Cybercrime: how to guard against digital dangers

https://www.youtube.com/watch?v=B9QYENyo9fI

The digital landscape has become a breeding ground for sophisticated cyber threats, leaving South Africans increasingly vulnerable. As the stakes get higher, it’s imperative that you prioritise your cybersecurity awareness and adopt robust defences against identity theft, phishing scams and financial fraud.

According to iDefense, an Accenture security intelligence company, South Africa has the third-most cybercrime victims worldwide, losing more than R2-billion each year. 

Understanding the threat landscape

Types of cyber fraud

• Identity theft: This occurs when someone gains access to your personal information such as your ID number and uses it to access credit. This credit is, of course, never repaid and affects your credit record should you ever need to take out a loan or apply for a store card;


• Phishing: This happens when cybercriminals send you fraudulent emails or messages, purporting to be from the bank or a company you trust. Mogase said this is a form of social engineering that tops the list of cybercrime when it comes to individuals;


• Parcel delivery scams: Since Covid-19, consumers have increasingly adopted online shopping, which means it is now quite common to receive parcels via a delivery service. “Cyber criminals call you or email you, pretending to be an agent from a logistics company or the Post Office and say you have to pay a small fee to have your parcel delivered,” Mogase said. This is quite often a “spray and pray” approach that goes out to thousands at a time, and will include account details that are not linked to the legitimate delivery service. As Mogase points out, although the delivery fees requested may be low, the total amounts recovered from hundreds of victims adds up to a significant amount;


• Interception: A webinar viewer said he had fallen victim to this. Fraudsters intercepted his email communication with SARS and the end result was that three years’ worth of refunds were paid into the wrong bank account. Another example is receiving an email from someone you regularly make payments to, notifying you of a change in banking details. The big lesson here is to always pick up the phone and to confirm the email details before parting with funds. Mogase added that interception incidents are another form of identity theft, which is on the rise. “From a consumer point of view, you do have a responsibility to doubt, to have that zero trust." It is important to double-check and verify any form of notification you get “because sometimes, if it sounds too good to be true, then it is too good to be true, but sometimes it sounds so legitimate that you actually can fall into it. Now the question is: how do you know when to trust and when not to trust? For me, I would say that the minute there’s that undue urgency or pressure that’s exerted on you, you really need to stop and step back," she said. ;


• Deepfakes: Artificial intelligence (AI) has become a powerful tool for cybercriminals, enabling them to create convincing deepfakes that can easily deceive individuals and organisations. Deepfakes combine existing images, video or audio of a person in AI-powered deep learning software that allows for manipulation of this information into new, fake pictures, videos  and audio recordings. The software is fed images, video and voice clips of people that are processed to “learn” what makes a person unique. Deepfake technology then applies that information to other clips (substituting one person for another) or as the basis of fully new clips. Mogase cited the case of a CFO in Hong Kong who was tricked into making a $26-million payment after being convinced he was on a video call with legitimate board members, only to discover later that it was all orchestrated using deepfake technology. “I later heard the easiest way he could have confirmed their identities would have been for him to ask them to please stand up and turn around. That would have immediately showed up a superimposed face,” she said. There are AI detection tools that can also help.;


• Company impersonations: “The most common one is that they’ll phone you and say: ‘We are phoning from the bank and we’ve picked up a suspicious transaction on your account. So, to protect you from the fraud, you must do this.’ And actually, you’re playing into the fraud,” Moodley said. You have to be hypervigilant when it comes to this, because the banks are less likely to reimburse you if it turns out that you freely handed over security details or access to your account to a fraudster;


• Hacking: If your devices are accessed or stolen by someone, you can have an extra layer of protection with multifactor authentication. This works by requiring additional verification information, such as a one-time password via your email or an authentication app such as Google Authenticator or even a fingerprint reader on your laptop.  “After you’ve got your password, that asks you to confirm that you are who you really are, the most common tactic that is used is the OTP. But some could ask you to use facial recognition. Some could ask you to use your biometrics, because it’s another level of defence,” Mogase said.