In a recent article by the Mail and Guardian newspaper Informal consensus within the private sector saw South Africa ranked third, behind Russia and China in terms of cybercrime. It is with this in mind that the South African Banking Risk Information Centre (SABRIC) has issued a warning to banking customers about email hacking and other related cyber-crimes. This follows numerous reported incidents where banking customers’ email accounts have been hacked and hackers attempted to give instructions to banks as if they are the banking customers.
SABRIC CEO, Kalyani Pillay defines email hacking as “a criminal act where criminals illegally access an email account and communicate as if they are the user”.
They do this by stealing account holders’ usernames and passwords through phishing or other means, to trick users into disclosing their details. They then utilise the compromised information to access and use the user’s email account.
From reports to SABRIC, it is clear that the most targeted email services are those that are free as they do not require any special configuration or usage consent.
Bank customers are encouraged to tighten their online security and to scrutinize all emails especially those that purport to be from email service providers such as Yahoo or Google with content similar to the bullets below:
- Your email is full and you must use the link provided to delete messages or increase your mailbox size or
- Important and for immediate attention: Please log in using the link provided
- We are experiencing congestion due to anonymous registration of accounts and are closing some email accounts. Please verify that you would like to retain the email account by logging on through the link provided,
Other tactics that criminals use include posing as an organization such as SARS and requesting you to log on to your email account through the provided links to access your online tax information. Once you have clicked on the hyperlink, you will be requested to provide your username and password which will then be routed to the criminals and used by them to sign onto your account as if it’s you.
There are a number of signs that are clues that your email account may have been hacked and they include the following:
- Complaints about spam being sent from your email address
- Receiving large numbers of undeliverable or bounce messages which you did not send
- Unknown emails appearing in Sent items folder
We would like the public to guard their online identity carefully by constantly changing and devising complex passwords that cannot easily be guessed and to follow these tips:
- Never list your main e-mail addresses publicly anywhere. This includes online advertisements; blogs or any place where it can be harvested by spammers
- Use a separate email address for the internet which is not linked to your personal or business e-email account.
- Make sure that your PC or mobile is updated with the latest OS updates and anti- virus/malware software
- On a secure PC, log into your e-mail and then check whether or not any of the setting have been changed by a hacker. If any of the settings have been altered, delete the new settings.
- Once you have changed the settings, create a new password, and add your secondary e-mail account as your alternative address.
- Don’t use public computers to check e-mails; there’s virtually no way to know if they are infected with malware accidentally, or have key logging spyware installed intentionally.
- Do not leave sensitive documents like bank statements in your inbox. Rather save them elsewhere and delete the original mail with annexures.
- Do not give logical answers to security question for which someone may be able to guess the answers
- Ensure that you have a very good relationship with your bank so that the bank will be able to identify and confirm any unusual requests purporting to come from you.
- Do not make use of software that purports to be able to hack emails as this software may in itself contain malware that will compromise you.
- Monitor your bank accounts to check that no irregular activity has taken place without your consent or knowledge.
- Register for sms notifications so that you are notified of any transaction on your bank account.
- If you use a public webmail such as yahoo and gmail, please ensure that you enable two factor