SA cybercriminals hack off the long arm of the law
We're losing increasing amounts to sophisticated cons, and a big part of the problem is that we're not educating ourselves
Rapidly evolving cybercrime syndicates are fleecing South Africans out of hundreds of millions of rands through hack attacks on their bank accounts and financial policies.
As the SA Banking Risk Intelligence Centre (Sabric) released its inaugural digital banking crime statistics on Thursday in Johannesburg, cybercrime security experts sounded the alarm over how uneducated the average man in the street was on such crimes.
Sabric, in its release, revealed that in 2017 cybercriminals were involved in 13,438 online, mobile and Internet banking attacks.
The total sum siphoned off in all digital banking-related crimes during that year was more than R250m.
Sabric announced that between January and August 2018 there had been a 64% increase in such attacks, with a 100% increase in mobile banking app hacks and a nearly 50% increase in online banking attacks.
Between January and August 2018, cybercriminals stole more than R23.5m in mobile banking hacks, R89.3m in online banking attacks and R70.1m in banking app breaches.
Sabric said 55% of all losses reported to it, across all crime types, occurred in online banking attacks, with online and mobile banking incidents rising from 9,918 in 2017 to 16,296 incidents in 2018.
Losses from online and mobile banking hacks between January and August 2017 rose from R171.4m to R183.1m during the same period in 2018.
When it comes to amounts lost per online attack in 2018, criminals, according to Sabric, steal on average R32,298. For mobile banking hacks, criminals made off with R2,741 per attack, while with banking app attacks, criminals steal on average in each attack R14,253.
Cybercrimes expert Danny Myburgh of Cyanre, The Digital Forensics Lab, said increasingly with the cases they were receiving, they were seeing criminals becoming more and more sophisticated in their attacks.
“They are using multiple forms of technology to launch attacks. They stalk their victims, often for months on social media, building up profiles before they launch very specific attacks using different methods such as e-mails and SMSs.”
He said while police, cyberforensic and financial institutions had done a lot to address cybercrime, criminals simply changed tactics and adopted new methods to attack victims.
“Cybercriminals are tech-savvy and, while there may be fewer attacks occurring, they are far more successful in their hacks.”
Craig Rosewarne, director at cybersecurity firm Wolfpack Information Risk, said a lack of government-driven awareness campaigns and a poorly educated public were among the main reasons for the increase in financial losses from cybercrime.
He said it was clear from the attacks that cybercriminals were well ahead when it came to the use of technology to carry out advanced hacks.
“In the past attacks would be carried out just by e-mail, but now we see criminals using different forms of technology to breach all sorts of electronic equipment which people use to do their banking.
“Criminals are specifically using social media to identify targets. They design sophisticated cons, which seem believable, and which they use to devastating effect.”
He said attacks were no longer just carried out on computers.
“Any electronic device which someone uses to do their banking is vulnerable to exploitation by these criminals.”
Cybercrimes security expert Jacques van Heerden said the problem was that very few South Africans were educated about the danger posed by cybercriminals.
“Not only are people not educated, but a lot do not seem to want to be educated. We see this from the monthly losses the banks experience. On average each bank loses over R20m a month.”
He said while cybercriminals were becoming smarter, education was vital in getting to grips with the problem.
“The country has the policing skills to combat these crimes. The problem comes down to the man in the street, who is not educated on the threats of cybercrime and criminals constantly evolving tactics.”
Sabric chief executive officer Kalyani Pillay said criminals were always looking for ways to exploit digital platforms to defraud victims.
She said because banks were deploying “robust” mitigation strategies, “it is easier [for criminals] to target people, as they are the weakest link”.
Pillay said criminals were skilled at using social engineering (social media) to manipulate their victims into divulging their personal or confidential information.
“They capitalise on the fact that not all digital banking clients are digitally literate and exploit this vulnerability.
“It’s critical that consumers are aware that they are their money’s best protection on all digital platforms. We cannot stress the importance of not sharing confidential information with anyone.”