DON'T BE NAIVE ABOUT PHISHERS - THEY HARVEST A HANDSOME PROFIT

Sometimes it can be a very nasty world out there. Think carefully before you give out any personal information on the internet or your cellphone! Remember always that huge plots are being hatched in cyberspace and none of them are about putting money into your account and all of them are about taking money out of your account.

Don't be naive about phishers - they harvest a handsome profit
Debbie Smit

31 August 2007 at 06h55

The suggestion that eNaTIS was hacked is actually laughable. That's not me talking. It's in black and white on the "public" eNaTIS site. According to the website: "The eNaTIS system and database is still secure".

South Africans are no strangers to breaches of security. It is rare to come away from any social gathering - a Sunday afternoon braai, a PTA meeting, coffee at the mall - without having been regaled with first- or second-hand accounts of muggings, burglaries or hijackings.

No one, not even our closely guarded government officials, is immune.

Similarly, it would be foolish to assume that any online system is completely safe from attack.
Estonia is wired. The little nation prides itself on being tech-savvy, conducting much of its business online. About 52 percent of the population, in contrast to South Africa's 10 percent, use the Internet. So, in April this year, when Estonia's major power centres - banks, government departments, political parties and media groups - were simultaneously bombarded by Distributed Denial of Service attacks, apparently in revenge for the removal of a Soviet memorial from a park in the capital, Talinn, it was a wake-up call for governments, corporations and network institutions everywhere.

Little eNaTIS would do well to watch its back.

And now for the little phishers.

Capital outlay to launch a phishing scheme is tiny (about R1 400) compared with the potential catch that can be landed. According to Martin McKeay on his Computerworld blog, if a spammer sends out 2 million emails and only 100 people are foolish enough to submit their personal information, the exercise still nets the phisher a handsome profit. MailFrontier's site quotes the Federal Trade Commission as saying the average phishing loss is about R9 000. For a small outlay a phisher can make nearly a million.

This week we received two very suspect emails. Both looked legitimate because they were emblazoned with logos from Absa and FNB.

Neither was tagged as junk. Because we don't have an FNB account, it was clear that the email from FNB was a scam. The offending mail, addressed to "Dear Valued Customer" with the rather ominous subject line "Final Notification" suggests that, in order to "re-activate your online access" (shoddy spelling is a dead giveaway), it is necessary to click on the link provided. The email goes on to apologise for the inconvenience and reiterates its concern for its clients' security.

The second email looked as if it came from Absa, which is our esteemed authorised financial services provider. This mail, which used an almost identical modus operandi, was so dirty that when I tried to forward it to Absa, my email application spontaneously quit.

Despite continuing attempts to educate the public about scams, about 3,5 million Americans gave personal information to phishers last year. Financial losses from phishing totalled more than R20-billion. It is difficult to isolate any statistics for South Africa, but phishing operations are on the rise. McAfee Avert Labs saw a 784 percent increase in phishing websites in the first quarter of this year.

The irony is that while Britons fear virtual crime over real crime - the Get Safe Online study released by the British government reports that 21 percent of respondents worry about net crime while only 16 percent are concerned about being burgled - the challenge for the average South African is to hang on to their computers for long enough to have their firewall compromised in the first place.