Thursday 15 July 2010

The Voice - Consumer's Voice

A regular reader got in touch to say “I thought you might be interested in this email and the offer of free money from the SA Revenue Service.”

He forwarded an email he had received that claimed to be from the South African tax authority. It said:
“Tax Refund Notification
After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 18,582.50 ZAR. Please submit the tax refund request and allow 2-3 days in order to process it.
Click Here to submit you tax refund request
Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline.
Yours Sincerely
South African Revenue Service.”
Our reader knew better than to believe this email but he thought it was worth publicising. What was it, you might ask yourself, that gave him a clue that it was a scam? Quite simple. There’s no way the South African tax authorities could owe him any money because he wasn’t South African, doesn’t trade in SA and has never paid an tax to the SA authorities so how can they refund him any? However I think we can all see how someone might be tempted to click on the link to see what might happen.

So what DOES happen if you click on the link? The first thing is that you DON’T visit the SARS site. Instead you visit a site called http://gimstickorg.com/sars. Actually when I clicked on the link my computer came up with a warning alerting me to a potential scam at that site but I’m not sure everyone else would be as lucky.

What you see is a web site that looks just like the SARS site. On the site were logos for each of the main South African banks, including a couple that you’d find here in Botswana. Once you click on the logo of your bank of choice you then get to fairly high-quality copy of the real bank’s online banking login site. It’s only if you look very closely at the web address that you see that it’s not actually the real site you’re visiting. How many of us actually examine the precise web address we’re visiting?

This, however, is where the trouble begins. The web site is a good enough copy of the real bank web site that it would be very easy to enter your username and password without much thought.









It was such a convincing replica and so likely to con people out of their online banking usernames and passwords that, purely in the interests of research, I entered some details. Not my own of course, I just typed some random text.

What happened when I entered my pretend banking details? I got a message saying “Please wait… this may take a few minutes”. Nothing further happened, it just waited and waited. I suspect that if I hadn’t known already that this was a fake, I might have been tempted to go back and entire my details again, just to make sure.


You can bet that as soon as you enter these details into that fake site a scumbag scammer somewhere is entering them into the real site and transferring all your money to an account far, far away.

The thing that surprised me was how professional this whole “phishing” scam was. The fake web sites were very good copies of the genuine banking sites, the way they had been constructed was very persuasive.

It only took a little detective work to discover that the fake web site had only been created a matter of hours before our reader saw it. These crooks work very quickly indeed. Don’t bother trying to visit the site now though. I got in touch with the hosts, the gimstick.org people who weren’t themselves crooks, just a company that hosts sites on behalf of others and warned them that one of the sites they hosted was being used by crooks. The fake SARS site disappeared within hours.

The lesson is simple and I suspect we all know it but it’s worth repeating. Do NOT trust any web site links you receive in emails. No bank, no tax authority is going to contract you like this. Not ever.

No comments: