Spotted in the Wild

Crafty Cyber Criminals

The Covid-19 pandemic has brought previously unforeseen difficulties to the workplace, forcing the world to retreat to the safety of their homes. For capable industries and companies, employees were tasked with working from home to sustain the economy while quarantine protocols are in effect. On the other hand, cyber criminals have become increasingly crafty and are constantly improving their techniques to take advantage of any vulnerabilities with people being one of their main targets. Their schemes are moving away from the initial ‘Covid-19 Fake-Map’ malware campaign we saw in February/March this year to efforts like taking a page from the social engineering handbook and attempting to exploit people with loss of income. Here are some of the criminal techniques that have been observed over the past few weeks and which one should ideally be aware of.

Loan scam pretending to be RCS

Delivered via email as a word document, cyber criminals are creating loan offers to scam people into providing them with personal and financial information like bank account numbers, addresses, ID numbers, and so on. The scammers utilize the names of well-known credit lending companies, in this case RCS Group, in their phishing schemes.

The most recent we’ve observed is the document shown below that was created on 06 May 2020 at 22:37 according to the metadata embedded in the file.

‘Epayorderform’ login scam with fake Capitec page

In this particular scam an html document (offline web page) is delivered via email. Opening this document opens an innocent-looking Capitec Bank login page. The page itself is fake and forwards all details provided to an unknown party. This will not log a user into their banking account but instead steal their credentials. Should someone fall victim, they could find their bank account drained of funds, unauthorised credit applications and in the worst case, have their identity stolen.

Loan Scam for fake Wonga.Com

This was a PDF attachment to an email with no body (i.e. no text). The noted consultant and email addresses are fake. The domain, consultant.com has also been seen used in other phishing scams dating back to 2011.

Cyber criminals are for the most part very crafty people. Campaigns like these are distributed to hundreds of thousands of accounts in a matter of hours and can be sold and replicated by a multitude of other would-be-hackers. They are not all that difficult to do and the chances of success are high, even if the rate of success is only 1 in 10000. Consider that any information gathered can and will be used for profit in some way or another. This may include the sale or auction of it on the black market of the internet, aka the dark web, and can be circulated in this manner for many years.

TIPS

Avoid falling for scams like these by taking the following precautions …

  1. Always double-check the intended recipient of any e-mail and the reply-to address.
    • Emails should be addressed directly to the intended recipient
    • The reply-to address should end with the same domain (rcs.co.za, capitec.co.za, wonga.com) as the company it originates from.
  2. If unsure, navigate directly to the company/provider’s website.
    • Banks and credit providers offer their services directly on their respective website and have safety measures implemented to protect user information.
  3. If it seems suspicious, it probably is.
    • Look at the type and formatting of the document received. These are usually riddled with small errors.
  4. Inquire or report the incident via official channels.
    • A quick call to the respective provider’s call centre will confirm the validity of the email/request.
    • Report incidents as soon as possible