go to when committing their crimes. That’s why it’s important for you to stay updated on the latest phishing trends, so that you don’t fall victim to their scams. Remember to always think before you act, and – to help protect others from danger – report suspicious activity to the relevant authorities (CSIRT, in UCT’s case).