Although clients of all the major banks are vulnerable to and have been victims of phishing, a large number of phishing emails in the past six months have been targeted at presumed Absa clients. The bank recently issued warnings about online phishing after consumers, many of whom are not clients of Absa but who use popular "free mail" addresses such as hotmail and gmail, were subjected to a flood of hoax Absa emails, urging them to verify their online banking details to prevent fraud.
Personal Finance is aware of at least three readers who do not have any dealings with Absa but continue to be bombarded by phishing emails related to Absa. One of them, who uses a gmail account, received more than 50 phishing emails in the past month.
One email claims that Absa account holders are eligible to receive a return on bank charges they incurred in 2009. To qualify for this "benefit", you are asked to key in your personal banking information, following a link given in the email.
Another hoax email claims that Absa is updating its online security system following an attempted breach of your online log-on details, and that Absa periodically reviews certain customers' accounts, imposing temporary access restrictions on customers it thinks are vulnerable to unauthorised use. It asks you to click on a link to confirm your identity to avoid restrictions to your internet banking.
A third email claims that Absa has introduced a new scheme for account holders to receive a return on incurred charges over the year. All you have to do is click on the link in the email to verify your details. The link takes you to a website that looks quite authentic and even has warnings about phishing emails on the right hand side of the screen. However, if you look at the web address, it is http://96.9.49/log/index.php and not www.absa.co.za
A fourth email claims that Absa is introducing a new security system called "G-Data Internet Security 2010".
Absa does provide internet security software for its internet and cellphone banking clients, which is available free of charge to digital banking clients via a link on the Absa website. However, Absa does not send clients emails with links asking them to load the software - you must go to the website independently to download it.
Absa's Christo Vrey says this type of request is always a sure-fire sign that the email you have received is a phishing attempt to get you to divulge your personal banking information. By clicking on the embedded link, you will be taken to a bogus website where you may be persuaded to part with your account number, password, PIN - and your money.
Absa urges recipients of such messages to delete them immediately and not to follow instructions or take any action as requested in the email.
"Customers must be suspicious of emails asking for personal information, particularly bank or credit card account numbers, passwords, or a PIN, as it is likely to be a phishing lure," Vrey says.
He says Absa will never send out an email asking you to click on a link to a website where, to log on, you need to use your internet banking details.
Vrey says that of Absa's 1.2 million internet banking clients, only about 100 000 have made use of the free security software available to them via the bank.