WINDHOEK, Feb. 17: FNB Namibia once again warns customers and the public of targeted phishing e-mails, also known as business email compromise fraud.
“Business email compromise (or BEC) is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds, or revealing sensitive information”, says Johan du Plessis, FNB Chief Risk Officer.
Unlike standard phishing emails that are sent out indiscriminately to millions of people, BEC attacks are crafted to appeal to specific individuals and can be even harder to detect. BEC is a threat to all organizations of all sizes and across all sectors, including non-profit organizations and government Institutions.
“Spotting a phishing email is becoming increasingly difficult and will trick even the most careful user. Having the confidence to ask, ‘is this genuine?’ can be the difference between staying safe or a costly mishap”, adds du Plessis.
Here is some advice that will help customers spot the most obvious signs of targeted phishing emails:
- Think about your usual working practices around financial transactions. If you get an email from an organization you don’t do business with, treat it with suspicion.
- Look out for emails that appear to come from a high-ranking person within your organization, requesting payment to a particular account. Look at the sender’s name and email address. Does it sound legitimate, or is it trying to mimic someone you know?
- Ensure that all-important email requests are verified using another method (such as SMS message, a phone call, logging into an account, or confirmation by post or in-person).
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
- Some emails will try and create official-looking emails by including logos and graphics. Is the design (and quality) what you’d expect?
“If you think you’ve been a victim of a phishing attack, tell your IT department, and the bank as soon as possible. Remember to double-check all seemingly urgent payment requests and stay alert”, concludes du Plessis.
Afrikaans
Wees bedag op Besigheid e-pos kompromie bedrog
16 Februarie 2022: FNB Namibië waarsku weer klante en die publiek van geteikende e-pos phishing, ook bekend as besigheids-e-pos-kompromiebedrog.
“Besigheids-e-pos-kompromie (of BEC) is ’n vorm van phishing waar ’n misdadiger poog om ’n senior bestuurder (of finansiële bestuurder) te mislei om fondse oor te dra, of sensitiewe inligting te openbaar,” sê Johan du Plessis, FNB-hoofrisikobeampte.
Anders as standaard phishing e-posse wat onoordeelkundig aan duisende mense uitgestuur word, is BEC-bedrog gemaak om by spesifieke individue aan te trek, en kan selfs moeiliker wees om op te spoor. BEC is ‘n bedreiging vir alle organisasies van alle groottes en oor alle sektore heen, insluitend nie-winsgewende organisasies en regeringsinstellings.
“Om ‘n phishing e-pos raak te sien, word al hoe moeiliker en sal selfs die versigtigste gebruiker mislei. Vra jouself, ‘is dit eg?’ kan die verskil wees tussen veilig bly, of ‘n duur ongeluk”, voeg du Plessis by.
Hier is raad wat kliënte kan help om die mees ooglopende tekens van geteikende phishing e-posse op te spoor:
- Dink aan jou gewone werkspraktyke rondom finansiële transaksies. As jy ‘n e-pos kry van ‘n organisasie met wie jy nie sake doen nie, hanteer dit met agterdog.
- Wees op die uitkyk vir e-posse wat blykbaar van ‘n hooggeplaaste persoon binne jou organisasie kom, wat ‘n betaling aan ‘n spesifieke rekening versoek. Kyk na die sender se naam en e-posadres. Klink dit wettig, of probeer dit iemand naboots wat jy ken?
- Maak seker dat alle belangrike e-posversoeke met ‘n ander metode geverifieer word (soos SMS-boodskap, ‘n telefoonoproep, aanmelding by ‘n rekening, of bevestiging per pos of persoonlik).
- Bevat die e-pos ’n bedekte dreigement wat jou vra om dringend op te tree? Wees agterdogtig oor woorde soos ‘stuur hierdie besonderhede binne 24 uur’ of ‘jy was ‘n slagoffer van misdaad, klik dadelik hier’.
- Sommige e-posse sal probeer om amptelike e-posse te skep deur logo’s en grafika in te sluit. Is die ontwerp (en kwaliteit) wat jy sou verwag?
“As jy dink jy was ’n slagoffer van ’n uitvissing-aanval, vertel jou IT-afdeling en die bank so gou as moontlik. Onthou om alle oënskynlik dringende betalingsversoeke te verdubbel en wakker te bly”, sluit du Plessis af.
