Standard Bank Spoofed Business Email Compromise BEC.

Standard Bank Spoofed Business Email Compromise BEC

Standard Bank Spoofed emails.

Like most South Africans, we receive many spoofed BEC Standard Bank emails, weekly. Currently, Standard Bank Spoofed emails are the greatest number of spoofed BEC emails in my spam folder. Luckily for us, most of the spoofed emails end up in our junk mail folder due to SPF settings from Standard Bank. Many are not so lucky nor aware of BEC and Email Spoofing, and some will not only follow the spoofed links but will also complete the forms thereby handing over passwords and user names. Some of the emails are easily spotted like this example I received recently while others spoofed BEC emails are much more professional and harder to spot. In this example, the standard bank SVG logo was not correctly nestled in the email. Making it easy to spot.

The same email above and below, the above email is HTML and the same email below is converted to plain text to expose fraudulent URLs. 

Zero Trust Policy

My email client is set to view all emails as plain text and I view all emails with the Zero Trust policy. While these tasks might come across as tedious and paranoid, Zero Trust Policy is recommended by all top Cyber Security Professionals as not only are the spammers getting the spoofed mail to look more like the real deal, they are correlating user’s online details as well as their offline details.

Standard Bank Internet Payment Confirmation Phishing email

Spoofed Email headers, receiver email is correct, but no Client ID
View/Approve HTML makes the Phishing URL  

Standard Bank ATM Payment Notification 12-08-2022 Scam

Standard Bank ATM Payment Confirmation 15-08-2022 scam.

Standard Bank Redeem your UCount R15,800 reward points today scam.

Standard Bank Redeem your UCount R15,800 reward points today scam email as plain text with the masking HTML removed.

Standard Bank Spoofed Business Email Compromise BEC

Standard Bank Recommendations to counter been spoofed.

Spotting a fake Standard Bank email: https://www.standardbank.co.za/southafrica/personal/products-and-services/security-centre/bank-safely/latest-scams

Fraudsters are sending phishing emails in an attempt to lure you into sharing your banking details. Beware of fake eStatements or bank notifications that require you to take an action like a click-through or attachment to download.

How to tell the difference between a fake Standard bank email from a real one:

• We will never greet you by your email address. We always use your name.
• We will never ask you to confirm personal or financial information in an email.
• Always verify emails telling you about suspicious account activity by calling your bank.
• Scam emails often look odd, with a messy layout and spelling mistakes.
• We will never ask you to enter your email address and Internet Banking password to open a statement; eStatements only require you to enter your ID number.
• We will never link you directly to our Internet Banking sign-in page or any other page that asks for your security or personal details via a link or attachment.
• We will never email you links requesting your bank sign-in details, such as CVV, OTP or ATM PIN.

How to protect yourself from this type of fraud:

• Ensure that you use anti-virus software to protect your PC, laptop and mobile devices.
• Hover over links to check the senders’ identity but do not click.
• Look for strange links with numbers, hyphens, misspellings or sub-directories.
• Search for the sender’s details and verify that they are legitimate.
• Beware of unexpected emails – Be cautious of opening any emails that you weren’t expecting (even if you think you recognise the sender), and don’t open any links or HTML attachments.

What you can do:

• Even if you’re unsure, you can send any suspicious e-mails to phishing@standardbank.co.za
• If you are worried that you’ve clicked on any of the links or attachments on a phishing email, contact our Fraud Line immediately on 0800 020 600
• Delete these emails from your mailbox as soon as possible

View phishing sample emails to learn more.

https://www.standardbank.co.za/southafrica/personal/products-and-services/security-centre/bank-safely/scams 

Standard Bank Important Update About Your Insurance Policy scam.

Standard Bank Important Update About Your Insurance Policy scam email as plain text with the masking HTML removed.