Authorized EFT Payment Received
X-Apparently-To: x via 220.127.116.11; Mon, 27 Aug 2012 03:08:09 +0000
Received-SPF: pass (domain of beesbuzz.com designates 18.104.22.168 as permitted sender)
Authentication-Results: mta1098.mail.ukl.yahoo.com from=absa.co.za; domainkeys=neutral (no sig); from=absa.co.za;
dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mail.beesbuzz.com) (22.214.171.124)
by mta1098.mail.ukl.yahoo.com with SMTP; Mon, 27 Aug 2012 03:08:09 +0000
Received: from web.beesbuzz.com (web1.beesbuzz.com [126.96.36.199])
by mail.beesbuzz.com (Postfix) with ESMTP id 5AAC1205A26
for <x>; Sun, 26 Aug 2012 23:05:56 -0400 (EDT)
Received: by web.beesbuzz.com (Postfix, from userid 33)
id 3FF8613B97B7; Sun, 26 Aug 2012 23:08:03 -0400 (EDT)
Subject: Authorized EFT Payment Received
From: ABSA <email@example.com>
Content-Type: multipart/mixed; boundary=8239B9A29BB7690536DE2B978BF7AF42
Date: Sun, 26 Aug 2012 23:08:03 -0400 (EDT)
EFT Payment Received!
You have a pending EFT payment selected for your account. We are unable to process this payment to your account as your approval is required to authorize the credit to reflect in your account, Please approve the payment to receive your incoming EFT deposit, follow the instructions below to approve your payments.
Please ensure to enter security RVN numbers sent to your cellphone Number to approve this transfer, failure to do so will reverse this payment.
Please download attached encrypted zipped statement. We have encrypted your account statement in a secure zip folder which can be downloaded directly from our database, download the zip folder, save or open on your computer, you will find your statement encrypted Statement_08-2012, double-click to open now from our mobile website and be automatically logged into your account to approve your payments.
ABSA Mobile Banking!
Please accept our apologies for any inconvenience this action may have caused.
Thank you for banking with us.
Absa Life Limited, Reg No 1992/001738/06
Authorised financial services provider (FSB No. 36116)
E-mail disclaimer and company information: www.absa.co.za/disclaimer
If it is already authorised, what is the need of this e-mail then?
We never heard of a deposit that has to be authorised, it is normally funds flowing from your account that has to be authorised. The reason why the scammers chose a deposit is because the impression of money being paid INTO your bank account is much more enticing than an outgoing payment. Secondly, an unauthorised payment will most likely scare people away and rather urge them to contact the bank's fraud department than following the instructions of this e-mail.
There is only one place where you must enter the RVN numbers and that is on the official absa.co.za website. You must NEVER enter these numbers after clicking on a link in an e-mail or using some strange document attached to the e-mail.
Wait a minute, we thought this e-mail is about authorising a deposit. Why do you need a statement to do that? What is there to download, the file is already attached to the e-mail you just downloaded. The scammers are simply trying to fool you into thinking that you are downloading this statement from the ABSA website.
Luckily this scammer is horrible at explaining stuff. Most novice computer users won't have a clue how to open this statement. Remember if you open a file from your local hard disk, it is not running from a remote site, it is running from your computer.
This scam is aimed specifically at mobile users, so the scammers are bargaining on the possibility that you will open this e-mail and its attachment with your smartphone. A file with the name Statement_08-2012.zip is attached to the e-mail. Inside this zip file you will find a HTML document called Statement_08-2012.html, which is a cloned version of the actual ABSA Mobile Banking site. This file loads another file called r2-le_absa_mobile_header.html into a frameset. This file is also included in the zip file under a folder called r2-header_absa_mobile.
So opening this document does not take you to the real ABSA Mobile Banking website, but a fake version that's run directly from your phone (or computer). The fake website looks like this:
If you enter your account number, pin and password into the fake mobile site and press next, it redirects to the actual phishing site, sending your account info, pin and password directly to the scammers. The scammers often react very fast and log into the victim's account within a couple of minutes after receiving the login details. Once the scammers gain access to your account, their aim is to create a new beneficiary to transfer funds from your account to theirs, this will initiate the RVN (Random Verification Number) to be sent to your cellphone. The only thing the scammers need at this point is the RVN, so although the fake website was down when we investigated this scam, we assume that the phishing site will ask for the RVN. Once you enter the RVN, you can kiss your money goodbye.
There are a couple of things to take note of here:
The login page asks for your complete password. ABSA never asks for your complete password, only 3 randomly selected characters from your password. Secondly, once you receive notification of a beneficiary being created on your online banking profile, you should be alarmed. Never send the RVN to anyone or enter it into any site if you did not initiate the creation of the beneficiary yourself.
These sentences read very difficult to say the least and the grammar is a bit off. This is just another sign that this e-mail did not come from ABSA.
This is a new move by phishing scammers to make their scams more effective. By now people are wary of links in e-mails that appear to be from a bank, so the scammers are trying to get past this problem by using attachments. The only link in this example is the one at the bottom and it takes you to ABSA's official website, just another attempt by the scammers to make the e-mail look legitimate and trustworthy. Remember, no matter how legitimate the e-mail looks, ABSA will never send you e-mails like this.