Phishing is Alive and Well In South Africa During the Coronavirus Outbreak

The Coronavirus (COVID-19) has/is whipping the world into a panicked frenzy – perfect conditions for phishing. While most think that the phishing trends take a while to be adopted locally, we’re here to inform you that these con-artists are always innovating and adapting their strategies.

Before we go any further.

Phishing is the fraudulent practice of sending emails, claiming to be a reputable company or individual that is looking for personal information, including passwords and credit card details.

Right now the hot topic is COVID-19 and these scam artists are working the angles. Here are a few industries at risk of COVID-19 phishing scams.

COVID-19 Phishing Delivery Issues

As of 14 May, 2020, the South African government lifted the ban on the delivery items. While most small businesses can breathe a sigh of relief, so do the scammers. This opening of the delivery floodgates may mean delays.

You might get a simple email requesting:
– More details;
– A new invoice number;
– Or the installation of a new invoicing program;

This could seem logical, after all, COVID-19 has caused chaos.

However, phishing con artists may have hacked the company’s emails.

As a rule of thumb, always follow up on a new email thread to check if this is the case. And also, there’s very rarely an occasion where a consumer needs to install a program to complete a purchase.

These “invoice programs” are most likely to be a Null Scriptable Install System (NSIS) installer that executes a malicious script. In turn this starts a standard install file or cmd.exe process, and eventually the Trojan-COVID-19 horse is in your system and they can access your system’s data.

This scam has variations, with the emailer asking for rushed information, an example of this is: “avoid disappointing customers”, or “don’t miss this amazing deal”.

The scam artist rule book is an ancient one. Apply pressure, and the victim will rush, rationalising the unusual processes.

COVID-19 Phishing Treatments/News

We believe that the South African government is doing a good job informing citizens about COVID-19.

All the possible information you need about the virus can be found, here: https://sacoronavirus.co.za/

This being said, many of us are tempted by the “informational sneak-peak”, and scammers know this.

Also, if you get an email that you think is from the government, this is also unlikely. They send out daily COVID-19 SMSs.

In the local market, SMishing is common. As a rule of thumb, if the message on any platform is sent to you from an unknown source, act cautiously, and investigate.

But how does one identify a scam, and what to do if you do click the link?

How To Spot A Phish Message

As a rule of thumb, if someone sends you an executable file in an email, we can say with a lot of certainty it is a scam.

General housekeeping rules when spotting scammers is:
– A request for personal info;
– Odd email addresses;
– Spelling and grammatical mistakes;
– Generic greetings without your name;
– And if you need to act ASAP on a deal.

We have written in more detail about spotting a “spoof email”.
If you suspect the message of being a scam, delete it. Never reply to them.

However, if there is some uncertainty, Google is your friend. There are loads of websites that will inform you of circulating scams.

But, if you have accidentally clicked the email, and suspect that you’ve installed a malware onto your laptop. Please feel free to call us: (012) 664-0066