BEWARE – COVID related Email Scam

Reading Time: 5 minutes

I woke up this morning to an email from Standard Bank in my inbox. Nothing exciting about that, except that this one was a little different, it had some GOOD NEWS!

The Subject line informed me to “Redeem Your SBSA-COVID-19-Financial Relief Now”! Wow, awesome stuff, just what a lot of people needed at this time.

The body of the message was even more exciting, the government was giving me R7500.00 financial relief to help in the crazy times we are going through!

Then reality hit

Why is this the only place that I am seeing this? Surely the government would have made an announcement by now that this was on its way. It would be a fantastic way to calm the masses and to get everyone to start following the rules. Lockdown and we’ll give you some money… But NADA, there’s nothing on the news. Starting to sound too good to be true!

I started looking closer at the email and noticed some red flags, after looking at all the signs, and doing some behind the scenes snooping, it became clear to me that this is definitely a phishing scam! We might be locked down, but the criminals aren’t! They just seem to have found a new way to take advantage of innocent people in a difficult time.

The following are the issues that I found, please take note of these and stay vigilant so that you don’t fall victim to these types of scams.

Obvious visual warning signs

These are the signs that any user should be able to pick up. They are visible to the naked eye and don’t need any IT skills to see.

  • The email wasn’t sent to me directly, it was sent to a distribution list (“undisclosed recipients”). This is a HUGE warning sign. The banks WILL NOT send sensitive information to mailing lists. They have your email address and emails will be sent to you and addressed to you.
  • The email started “Dear User”. Again, the bank knows your name and will address you by it.
  • The email referred to a PDF attachment, but the attached file was a website that would open.
  • The fonts were not consistent through the email.
  • In South Africa, we type numbers without a thousandth operator. R7500.00 is what you would expect to see, but this email used R7,500.00.
  • There is a “handy link” in the email for you to use if you don’t have Acrobat Reader on your computer. The problem is, the link has the following added “promoid=BUIGO”. This isn’t dangerous, but it’s a way that the scammer will earn a commission off of every click on that link. The bank wouldn’t include this.
  • There is a “footer” attached to the email with links to Standard Bank’s social media accounts (Facebook, LinkedIn, Twitter, etc). None of these links work as the footer is just a picture that has been pasted there.
  • The telephone numbers in the email to call Standard Bank are different from the numbers in the footer. Surely Standard Bank knows their own number!

The above signs are some of the visual ones that you should pick up on before taking ANY action in the email. If this is all that you have done, you are still safe. Hit delete on the email and the danger is gone.

Less obvious behind-the-scenes signs

These are the signs that need a little bit of IT knowledge to be able to perform. If you are unskilled, there is some danger in trying to pick these up, you could accidentally click a link or install some spyware on your computer. BE CAREFUL.

Example of a phishing website

DON’T DO THIS –> Clicking on the link opens a pretty convincing Standard Bank branded website. If you start entering information here, you are GIVING away your money.

Warning sign that popped up from AVG when entering a dangerous weebsite

My Anti-virus picked up the threat as soon as the page opened and gave me a warning that the threat had been blocked.

Make sure that you have an anti-virus and that it is up to date!

After (unwisely) closing the warning from AVG, I was left with the website showing the Standard Bank screen.

Before following the instructions on the page, I had a look at the page itself. On investigation, I could see that none of the links on the page would work. There is a link for the Terms and Conditions, Register for Online Banking and to Register for Business Banking. None worked. Another BIG red flag!

I also noted that the “website” that I was directed to was actually pointed at a file on my computer, not online. Definitely not the way the bank would work. You can see this in the address bar of the browser window.

Delving Deeper

I had a look at the actual code of the website behind the screen, however, it was just a javascript page and I am not familiar enough with javascript to be able to tell what was going to happen if I carried on. That’s when I made the decision to close the window and not take any further chances.

Having one more look at the email itself and checking the code behind also revealed something. The images that were being used were actual images from the bank, hosted on the bank servers, but were from e-Statements from 2018. The bank wouldn’t mix and match images from statements to emails regarding government initiatives.

Because my Anti-virus picked up and blocked the dangerous file, and because I didn’t actually fill any info in or hit the “Next” button, I’m pretty safe. I proceeded to delete the email and empty my temporary internet files to make sure that there were no “scaries” hanging around.

In closing

These types of emails are not unique to Standard Bank and the same modus operandi is followed by scammers for banks all over the world.

Just to re-iterate, I am computer literate and have a lot of experience in various areas of IT, specifically in coding software. I am confident that what I did was safe and was done to highlight issues so that you don’t have to take the chance yourself. As the Mythbusters would say, “Don’t try this at home!”

I hope that the points above will help you in identifying possible scams in the future and at least give you some pointers on what to look for. If something sounds to good too be true, it probably is… If you aren’t sure about the validity of something, rather DON’T take a chance. Call the bank and ask, find their number for yourself, don’t use the numbers in the email!

Good luck, stay safe and healthy and keep your money out of the scammers hands!

Relevant Links

There are some measures that have been introduced by the banks to assist consumers, check out the following articles on our blog with some details;