Be wary of scam calls from telecom services

We are forewarning consumers about phoney mobile-to-mobile calls from international numbers through VoIP apps such as WhatsApp or Viber presumably representing a telecom service. So the story goes… scammers allegedly representing telecom service providers call consumers to notify them about being awarded a substantial cash prize from a lucky draw.

The fraudulent scheme’s aim is to lay hands on victims' private information like bank account details in order to purportedly transfer the 'cash prize’. Personal information requested by the fraudsters may also include passwords, PIN codes, OTP codes and other relevant financial details.

Consumers receiving such calls are advised not to respond to the caller and, should under no circumstances, share personal information. It is recommended that they instead end the call right away and block the number. The call receivers should also contact the service provider as well as the Bank, to report the case. 

Intel® reveals vulnerability in processor chip that could let hackers siphon a stream of potentially sensitive data from a computer

ZombieLoad - a vulnerability in Intel processors was newly discovered by researchers. The flaw is said to impact almost every computer with an Intel processor since 2011. The bug could allow attackers to steal any bit of raw data that’s been regularly accessed by the processor like passwords, browsing information or, provide the means to unscramble encrypted files.

ZombieLoad is the latest in a string of security flaws that leverage a widely used feature called the 'speculative execution', wherein a processor works to predict operations or data an application or system may need in the future. The result (data) is kept in the short-term memory caches of CPUs. That’s where the problem lies… the flaw allows attackers to read the data directly from the processor memory caches. Spectre, Meltdown and Foreshadow flaws representing this new class of security vulnerability, surfaced last year.

It is not known whether the flaw has been used by malicious hackers yet nor if successful attack would leave a trace.

The chip-maker says that its most recent microprocessors has been fixed at the hardware level to address the problem more directly, preventing the processor from getting data out during 'speculative execution'.

What users need to do right now

Intel® says. “[We] encourage everyone to keep their systems up to date, as its one of the best ways to stay protected,” the company says in a statement.

Apple, Microsoft and Google have issued updates with other companies expected to follow.

Apple says it released a fix as part of a recent Mojave and Safari update.

Researchers believe that vulnerabilities related to 'speculative execution' will continue to surface. They recommend that as soon as these flaws are patched, users should ensure their intel-based devices are updated to the latest, most secure versions.

Users may check to see if a system is vulnerable using an online tool created by researchers on 1

1 This link may allow you to access a non-MCB website.

MCB Ltd. has no control over the linked website and is not liable for the use of it.

Invoice Fraud currently being perpetrated in the country

Email Invoice Fraud proves persistent worldwide, and Mauritius is no exception.

This fraud, which involves hacked email accounts of a business and its customer seems to be steadily increasing in Mauritius.

In a nutshell, this fraud happens when a company is tricked into changing bank account details for a significant payment. Fraudsters normally analyse the business relationship between the targeted companies, hack a business’s email account to find a customer invoice which they copy, modify with their bank details, and—at the right time - poses as the usual supplier, and make a formal request to the customer to pay into the fraudulent account. The request, often, with a sense of urgency - so you don’t have time to give much thought to it - may also come with a justifying explanation like, the usual bank account is under audit.

Companies in Mauritius are being targeted specially via their Accounts Department and unfortunately are falling prey to the scam.

It’s worth noting that recovery of the funds from the fraudulent account is very difficult and that every company is vulnerable to invoice fraud.

Be vigilant. Be in control…

Education of employees and constant vigilance is key to prevention. These three simple steps will help protect your finances.

  • Don’t assume an email or phone call is authentic. Always check the sending email address and financial related instructions contained therein and don’t trust phone numbers displaying during the call as fraudsters can make any phone number appear on an handset. Confirm the email or call genuineness by calling the company back on the official phone number which you may already have on file.
  • Always look out for any irregularities on invoices including a change of name, bank details, amount or address. Be suspicious if it differs from the last time you used it and confirm any changes with the company requesting the amendment by using contact details you already have on record.
  • Don’t click on ‘reply’ to answer back. Instead, use the ‘forward' feature and key in your correspondent’s email address you have on file. This will ensure that you are not, in fact, responding to any potential scammer.

Remember: Fraudsters will do anything to convince you it is real!

In case an email address has been compromised, you may take up some basic measures as initial response.

  • Change the password. If you still have access to the email account, immediately amend the password to a strong one that is not related to the prior password. If the fraudster changed the password, locking you out of the account, you’ll need to reclaim that account, usually a matter of using the 'forgot your password’ feature and answering security questions, or using the backup email address.
  • Check email settings. Hackers may have emails forwarded to them or associated phone numbers amended.
  • Inform the Bank. Make sure to inform the Bank of the situation especially if you or your company have an agreement with the Bank to send financial instructions via email. You may provide a temporary alternative email to the Bank, if necessary. It is recommended to inform people in your contact list so they ignore any suspicious message coming from you - until you let them know that the issue is resolved.
  • Clean your system. Scan your computers/mobile devices or the company's network for malware. If malware is detected, change the password again to lock fraudsters out.

Remember: Refrain from clicking on unverified links or executable files embedded in an email message. MCB will never ask for your login details/passwords or send you links to a secured area, via email.

If you think you’ve been victim of fraud, contact your Account Executive immediately.

Don’t make “WannaCry”… make you cry

That campaign has, during the weekend ending on 14th May 2017, infected over 10,000 organisations and 200,000 individuals in about 150 countries, with numerous victims impacted in countries such as Taiwan, Russia, Turkey, Germany, Vietnam, Japan, Spain, Ukraine, Philippines, Kazakhstan, Indonesia, among others.  The whole National Health Service (NHS) in England was also infected by the ransomware.

This variant of the original Ransomware has been exploiting vulnerability in Windows and has wormlike capabilities - allowing it to spread by itself quickly. Like other ransomware, it attempted to encrypt files on computers hence making them unusable unless a ransom is paid. The threat extended to complete deletion of files if payment isn’t made within a week.

This is worthy of note: a sense of urgency is created to prompt victims into action.

Again, bitcoin - an untraceable digital currency - was the currency of choice for the ransoms, amounting to around US$300.

It was a scattershot attack rather than a targeted one, with a very broad spread. It was simply meant for just about anyone to get infected! True for most cases, ransomware doesn't tend to discriminate; all sorts of organisations, such as hospitals, train stations, businesses and hospitals around the world have been impacted.

Be sensible. Be in control…

Apply some basic precautions to counter the spread of the malware.

  • Install Anti-Malware Software. Most softwares are now equipped with detection capability to block WannaCry.
  • Update your Windows machines with available patches. In general, keeping your operating systems current will ensure your machine gets patches that fix bugs and close security loopholes.
  • Backup your data regularly. Have offline backups too, that way ransomware can’t encrypt your backups.
  • Remember to treat unexpected emails with caution, especially those with attachments.
  • Keep abreast of what's happening. Knowing is half the battle!

The criminals have worked out how to monetize this crime. Other subsequent variants are therefore expected to hit. We hence urge you to take necessary measures to protect yourself and adopt the right habits daily to stand a chance to fight this ransomware or any other malicious attack.

Share this page to spread the news and help keep your friends and family secure.

Emails with a forged sender address to mislead the recipient about the origin of the message. Such emails are intended to defraud the receiver in inciting the latter to send money to a “relative/friend/supplier” for payment.

Spoofed emails claiming to be from are regularly in circulation. Emails allege recipients have made an order online and mimic an automatic customer email notification. The link leads to an authentic-looking website, which asks victims to confirm their name, address, and bank card information.

1 Billion Yahoo! Account were compromised. The company has notified potentially affected users and has required people to change their passwords.

A recent and sophisticated scam targeting consumers by means of correspondence from their banks. The letter looks genuine and informs the recipient of "unusual transactions" on their personal current account. It then asks the customer to call a telephone number to "confirm the transactions are genuine.” The victims are requested by an automated service, to enter personal details like their card number, account number or their date of birth, and so on.

Fraudsters post pictures of items for sale that either do not exist or are counterfeit which results in buyers not receiving the purchased items.