Online impersonation scam puts Post Office customers at risk

The latest victim of cyber attacks is the SA Post Office. Picture: File

The latest victim of cyber attacks is the SA Post Office. Picture: File

Published Sep 21, 2022

Share

Pretoria - With the 2021 Interpol African Cyberthreat Assessment Report indicating that South Africa was leading in digital extortion, online scams and business email attacks, private security companies have called on government entities to strengthen their cyber security efforts.

The latest victim of cyber attacks is the SA Post Office, which, according to private cyber security company Mimecast, had witnessed more than 100 000 fraudulent emails imitating the entity.

Moss Gondwe, Public Sector Director at Mimecast, said their threat hunting team had picked up a resurgence in email scams imitating the Post Office between May and June this year.

Gondwe said in one version, an official-looking email claimed to have the recipient’s package, but required a small payment to conclude delivery.

He said once users clicked on the link, they were taken to a payment site and asked to enter their credit card or online payment details, which the threat actor could then use to defraud the victim.

He said the version of this scam was so convincing, it even requested the victim’s mobile number and sent a confirmation SMS to their device, presumably to ensure the person entered the legitimate details.

Gondwe said cyber criminals were also weaponising state-owned assets against citizens by sending taxpayers a seemingly legitimate email that urged them to click on a link to download and respond to a letter or risk a court summons. The link invariably contains some form of malware that can infect their devices and open the door to threat actors accessing sensitive personal information.

“Impersonation attacks wreak havoc on trust in public sector institutions and state-owned enterprises therefore additional measures are needed to protect against threat actors hijacking their brands or domains and putting citizens at risk.

“When a private sector organisation suffers an impersonation attack, its customers may suffer financial losses or other inconveniences that could see them abandon that organisation for a competitor. This can affect revenue and, in the case of listed entities, cause a drop in share price.”

In the case of crucial entities, such as the Post Office, utilised by the most vulnerable citizens to interact with the SA Social Security Agency’s systems and processes to receive their social grants, any undermining of the relationship between grant recipients and the state held the potential to severely affect the most vulnerable and cause a loss of trust in state institutions, Gondwe said.

“It is vital that the state invests in appropriate, multi-layered defensive capabilities to help detect threat actors aiming to imitate state-owned organisations or government departments. Without appropriate security measures, citizens will be at the mercy of ruthless criminals going to great lengths to subvert the hard-won trust between them and the state.”

Around the same period, the SA Post Office issued warnings to its customers to be on the lookout for scams designed to mislead the public into paying money into a fraudulent account.

Sapo spokesperson, Johan Kruger, said at the time that customers could spot a message or email that was not from the Post Office by taking note of a few things, including that the entity never asked for import duties or clearance fees in advance.

If customs fees were payable on a parcel from abroad, he said, the client paid the fees when they collected the parcel from the Post Office counter, or when delivered by a Post Office driver.

“Also, the Post Office would never request your bank account number or an online payment for customs duties. The tracking number on the message is

invalid when entered into the postal tracking website, or referred to a parcel that was collected years ago,” he said. He stressed that the website clients landed on after clicking the fake link was not the SA Post Office’s secure website.

Pretoria News