Beware of latest Standard Bank phishing attack

8 Aug 2018 - 11:00

We are aware of a new Standard Bank phishing attack which is currently doing the rounds. The cybercriminals are spoofing Standbard Banks’s ibsupport@standardbank.co.za email address, to make this attack seem legitimate. However, the links provided in the email will take you to malicious websites.

The subject lines used in this attack include:

  • Payment confirmation
  • YOU A PENDING DEPOSIT

A screenshot of a social media postDescription generated with very high confidence

The UCT Computer Security Incident Response Team have put the necessary security measures in place, and have blocked the links.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your online banking password. 

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. Please:

  1. On a device that you know to be free of malware and infection, change your online banking password. 
  2. Inform your bank about this phishing attack and that you have provided your details.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.