Reduce bank charges. No choice.
By providing your logon credentials to this version of the ABSA banking site you’re likely to reduce your banking charges quite significantly. Once the scum behind the email address onirekedouglasdale@webmail.co.za gets hold of your logon details, there’ll be little in the way of cash left in your account to charge banking fees on…
Documenting these scams is a bit boring, since they all rely on the same mechanisms: an end-user’s blind trust in technology, the promise of quick and easy transactions and an ability to dupe many people by showing them something that looks just like the real thing. I add this one here simply because it adds another twist to the usual provide your password routine. Played through, the spoof site indicates that an RVN (one-time password) has been sent to the user and that that message may, or may not, arrive due to an apparent system congestion.
The obvious play is that the RVN is never sent, requiring the user to click on a link to the actual ABSA site to retrieve a valid RVN.
I assume onirekedouglasdale@webmail.co.za next sends an email to the user requesting confirmation of the true RVN. Since an RVN is valid for a reasonable time period and because the user has already been duped once into providing personal data, it’s no stretch to believe that the RVN may well be sent to the scammer.
Like most modern scamming methods, the fake website looks like the real thing. A few things to notice: the address indicated in the browser is http://207.204.1.180/log/, not https://ib.absa.co.za/ib/ib.jsp. The image for some embedded content in the logon button indicates that something is amiss.
The message at the bottom right indicates system downtime scheduled for November 2009, most likely the time the real ABSA site was initially scraped and deployed for the fakery.
The site is not yet marked as a scam in Firefox, but has been reported to ABSA. Regardless of whether or not this site is blocked, continued vigilance is an absolute key in online system use. The sophistication of such enterprises is on the increase. Take care, check at least twice before entering anything into any website and as always, contact the organization if you have any doubts.
One way of verifying the veracity of the site is to initially enter incorrect logon credentials on purpose. Since a fake website can’t tell you whether or not your user name and password isn’t valid, the lack of an error message is one indication that may be used as a protective measure.
