Published October 2017
This subject is so relevant. This week on news24.com, it was report that hundreds of thousands of South Africans, most without knowing, have had their personal information leaked in what would be the biggest POPI breach. The week prior, one of my own staff was scammed of a month’s salary through an e-mail scam. I have had a friend’s father lose thousands of Rands on cybercrime. Once, at a presentation I did, someone who attended wrote back to me post event, and told me they had worked out my google adwords log in information by monitoring me during the presentation which was on PPC…. Someone called the White rabbit.
What is it about this type of crime that people can’t seem to fathom? I encourage everyone to share this article with their colleagues and friends and family because there is a difference between being a victim of a crime, and being a sitting duck naive to the threat.
Let me try and get everyone reading this article up to speed on the status of Cyber Crime and give a general overview on what it’s all about. In a nutshell, the Cyber Crime is defined as theft through a computer or electronic device. The Types of crimes are:
Cyber Crime is basically there for financial gain, or bragging by a hacker….
Either way, the victim suffers financially, or wastes their time, or has to replace equipment, and in some case needs to try and recover from reputational damage
Some terms you might want to hear and try to remember:
Type of attack where the perpetrator takes control of your device or information. Demanding money in exchange for its release.
Implanted malicious code on; these attacks take advantage of browser vulnerabilities: automatically download malicious code and/or viruses, resulting in a compromised site (or even your browser), pop-ups, and such things.
Malicious advertisement that attackers use to advertise on the internet, with the intent of infecting the viewer of that advertisement with malware.
Perpetrators install malware on your device via different methods and then have access to everything you do on your device, essentially monitoring your every movement.
Perpetrators set-up a fake Wi-Fi hotspot with the same name as the one you use once you connect they can monitor what you are doing online and if needs be gain access to your login information.
3rd Party device attacks
Perpetrators develop apps that users unwittingly download and use and while doing so have their sensitive information such as passwords, PINs stolen.
Premium SMS costs
Through phishing or compromised third-party apps, perpetrators use your phone, send premium rate SMS’s without your knowledge, thus draining you of credit. Very nasty.
Perpetrators can infect your device with software and make your device part of their robot network. Your own hardware then becomes part of their crime network which the perpetrators can use to attack others or make money for them online.
Okay, so you know some of the lingo for Cyber Crime, but honestly, how bad is it?
Some interesting cases – there really are a lot …
Friends for everyone!
In the biggest data breach of the year, user details of more than 412 million accounts were exposed in a data breach at FriendFinder Networks.
Yahoo, no need to search, info is out there already.
2014 breach at Yahoo that exposed a record 500 million accounts. 2016. Staying with the same company, Yahoo, then acquired by Verizon Communications believes a security breach exposed all 3 billion of its users at the time.
Clients of banks, no need to rob the branches anymore.
2016 November - Tesco Bank was forced to halt online banking hackers managed to £2.5million.
Health care not even safe.
WannaCry virus hits the NHS, 2017. Hackers causes chaos among the UK's medical system. It was only stopped when a 22-year-old security researcher from Devon managed to find the kill switch, after the NHS had been down for a number of days.
Between 2014 -2016 a group of Russian-based hackers managed to gain access to secure information from more than 100 institutions around the world. The cyber criminals used malware to infiltrate banks' computer systems and gather personal data. It was estimated that around £650 million was stolen from the financial institutions in total.
Drama at Sony Pictures.
Known to be furious about the upcoming release of communism-mocking film The Interview, North Korea (who technically denied involvement but called it a “righteous deed”) wreaked havoc on the network of developers Sony Pictures. Syphoning a glut of sensitive data, leaks of upcoming films such as Annie and Still Alice bled onto the web.
Some people just want to watch the world burn. “MafiaBoy” Calce, a 15-year old Canadian, was responsible for bringing some of the world’s biggest sites to their knees. Using an often ridiculed form of cyberattack, distributed denial-of-service (DDoS), MafiaBoy was able to disrupt online powerhouses like CNN, Amazon, eBay and Yahoo.
PlayStation not a game, for their Passwords.
Breach with no less than 77 million accounts filled with passwords, names and address were compromised. Occurring between 17th and 19th of April, forced Sony to switch off their PlayStation Network and music service Qriocity. The outage prevented any PS3 or PSP owner from accessing online content, and lasted for a total of 23 days. Sony announced shortly after that damages tallied up to $171 million (£115 million).
eBay confirmed their corporate network was the victim of a cyber attack, compromising the passwords and financial information of their 145 million active users.
TalkTalk… of the town.
Major telecommunication company TalkTalk announced that around 157,000 of its customers’ personal details were accessed, and over 15,000 bank account numbers and sort codes were stolen.
Back to South Africa.
What’s popular back home other?, bearing in mind, its reported only half of victims ever manage to recover funds in SA.
I heritance mail.
Victim gets advised they are to inherit funds, and need to place a fee to recover it.
Banking, but not with your bank.
I personally get about 3 mails a week like this, asking me to check some sort of banking issue online, asking me to log in, trying to direct me to a fake site to obtain my log in information.
The deposit scam.
A criminal orders goods or services from a business and makes a payment into the victim’s account, mostly by means of a fraudulent cheque.
The refund scam.
This scam is characterised by perpetrators requesting a quotation for a specific service or goods. ‘Payment” is then allegedly made and proof of payment is then provided for an amount that far exceeds the quotation.
What’s being done about Cybercrime and what to do when you encounter it.
In February 2017, South Africa made changes to our cybercrime bill … which are highly debated, and I am not even going to go into the pros and cons as to avoid boring my readers.
If you wish to read up on it, here are some good links:
My summary of the Bills is that any changes that give state power, should be avoided and that access to reporting channels which are independent needs to be priority.
I will reserve an article for this Bill once it is finally passed, and I have monitored how it is implemented. I mean, some penalties for offences range from 1-10 years in prison or up to a R10-million fine…. So this will be interesting to observe.
How do we protect ourselves?
My tips and advice:
Okay, so you have done all the above, and you have still been attacked?
Who do you report the issue to?
I found this link very helpful:
Published October 2017