Common WhatsApp scams | Mobile Apps

Most common WhatsApp scams – How to avoid them

Millions of people use WhatsApp to communicate every day, but recently, users of  this essential app have been falling prey to scammers. The latest scams vary from promises of a weekly return on a specified donation to notification of the death of a family member who’s bequeathed their life savings to you.

Here’s how you can protect yourself from the latest WhatsApp message scams.

getting the message on WhatsApp: beware of fraudsters

You probably receive dozens, if not hundreds, of WhatsApp messages every day, and you’ll likely agree that the app makes your business and personal life much easier to manage. But what about the strange messages we all seem to get from unknown numbers from time to time?

  • Whenever you receive a WhatsApp message from a number you don’t know, the best thing to do is proceed with caution.
  • Unless you’re expecting a message from a new contact or a friend living overseas, you should verify the sender’s identity before responding to the message.
  • Make use of the convenient WhatsApp feature that lets you decide whether to block new contacts or accept their messages.

is someone  in trouble – or has their WhatsApp been hacked?

It’s easy enough to filter out fraudulent WhatsApp messages sent from strange numbers, but what about a message that seems to be from a friend or relative requesting financial help?

In situations like this, our first instinct is to help the person, but if their WhatsApp account has been hacked, the money you send them will go straight into the hands of criminals.

  • If you receive a message from a friend, relative or colleague requesting financial assistance because of an emergency, call them right away and verify that the message actually came from them.
  • This will put your mind at ease and will also alert them to the possibility that their WhatsApp account has been compromised.

if it sounds too good to be true, block the number

Lately, a common WhatsApp scam has been doing the rounds. It involves sending a congratulatory message to unsuspecting users telling them that they won a prize or lottery draw. This scam has a lot in common with email and phishing scams and while most of us wouldn’t reply to this type of message in an email, people are more likely to fall prey to these scams in a WhatsApp message.

If you receive a WhatsApp message bearing an offer or “good” news that’s just too good to be true, block the sender and count yourself lucky: you’ve just avoided having your smart phone hacked.

Other WhatsApp scams to be on the alert for are crypto and trading scams – usually from people you don’t know, promising you a great return on a new trading platform.

Store scams have been around for a while but a fake Woolworths or Takelot voucher, usually forwarded to you by someone you know who’s fallen prey to the scam, can dupe even the most cautious of us.

be alert for all scams and backup your data

Being alert is an essential part of life in South Africa, both for your personal wellbeing and your data security. Keeping your personal data safe is another essential part of a safe modern life. Our range of cloud storage solutions will help you keep your personal and business information safe and encrypted in the cloud.

Your Guide to the Best Email Security Practices

Every time you send and receive an email, you’re taking a risk. There’s ransomware, phishing, viruses, and compliance violations to be wary of. From CEOs of big corporations to secretaries who manage client emails all day every day, everyone needs to be aware of the best email security practices to follow to ensure that your emailing behaviour doesn’t become the very thing that brings your company to its knees.

To take the guesswork out of the process of drawing up an email security strategy, we’ve included some tips and advice for the correct and most effective security practices for your business. Before we investigate these practices, let’s learn more about the risks involved in using email.

the common threats

Regardless of its size, every company must have a cybersecurity strategy in place, and email security forms part of that.

Many people believe that as they aren’t sending or receiving particularly sensitive information, it doesn’t matter whose hands their email falls into. However, this is a risky mindset as hackers aren’t only interested in your email content. They want access to an even bigger network and the front door for them is through your email.  Once a hacker has access to your emails, the online world (your online world) is their proverbial oyster.

Cyber hacks and attacks are ever-changing. Over the years, they have progressed from simple phishing links to complex social engineering tactics and email security should form a critical part of your overall cybersecurity.

what to be aware of

Knowing what to watch out for is important. Here’s what to keep an eye out for.

These are emails that request money and sensitive information from a user. Spear phishing is when ‘someone else’ impersonates ‘someone you trust’ to get information out of you. You might receive an email stating, “Your online banking profile number and pin is going to expire in three days. Click on this link to register your new profile and pin.” Everything might look legitimate, but it’s not!

  • social engineering

Ever received an email or a pop up that says, “OMG, it looks like you in the video!” – well, that’s social engineering at play. This is when cybercriminals rely on you to click on a malicious link or attachment.

  • business email compromise

This is a form of spear phishing where a cybercriminal impersonates the CEO of a company or a manager. This type of scam relies on employees sharing sensitive information, which can be used to steal business data and even money.

  • spam

You know those emails that say, “You’ve just one a R1 000 Woolworths voucher!”? Well, this is known as spam, and most often, we fob them off as an annoyance when we click on it, and it takes us seemingly nowhere. What you’re not expecting is that a bot, instructed by the cybercriminal, sends you that link and when you clicked on it, spyware, malware or even ransomware is installed on your computer.

  • malware

Malicious software, called “malware,” often presents in the form of a Trojan, ransomware or some other program that attacks your computer system. In most instances, the files on the computer are encrypted, and you are requested to pay a ransom to get the key to unlock the encrypted files. Some types of malwares can get access to your computer camera or your entire device, which means they see what you see and do! Obviously, that’s a big risk.

  • botnet and ddos

Largescale spam and phishing campaigns are often managed by botnets which are groups of devices that are under the control of a cybercriminal. Often, these devices are used to overload a system or network in hopes of making it crash. This type of attack can cause absolute mayhem.

tips to the best email security practices

Email security is all about building as many walls as possible between your data and the cybercriminal. Cyber security should be no different to virtual security with multiple barriers making entry virtually impossible.

  • Educate employees on best email security practices such as never clicking on unexpected attachments and links;
    • Put rules and guidelines in place for all work email security.
    • Make sure that your employees understand what kind of sensitive data they are likely to be handling.
  • Encrypt sensitive email attachments through a secure hosting service.
  • Activate 2 factor authentication – this will tighten up access points from end-to-end, which includes email.
  • Add legal disclaimers to your emails so recipients are aware they cannot send that email on to anyone.
  • Regularly change email passwords (and ensure they are difficult passwords)
  • Do regular encrypted data backups just in case you ever fall victim to malware
  • Update your operating system to avoid software vulnerability which is often corrected with updates.

How do you ensure that your company uses email safely? Share your tips and advice with us today!

Open this window and you’ll be letting Ransomware in

As if it could be possible, you should know that cybercriminals have become even smarter and sneakier in their approach…and you could be their next victim. If you’re the type of person that takes heed when Windows asks to be updated (and you go ahead with the update) there is a strong possibility that you are the target of an unscrupulous online criminal.

The latest Ransomware threat to take to our screens is a Windows update request that installs ransomware on your computer or phone. Before we delve a little deeper into this threat, let’s just refresh your memory… what is ransomware?

Ransomware is a type of malicious software usually disguised as “safe to open” files in emails. The software is designed to block someone’s access to their computer or personal files until a certain amount of money is paid over to the criminal. In some cases, where the cyber-criminal has access to highly sensitive information, they may incentivise the ransom payment by threatening to publish sensitive data online or publicly. Most people are caught out with ransomware by opening emails and clicking on attachments or links, which they think are legitimate and safe.

The Latest Windows Update Ransomware

It’s been noted that one particular cyber-criminal has found a way to make it even more alluring for people to click on his/her ransomware links and files. This particular threat works the same as most ransomware threats, except the email appears to be coming from Windows and usually features a subject line that says something along the lines of “critical Windows update”. Of course, Windows users want to keep their systems up to date, ironically for security reasons, so they click on the file or link included.

Most computer and internet users have become savvy to fake emails over the years, usually when they take the time to read the body of the mail, or to check the email address. One of the tell-tale signs that an email is from a cyber-criminal is that they go into unnecessary depth and include a lot of information within the mail. This particular windows update email is different in that it is concise and provides no suspicious information leading the reader to believe that it might be a fake. The spelling, which is also often a tell-tale sign of trouble, is 100% correct.

The final proverbial nail in the coffin in this mail and another reason why someone might follow the link is that the executable file (this is the program that installs on your computer) is disguised as a .jpg image.

Latest Windows Ransomware Threat Opens the Doors for More Threats

Researchers and analysers analysing this latest attack have taken the time to see if the executable file leaves a trail and they have found seemingly disturbing evidence. The malware builder that the cyber-criminal used to create his ransomware program is actually hosted on the Github developer platform. This means that it is readily available to other cyber-criminals looking for a malware builder to create similar threats.

How You Can Protect Yourself from the Latest Windows Ransomware Threat

There are several steps you can take to protect yourself from Ransomware. Reading posts like these keep you updated and informed, so you are already on the right track! Consider doing the following too:

  • Securely backup your data as soon as possible and ensure that the data backup is encrypted and password protected.
  • Choose an ‘impossible to guess’ password for your online backups and all of your cyber accounts.
  • Change your passwords regularly.
  • Check that your antivirus software is up to date.
  • Make sure that content and email filtering services are activated on all email accounts.
  • Train staff in the fine art of being suspicious about every email they receive. Have a no-click policy if the email is from an unknown source.

If you’re ready to get started, get in touch with the Soteria Cloud data backup team and start taking steps towards protecting yourself (and your data).

Phishing & Email Scams Gain Momentum in South Africa

One would think that will all the awareness campaigns around phishing and email scams, South Africa’s risk profile would be on the decline. As it turns out, it’s not. Email scams and phishing scams are always on the rise and, right now, unsuspecting South African citizens are being scammed. Whether it’s due to ignorance or carelessness, thousands of rand are being delivered into the hands of criminals via online scams.

What can you do to protect yourself?

Being aware of the latest scams and ensuring that you behave safely online are the first steps to take.  Let’s take a look at the latest…

Ministry of Finance Scam

The Minister of Finance recently warned South Africans to be aware of a scam doing the rounds in the first week of October 2019.  The scam involves an email that is sent to thousands of South Africans claiming to be from the Ministry of Finance. The email advised the recipient that there are millions of rand that need to be claimed from the South African Reserve Bank and that the recipient of the email is indeed one of the citizens entitled to do so. To start the claims process, the individual will need to send through their particulars, including:

  • Full name
  • Date of birth
  • Occupation (place of employment)
  • Cell phone number

The intention of this fake email is to gather the personal information of the recipient.

The Minister of Finance has spoken out against the scam and asked South African’s to ignore emails of this kind from the Ministry. It’s important to note that the Ministry of Finance will never request personal information via email.

Department of Labour Scam

Another scam that’s taken the South African community by surprise is one targeted at the Department of Labour and aims to take advantage of the desperation of some citizens.

The scam, which is social media-based, involves a fake social media page complete with Department of Labour branding. The page features an announcement that claims certain citizens, who have worked in the country between 1990 and 2019, have the right to claim/withdraw R30 000 from the Ministry of Labour. To do so, individuals must check if their name appears on a list of entitled individuals. The next step would naturally be to provide the “Department” with all their particulars, including banking details so that the claim could be paid out. Once again, a fake email is being used to gather personal information.

The Department of Labour has spoken out against this scam and informed the public that there is no such benefit in place.

Are the Criminals Winning?

Does the steady increase in phishing and email scams in the country, and the world, mean that there are no wins from the cybersecurity community? No, it doesn’t. In fact, that is where the good news comes in. Just recently, the Department of Justice in the United States made a massive breakthrough in Cyber Crime, where 281 email scammers were arrested in a major global sweep.

While South Africa didn’t appear on the list of criminals, South African citizens have undoubtedly been the target of many of these arrested criminals. The Department of Justice seized a whopping 3.7 million dollars during the operation while arresting people from the following countries:

  • Nigeria (167 arrests)
  • United States (74 arrests)
  • Turkey (18 arrests)
  • Ghana (15 arrests)
  • The last seven criminals were located in France, Italy, Kenya, Malaysia and Japan.

As you can see, West Africa is in the lead by leaps and bounds.

Protect Your Own Best Interests

While it might not be possible to shut down every scammer in Africa or the rest of the world, there is a way to minimise their impact. And that is through awareness. Tech users need to become savvy to the prospect of scams and be aware and alert at all times when receiving emails and other forms of communication from people and enterprises they do not know.

If something seems a bit fishy, it is best not to respond, or completely shut down communications. Also, keep in mind that any email requesting personal information over the internet is not considered safe and secure – rather avoid it. If you wish to confirm that it is, in fact, the authorised company or person making contact with you, call the company in question and speak directly to an official representative.