Exercise caution, do not visit false websites

We are living in an era of the internet and we can fall victim of phishing scams, the South African Police Service share tips on how to avoid being caught in a phishing scam.

On their website, saps.gov.za phishing is defined as an email-based attack when a malicious email is being sent to you with the purpose of coaxing you to disclose sensitive information about yourself.

Online fraud scams you need to know

It is also the most common means of obtaining information to attack an organisation or unsuspecting users.

The false emails often look surprisingly legitimate, and even the web pages where you are asked to enter your information might look genuine. However, the URL in the address field can alert you whether the page you have been directed to is valid or not.

Different emails are being sent to attract the victims. Some emails might refer to your personal information that needs to be updated or validated, and you may be asked to enter your username and password, after clicking on a link provided in this email.

Other emails might even ask you to enter more information, such as your full name, address, phone number and credit card numbers. By just visiting the false website and entering your username and password, the phisher might be able to gain access to more information by logging into your account.

How to deal with phishing scams.

Do not trust poorly written emails with spelling errors or incorrect grammar. Legitimate corporate companies have quality control measures in place that prevent such mistakes.

Do not click on any links in such emails. Rather navigate directly to the website in question.

If you are uncertain about the authenticity of an email rather ask your service provider directly whether it is valid or not.

If possible, visit the company personally or phone the customer contact centres number of their official website (remember not to trust phone numbers in a suspicious email)

Only provide personal or financial information through an organisations website when you have typed in the web address yourself and have seen indicators that the site is secure, such as an URL that begins with “https” (the “s” stands for secure). Unfortunately, an indicator is not a total guarantee that a site is secure; some phishers use forged security icons.

Review your credit card and bank account statements as soon as you receive them to check for unauthorised charges. If your statement is late by more than a couple of days, call the bank to confirm your billing address and account balances.

Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files might contain viruses or other malware that can weaken your computer’s security.

Action steps you can take to avoid a phishing attack

Use trusted security software and set it to update automatically.

Do not send personal or financial information in an email as it is not a secure manner of transmitting confidential information.

Only provide personal or financial information through an organisations website when you have typed in the web address yourself and had seen indicators that the site is secure, such as an URL that begins with “https” (the “s” stands for secure). Unfortunately, an indicator is not a total guarantee that a site is secure; some phishers use forged security icons.

When I check how much money I have left

Review your credit card and bank account statements as soon as you receive them to check for unauthorised charges. If your statement is late by more than a couple of days, call the bank to confirm your billing address and account balances.

Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files might contain viruses or other malware that can weaken your computer’ security.

Several resources are available to handle arising issues online and allow anonymous and confidential reporting:

noc@ssa.gov.za – National Operational Centre

ecs-csirt@e-comsec.com – State Security Agency

phishing@sars.gov.za– South African Revenue Service