Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









ABSA 'Authorized EFT Payment Received' Phishing Scam

Outline
Email purporting to be from South African bank ABSA claims that the recipient must approve a pending EFT payment by opening an attached file and supplying account login details.



Brief Analysis
The message is not from ABSA. Instead, it is a phishing scam designed to trick ABSA customers into divulging their account login details to Internet criminals. If you receive this or a similar email, do not open any attachments or click on any links that it contains.

Bookmark and Share
Detailed analysis and references below example.





Last updated: July 31, 2012
First published: July 31, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Authorized EFT Payment Received

EFT Payment Received!

Valued Clients,

You have a pending EFT payment selected for your account. We are unable to process this payment to your account as your approval is required to authorize the credit to reflect in your account, Please approve the payment to receive your incoming EFT deposit, follow the instructions below to approve your payments.

Please ensure to enter security RVN numbers sent to your cellphone Number to approve this transfer, failure to do so will reverse this payment.

Please download attached encrypted zipped statement. We have encrypted your account statement in a secure zip folder which can be downloaded directly from our database, download the zip folder, save or open on your computer, you will find your statement encrypted Statement_07-2012, double-click to open now from our mobile website and be automatically logged into your account to approve your payments.

ABSA Mobile Banking!

Please accept our apologies for any inconvenience this action may have caused.

Thank you for banking with us.

ABSA Pending EFT Phishing Scam




Detailed Analysis
According to this email, which purports to be from South Africa's ABSA bank, the recipient has an EFT payment pending for his or her ABSA account. The message claims that the EFT payment has not yet been processed because the account holder is required to approve the supposed funds transfer. The recipient is instructed to unzip an attached folder and then open an "encrypted" account statement in order to approve the pending payment.

However, the email is certainly not from ABSA. The message is a phishing scam that attempts to fool ABSA customers into submitting their account login details to Internet criminals. Those who unzip the attached folder and click the "account statement" file as instructed will be presented with the following login form, which loads in their web browser:

ABSA Scam Login Page

Those who fall for the ruse and enter their account details, will next be taken to a page that claims that they must wait for a phone text message to be sent to them before finally authorizing the pending EFT payment. However, this supposed requirement appears to be just a delaying tactic. Since the criminals behind the scam are unlikely to have the victim's mobile phone number, the supposed RVN SMS will never arrive. In fact, the bogus website allows the victim to click "continue" without entering any RVN number. After clicking "Continue", the victim is then shown the following message:

Please wait while your account is been verified...
Upon successful verification, your account will be logged off and new security upgrades will be applied. Your account credit payment will now be authorized and security updates will be applied to your account profile... Please wait 45 minutes to logon again

At this point the victim believes that the approval process has been successful. And the account holder may dutifully wait 45 minutes before logging in to his or her account. The scammers can use this waiting time to collect the victim's login details via the fake form and login to his or her real ABSA account. Once they have gained access to the compromised account, the scammers can first change the victim's login details, thereby locking out the rightful owner. They can then steal money from the account and use it to conduct further fraudulent activities and transactions at will.

Thus, the hapless victim may not even realize that he or she has been phished until it is too late. This is a fairly sophisticated phishing attempt in that it uses spoofed addresses, stolen ABSA graphics and a reasonably plausible cover story to make the claims in the scam message seem more legitimate. As noted, it also attempts to delay discovery by asking victims to wait 45 minutes before logging in to their accounts.

Be wary of any email that claims that you must open an attachment or click a link in order to login to your account and verify or update account information. It is always safest to login to your online accounts by entering the account address into your web browser's address bar.

Phishing is a very common type of Internet fraud that continues to gain new victims all around the world every day. Like other major financial institutions, ABSA is regularly targeted in such scams. ABSA has published information on its website warning customers about phishing scams.

Bookmark and Share

References


Last updated: July 31, 2012
First published: July 31, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer