The many ways in which it is now rife in South Africa.
In August 2020, South Africa experienced its largest-ever data leak, which exposed the personal information of around 24 million South Africans and just under 800,000 businesses. The suspected fraudster deceived credit bureau Experian under the guise of being an existing client.
Despite Experian claiming that “no sensitive consumer credit or financial information was obtained by the fraudster in this incident”, the Information Regulator (South Africa) confirmed that the data made its way onto the dark web via a whistleblower.
“The whistleblower has informed the regulator that the information of natural persons that is hosted on the dark web includes their cell numbers, home and work phone numbers, employment details and identity numbers,” it said via a statement.
“The personal information of companies includes the names of the companies, contact details, VAT numbers and banking details.”
Experian is pursuing criminal and civil charges against the fraudster.
Mimecast says cybercriminals are targeting South African public and private sector organizations in orchestrated attacks that could lead to devastating losses in business productivity, reputational damage and revenue.
Brian Pinnock, cybersecurity expert at Mimecast, says the global pandemic only served to accelerate the volume of attacks. It reportedly found a 75% increase in impersonation fraud in South Africa over the first 100 days of the pandemic.
“As South African organizations implement systems and policies to ensure compliance to the Protection of Personal Information Act (POPI), which comes into force in July 2021, we are likely to hear about more data breaches.” – Brian Pinnock, a cybersecurity expert at Mimecast
“As South African organizations implement systems and policies to ensure compliance to the Protection of Personal Information Act (POPI), which comes into force in July 2021, we are likely to hear about more data breaches. This is in part because of the legislative requirement to inform customers and regulators of any breach as soon as reasonably possible. The regulator appears to have since indicated that 72 hours is a reasonable period,” says Pinnock.
According to the World Economic Forum (WEF), cybercrime remains one of the greatest threats to global prosperity and is expected to cost the global economy $2.9 million every minute in 2020.
The Covid-19 pandemic has led to a complete digital shift for both business and personal interaction from video calls to collaborative tools and down-time activities such as shopping, streaming or gaming.
Cybercriminals have proven highly adept at exploiting a crisis or global event, and a digital ecosystem where the risk of getting caught remains very low and the potential returns are very high, says the WEF.
Additionally, the profits from these malicious activities allow for continuous improvement in capabilities that often surpass the intensive cybersecurity investments made by government or corporate victims.
Since lockdown began in South Africa, impersonation attacks have escalated as workers are forced into remote work, says Pinnock.
“Home information technology is generally insecure, and most organizations have not planned to securely support remote users at this kind of scale.”
He says criminals will look at trends and popular services, brands or topics and exploit these because they know there’s a greater chance of individuals clicking on links and falling into traps.
John Mc Loughlin, CEO of J2 Software, an African security-focused company based in Johannesburg says cyber security and privacy risks should be top priority for any business at present, especially whilst trying to accommodate all staff in their remote working environments.
“More concerning is the intensification of cyberattacks; unscrupulous cybercriminals are exploiting vulnerable and unsuspecting home workers,” says Mc Loughlin.
The South African Banking Risk Information Centre (SABRIC) says it has already seen an increase in new scams involving personal protective equipment, fake vaccines as well as other phishing scams.
SABRIC CEO Nischal Mewalall says: “Amendments to grant distribution processes, the increased use of deviations in procurement processes and the availability of relief funding to businesses and employers will make South Africa even more vulnerable to corruption, armed robberies, application and procurement fraud in 2020 and beyond.”
SABRIC has warned that cybercriminals are exploiting the spread of the coronavirus by using “coronamania” panic to spread scams through phishing and SMS phishing.
Mc Loughlin says that cybercriminals are using SMS phishing, more commonly known as ‘SMishing’, to trick victims into clicking on a link disguised as information on a coronavirus breakout in their area to steal credentials. “Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the coronavirus.”
According to the World Economic Forum, cybercrime remains one of the greatest threats to global prosperity and is expected to cost the global economy $2.9 million every minute in 2020.
He adds that cybercriminals will also create fake news, links and stories to incite rage and spread these via platforms such as WhatsApp. “As unsuspecting people share fake news and malicious websites, these criminals expand their reach, which stems back to common attack methods that use our built-in fear and uncertainty to trick us to click.”
While investigations are pending from South Africa’s largest data leak, Experian won’t be held liable as the POPI Act allows companies to comply with its new rules by 1 July 2021. Depending on how serious a breach is, the new Act makes provision for fines of up to R10-million ($597,000) and a jail sentence of up to 10 years.
By Nafisa Akabor