FNB eBucks Phishing Scam Alert

By | December 17, 2017

I received a FNB eBucks Phishing Scam Alert a while back and figured it would be a good idea to warn as many people possible. It seems like scammers are getting more resourceful these days. The banks are doing their best to beef up their security, but they will never be able to close the number one security hole. User ignorance can make any security precautions seem pointless. The only way to combat this is to educate the end user.

The newest attack on our money comes in the form of a FNB eBucks Phishing Scam. Basically the victim receives an enticing Email with a promise of eBucks awards. The victim is asked to click on a link to collect the awards and this is where the scam starts. The link points to a fake FNB website clone where the victim’s personal information is captured and used to steal their hard earned money.

The FNB eBucks Phishing Scam Email and Process

Below is an example of the scam email and process. Please note that the structure and/or wording can be different, but the principle stays the same.

1) Scammers will send you a fake email asking you to download an attachment

From: FNB <noreply@fnb.co.za>
Date: Wed, Apr 20, 2016 at 10:05 AM
Subject: eBucks Services

To: victim@you.com

Dear Customer

Collect eBucks points on your qualifying grocery purchases*

For using your FNB Personal Debit, Cheque or Credit Card to pay for your grocery purchases at these Participating Grocery Retailers.

You have qualified to collect 15% in rewards points.

Download Attachment to PROCESS

Sincerely,

FNB eBucks Department

2) What happens if you do select the link

You will be redirected to a fake site that mimics the FNB website.

3) Next, you are presented with a screen requesting you to enter your user name and password and then an OTP

4) In the meantime, the fraudsters login to your account with the details they have intercepted and change your inContact details to set up a recipient.

Next, the victim is presented with an error screen requesting you to enter your OTP again.

5) When you enter the OTP on this screen, the fraudsters will be in a position to finalise the transaction from their side. In this case, the fraudsters wait 3 to 4 days before attempting a transaction.

 

Sharing is Caring!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.