Cybercrime trends: Over 100 reported incidents per month in SA
By Raine St.Claire
47.8 million South Africans - 78.7% of the population - used mobile devices to access the internet In 2022. This upward trend is expected to continue and by 2027 the anticipated trajectory of internet utilisation in South Africa and the ascendancy of mobile devices is expected to grow by 90%.
However, alongside this remarkable industry growth comes a concerning increase in cyber fraud. Identity theft, credit card fraud, online privacy, and scams like phishing are highlighted as major consumer concerns.
In 2023, South African companies reported around 110 cyber security incidents every month.
However, this problem is not unique to South Africa; many developing and developed nations share similar statistics regarding attacks on corporate IT systems. This dynamic risk environment rife with opportunistic fraudsters, underscores challenges both consumers and businesses face in ensuring security and positive online experiences.
Digital banking fraud skyrockets
In 2022, digital banking fraud in South Africa reached alarming levels, with cybercriminals syphoning off over millions, as reported by the South African Banking Risk Information Centre (Sabric).
Gross losses escalated from R440-million in 2021 to R740.8-million in 2022 — a staggering 68% rise in financial impact.
This surge was particularly attributed to a rise in fraud cases associated with banking applications and internet banking.
The report shed light on the prevalence of social engineering techniques and a notable increase in app-related fraud incidents, which saw a 36% rise in reported cases.
Cell phone banking
While mobile banking fraud experienced a 9% decrease between 2021 and 2022, accounting for 28% of reported digital banking crimes, manipulation of individuals, known as 'mules,' played a crucial role in digital banking fraud.
Unsuspecting individuals were targeted as intermediaries, enticed with promises of easy money or job opportunities through online advertisements or phishing schemes. Cybercriminals used several methods, including spear phishing, whaling, smishing (SMS phishing), business email compromise, vishing, pretexting, and angler phishing, often combining them in broader fraudulent schemes. Once recruited, these 'mules' were instructed to open bank accounts under their own names.
Banking App fraud
Incidents of fraud on banking apps witnessed a significant 36% increase, with cases rising from 12 254 in 2021 to 16 638 in 2022. The associated gross losses surged by 68%, reaching R363-million from R219-million in the previous year. This segment accounted for 46% of digital banking crimes, making it the most targeted area. Sabric attributed this surge to the growing number of banking application users. On average, the financial loss per incident rose from R17 647 in 2021 to R21 836 in 2022, reflecting a 24% increase.
Sabric highlighted that fraudsters employed various social engineering tactics, including vishing, where scammers posed as bank officials or service providers, manipulating victims into disclosing confidential information used for fraudulent activities. Their modus operandi involved intercepting transactional verification tokens, such as one-time PINs and transaction approval requests, achieved through manipulation during calls.
While incidents involving SIM swaps decreased significantly, Sabric noted a rise in cases involving the kidnapping or hijacking of individuals to gain unauthorised access to their banking applications under duress. Importantly, no confirmed compromise of banking applications has been reported to date in such cases.
Online banking fraud, constituting 26% of reported incidents of digital banking crime, resulted in the second-highest proportion of gross losses, reaching 47%. Phishing and vishing remained preferred methods for fraudsters to gain access to banking login details.
Silver lining
On a positive note, reported mobile banking fraud decreased by 9% from 2021 to 2022, constituting 28% of reported digital banking crimes. It boasts the lowest proportion of gross losses at only 4%, thanks to enhanced detection measures by banks. Fraudsters mainly utilised smishing, deceiving victims into revealing confidential banking information through deceptive calls or links. Similar to other digital banking fraud, mobile banking fraud may involve a SIM swap, although this decreased from 87% in 2021 to 76% in 2022.
Joining forces: Unveiling digital forensic hub to combat financial crime
The greylisting of South Africa by the Financial Action Task Force (FATF), due to shortcomings in the ability to combat financial crime, emphasised the critical need for banks to collaborate with regulators and law enforcement.
In an effort to enhance investigating and prosecuting financial crime, the Banking Association South Africa (Basa) and the South African Banking Risk Information Centre (Sabric) have collaborated with the Directorate for Priority Crime Investigation (Hawks). Together, they are establishing a Digital and Financial Forensic Analysis Centre for the directorate. This centre aims to offer advanced training to 40 senior investigators, equipping them with crucial financial forensic analysis skills. This training will enable investigators to more efficiently retrieve and analyse digital data in their pursuit of combating financial crime.
This partnership is essential to reduce the risk of the financial system being exploited for criminal activities. In addition to meeting the immediate remedial needs outlined by the FATF, the resource and training aspects of this project will, in the long run, enhance South Africa's capacity to effectively investigate and prosecute financial crimes.
ENJOY THE JANUARY 2024 EDITION OF PUBLIC SECTOR LEADERS: