Published October 2017
This subject is so relevant. This week on News24.com it was reported that hundreds of thousands of South Africans, most without knowing, had their personal information leaked in what is the biggest POPI breach. The week prior, one of my own staff members was done out of a month’s salary through an email scam. I have had a friend’s father lose thousands of rands on cybercrime. Once, at a presentation I did, someone who attended wrote to me afterwards, informing me that they had worked out my Google Adwords log-in information by monitoring me during the presentation, which was about PPC. It was someone called the White Rabbit.
What is it about this sort of crime that people can’t seem to fathom? I encourage everyone to share this article with their colleagues, friends and family, because there is a difference between being a victim of a crime and being a sitting duck, naive to the threat.
Let me get you up to speed on the status of cybercrime and give a general overview of what it’s all about. In a nutshell, cybercrime is defined as theft through a computer or electronic device.
The types of crimes are as follows:
The objective of cybercrime is basically for financial gain or for the hacker to brag about it.
Either way, the victim suffers financially, loses time, has to replace equipment or, in some cases, has to try and recover from reputational damage.
Some terms you might want to hear and remember:
This type of attack is when the perpetrator takes control of your device or information and demands money for its release.
This type of attack implants malicious code. These attacks take advantage of browser vulnerabilities and automatically download malicious code and/or viruses, which results in a compromised site or even browser; pop-ups and such.
This type of attack is when attackers use malicious advertisement on the Internet with the intent of infecting the viewer with malware.
Perpetrators install malware on your device via different methods and then have access to everything you do on your device, essentially monitoring your every movement.
Perpetrators set-up a fake Wi-Fi hotspot with the same name as the one you use and once you connect, they can monitor what you are doing online. If need be, they can gain access to your login information.
3rd Party Device Attacks:
Perpetrators develop apps that users unwittingly download and while using the app, have sensitive information, such as passwords and pin codes, stolen.
Premium SMS Costs:
Through phishing or compromised third-party apps, perpetrators use your phone to send premium rate SMS’s without your knowledge, thus draining you of credit. Very nasty.
Perpetrators can infect your device with software and make your device part of their robot network. Your own hardware then becomes part of their crime network, which the perpetrators can use to attack others or make money for them online.
Okay, so you know some of the lingo for cybercrime, but honestly, how bad is it?
Some interesting cases – there really are a lot …
Friends for everyone:
In the biggest data breach of the year, user details of more than 412 million accounts were exposed in a data breach at FriendFinder Networks.
Yahoo, no need to search, info is out there already:
A 2014 breach at Yahoo exposed a record 500 million accounts. 2016, staying with the same company, Yahoo then acquired by Verizon Communications that a security breach exposed all 3 billion of its users at the time.
Clients of banks, no need to rob the branches anymore:
2016, November - Tesco Bank was forced to halt online banking. Hackers managed to gain £2.5million.
Health care not even safe.
WannaCry virus hit the NHS in 2017. Hackers caused chaos among the UK’s medical system. It was only stopped when a 22-year-old security researcher from Devon managed to find the kill switch, after the NHS had been down for a number of days.
Between 2014 and 2016 a group of Russian-based hackers managed to gain access to secure information from more than 100 institutions around the world. The cyber criminals used malware to infiltrate bank-computer-systems and gathered personal data. It was estimated that around £650 million were stolen from the financial institutions in total.
Drama at Sony Pictures:
Known to be furious about the upcoming release of communism-mocking film, The Interview, North Korea (who technically denied involvement but called it a “righteous deed”) wreaked havoc on the network of developers, Sony Pictures. Syphoning a glut of sensitive data, leaks of upcoming films such as Annie and Still Alice bled onto the web.
Some people just want to watch the world burn. “Mafia Boy”, a 15-year old Canadian, was responsible for bringing some of the world’s biggest sites to their knees; using an often ridiculed form of cyber-attack, distributed denial-of-service (DDoS). Mafia Boy was able to disrupt online powerhouses like CNN, Amazon, eBay and Yahoo.
PlayStation is not a game for their passwords:
A breach with no less than 77 million accounts, filled with passwords, names and addresses were compromised. It occurred between 17 and 18 April and forced Sony to switch off their PlayStation Network and music service, Qriocity. The outage prevented any PS3 or PSP owner from accessing online content and lasted for a total of 23 days. Shortly afterwards, Sony announced that damages tallied up to $171 million (£115 million).
EBay confirmed that their corporate network was the victim of a cyber-attack, which compromised the passwords and financial information of their 145 million active users.
TalkTalk… of the town:
A major telecommunication company, TalkTalk, announced that around 157,000 of its customers’ personal details were accessed and over 15,000 bank account numbers and sort codes were stolen.
Back to South Africa:
What’s popular back home? Bear in mind, it’s reported that only half of victims ever manage to recover funds in SA.
The victim gets advised that they are to inherit funds and need to place a fee to recover it.
Banking, but not with your bank:
I personally get about three of these mails a week. The email asks me to check some sort of banking issue online. It asks me to log in but directs me to a fake site, which obtains my log in information.
The deposit scam:
A criminal orders goods or services from a business and makes a payment into the victim’s account, mostly by means of a fraudulent cheque.
The refund scam:
This scam is characterised by perpetrators requesting a quotation for a specific service or goods. ‘Payment” is then allegedly made and proof of payment is then provided for an amount that far exceeds the quotation.
What’s being done about cybercrime and what to do when you encounter it?
In February 2017, South Africa made changes to our cybercrime bill, which is highly debated, but I am not even going to get into the pros and cons so as to avoid boring my readers.
If you wish to read up on it, here are some good links:
My summary of the bill is that any changes that give state power should be avoided and that access to reporting channels, which are independent, needs to be priority.
I will reserve an article for the bill once it is finally passed, and I have monitored how it is implemented. Some penalties for offences range from 1-10 years in prison or up to a R10-million fine…. So this will be interesting to observe.
How do we protect ourselves?
My tips and advice:
Okay, so you have done all the above and you were still attacked?
Who do you report the issue to?
I found this link very helpful:
Published October 2017