Email Hacks South Africa: Business Email Compromise BEC.
Business Email Compromise BEC and Spoofing Email Spike in South Africa.
If in doubt delete.
Business Email Compromise BEC and Spoofing Email Spike in South Africa.
Business Email Compromise BEC and Spoofing Email Spike. South Africa is now a world leader in cybercrime. South Africa leads the world in the number of Ransomware Email Spoofing, Smishing, Vishing and Spear Phishing attacks on business and end-user customers with Domain-spoofing and email-spoofing becoming the mainstream attack vectors. Syndicates have been emboldened after the Transnet Ransomware Hack matched with the fact that South Africa has extensive IT systems that do not reflect the end user’s education and training in cyber security.
Many new Board appointments on the Johannesburg Stock Exchange have Financial and Accounting qualifications, no new Board appointees come with IT Security backgrounds. Simply put, South African businesses, both Corporate and Small to Medium Businesses are not proactive in the education or training of employees in the detection of these cybercrimes until they have been Spoofed.
If in doubt delete.
Zero Trust Policy
In the last 30 days in South Africa, we have experienced the greatest rise in Spoofing and Business Email Compromise BEC. The new scam targets customers and employees who are authorised to make payments with invoices with false banking details. These emails are exact matches of company emails, either spoofed or from hacked accounts. Many users who are working from home may not have the same protection company IT systems provide. The remote working creates interruptions in inter-employee communications and the syndicates are taking advantage. These emails look legitimate as they are spoofed email addresses with the correct headers and logos.
If in doubt delete.
Zero Trust Policy
Business Email Compromise BEC What to do:
If in doubt delete. Zero Trust Policy.
Users to be trained in security best practices and simulations like not to open attachments before verifying.
Ensure the domain visible in the received email is associated with the business it was emailed from.
Make sure the address to:field section in the email client email matches your email address.
Do not open if the senders and to:field emails are the same.
Do not open emails with attachments and invoices addressed to undisclosed recipients.
Do not follow drive links, like Google Drive or Dropbox links, to download invoices or other content from unrecognized, undisclosed recipients or non-first-tier friend contacts.
Be aware of colleagues or clients informing you of mysterious emails coming from your accounts.
Turn off links and images in the email client. If in doubt drop the email in the junk mail to check links.
Link hover, use the mouse and hover over the links in the email to check if they match the sender’s domain.
Latest patches and updates to all software. Most attacks are not detectable by anti-virus software at the home user level nor at the Corporate level.
Do not list the accounting or admin emails online. Use a generic info@ for websites and social media.
Question all marked as urgent payment emails and unplanned payment instructions as suspicious. Contact, preferably face to face, the co-worker or line manager that issued the directive. Social engineering exploits our compliance when issued with a directive from an authority figure. Any changes to Beneficiary Banking details must be verified if possible, using traditional methods or original contact details. If in doubt check with your line manager.
Great reading from The State of Email Security 2020
For security awareness training https://www.knowbe4.com/
Text Message Scam with Telegram Phishing Link
Don't Fall for the Fake Favour: Text Message Scam with Telegram Phishing Link. Stop, pause evaluate.Don't Fall for the Fake Favour: Text Message Scam with Telegram Phishing Link. Stop, pause evaluate. Have you received a text message form +27...
Justice Department eviction notice scam
Justice Department eviction notice scam. Do Not Click on the link. Justice Department eviction notice scam. Do Not Click on the link. The eviction notice phishing scam was easy to spot as the spray mail is addressed to Undisclosed recipients:The use...
Ayanda Ndlovu Department of Health Tender scam
Ayanda Ndlovu Department of Health Tender scam. Stop, pause evaluate.Ayanda Ndlovu Department of Health Tender scam. Stop, pause evaluate. The Ayanda Ndlovu Department of Health Tender scam is easy to spot because who sends out health department...
Takealot SMS smishing scam
Takealot SMS smishing scam. Smishing or SMS/text message phishing use of text messaging to steal personal information, money and fraud.Takealot SMS smishing scam. Smishing or SMS/text message phishing use of text messaging to steal personal...
Spam Text Message Smishing: SMS phishing
Spam Text Message Smishing: SMS phishing. A USDT Token Airdrop phishing scam is a deceptive scheme designed to steal your cryptocurrency by exploiting the allure of free tokens. USDT Token Airdrop phishing scam. A USDT Token Airdrop phishing scam is...
What I Do.
I specialise in Digital Footprints for new Startups and Identities struggling to be found in Search.
Google Maps Marketing Local SEO
Google Maps Marketing Local SEO is the art of optimising your online presence and increasing foot traffic to your local based business.
SEO Content Copywriting
SEO Digital Content Copywriting is the art of copywriting keyword/phrase content that is found in search results that converts.
WordPress Websites
WordPress is an open-source versatile content management system CMS for users to create easy functional beautiful looking websites that is found in search
WordPress SEO
WordPress SEO is the art of of getting your WordPress Website Pages on #Page1 of Organic Search Results for your Keywords/Phrases/Products/Services to your (best converting) target audience.
Let's Work Together!
Contact SEO Cape Town.
5 Clarendon Court, Melrose Road, Muizenberg, Western Cape 7945, South Africa VFR9+XP Lakeside, Cape Town
(+27) 060 904 5988
Email Me
Follow Us
First Peoples Land Statement
Search Engine Optimisation Marketing operates on the traditional, ancestral and unceded lands of the San and Khoe peoples. I wish to acknowledge the lands of the First Peoples we now occupy.