South Africa’s ‘Frontier Internet’ makes a happy hunting ground for cyber criminals
Not a day goes by without a dodgy email sneaking into my inbox. I get requests from South Africa’s ‘big four’ banks to follow links to update my bank account information. And every now and then I get ‘correspondence’ from an international bank I’ve never
Instead of fleecing people in the real world the modern cyber fiend holes up in a comfortable hotel or flat and uses technology to cleverly shift funds out of an unsuspecting victim’s bank account. Unfortunately you and I are the weak link this crook needs for his scheme to work. The typical phishing scam involves sending millions of emails in the hope of catching a single unsuspecting bank account holder. This morning’s instalment masqueraded as an important email from Absa Bank (a local bank I incidentally don’t hold an account at). “You have three important security messages from Absa Internet Banking Security team,” it urges… Really! Assuming I had an Absa account – and the syndicate hopes that a few thousand of their million emails reach someone who does – I might have been ‘tricked’ into following the link.
A real-time theft and plunder of online bank accounts
This mistake would cost me dearly. These syndicates have gone to great lengths to make sure the fraudulent Internet link leads you to an exact replica of your bank’s website. You proceed as if you are logging in to your conventional bank account, but behind the scenes a computer nerd is receiving and recording all the information you give. Within minutes they will ‘steal’ your account login username and passwords, secret words, pin codes and other bank security measures. And while you are still ‘fiddling’ with the illegal site the first of the syndicate’s runners begin cleaning out your account. They will head for the ATMs (in the event the fraud involves credit card skimming) and withdraw your daily limit, or load payments on your online account to transfer any available funds to bank accounts of their own… Yes – despite FICA and other anti-money laundering legislation the criminals are still able to open and transact on ‘illegal’ bank accounts in South Africa.
If you’re lucky you pick up on the scam immediately and contact your bank to have your account blocked. The banks have powers to reverse certain transactions so time is of the essence. Provided you alert your bank of the possible fraud soon enough most of your money can be recovered. But in the event you only discover that your account was compromised weeks down the line, all your cash will have been whisked away into cyberspace. I’ve heard horror stories about criminals who gain access to bank accounts and then sit back and watch these accounts for a few months, waiting until you receive a bonus or other big cash payment before pouncing.
The other scams I mentioned in the opening paragraph are slightly different. If you respond to Gladys from Sudan (or to one of the myriad lottery notifications) the person on the other end of the ‘attack’ will typically try to win your trust before requesting cash amounts to expedite the fund transfer. Gladys might say something like: “I am thanking you so for your assisting me. To facilitate the transfer of $5 million to your account I need to clear some old fees at the institution… I am penniless so please you help with $200 now and we will both be cared for.” The sucker might send this $200 before being sold another sob story – and another… In the early stages people are easily cajoled into sending more ‘admin’ money because they’re worried about the sunk cost of the money they have already sent. And by the time they cotton on to the scam many have lost thousands of dollars.
Companies can insure against computer hacking...
The best defence for individuals is to remain vigilant. Adopt a ‘safe rather than sorry’ attitude and become extremely stingy with bank login and other personal information. Companies would expect similar vigilance from their staff, but they have the option of insurance to cover certain cyber crime losses too. Recent cyber attacks against large organisations such as Sony, Citibank, Lockheed Martin, the UK’s National Health Service (NHS) and the International Monetary Fund (IMF) should be a wakeup call for South African business. Because the majority of our business carry no insurance for such events – and may not even know such covers exist!
Jonathan Healy, Account Manager for Professional Risks at Aon Risk Solutions, says that cyber crime costs global business an estimated $100 billion a year. “These attacks, coupled with the liability claims that companies encounter in their wake, can leave businesses in ruins if they are not properly insured against cyber crime,” he says. South Africa might be a relative newcomer to the Internet age, but as more and more unsophisticated users go online, cyber attacks are mounting. South Africa is already among the leading targets for cyber criminals, with recent statistics suggesting 7.5% of all Internet attacks are directed at our shores.
“If a company database containing personal information is compromised by a virus or hacking attack, the extent of the damage can be far reaching. If a client can verify that they have suffered a loss due to the data breach, they may hold the company responsible for the loss,” says Healy. Liability policies generally only respond to third party claims… But there are certain cyber liability policies that provide first party cover – meaning you can buy cover to protect your business in the event of a hacking attack.
The costs mount when your client data is compromised
“It is mandatory for companies situated in the United States to notify an entire database of a security breach, which can be very costly,” says Healy. “This will very soon become mandatory for South African businesses who encounter a cyber attack.” Companies that are heavily reliant on information technology and customer databases should conduct thorough risk assessments including the financial impact of a breach. This requires reassessing insurance covers too!
Healy has some advice for local business. “Companies who outsource protection and who are reliant on technology should ensure that they use reputable IT security providers who are indemnified. Businesses should ask themselves what kind of service they offer and what the business entails. For example, if they provide IT services to companies that rely on technology, and inadvertently their systems infect the client’s systems, the costs to both companies could have devastating effects. The biggest concern here, however, is the client who depends on a network to run their business.”
He also suggests investigating insurance options and implementing and maintaining firewalls. Companies should implement IT security and virus protection measures and conduct regular tests to gauge the effectiveness of these measures.
Editor’s thoughts: Cyber crime is here to stay. Today’s tech-savvy criminal has it a lot easier than the old-school ‘break and enter’ thug. He can operate anywhere in the world and remain anonymous and virtually untraceable! Have you or your company been subject to an Internet-based criminal attack of any kind? Add your comment below, or send it to gareth@fanews.co.za
