Durban - A spate of scams using cloned Facebook accounts began targeting South African users. These scams which have been around in e-mail form for a while have evolved to social media.
How many of your Facebook friends have posted this message on their wall: “WARNING!! Some hackers are now taking your profile picture and your name and creating a new FB account. They then ask your friends to add them. Your friends think it is you, so they accept. From that moment on they can say and post whatever they want under your name. Please don’t accept a second friendship request from me, I have only one account.”
These hackers create a social profile like yours or take over your account and pretend to be you to people you know, send friend requests in your name, post malicious content, and then send messages asking for money. This may not only dent your reputation with your close friends and family but it can also create a bad image to employers who keep up to date with what their employees do on social platforms.
Since last year, South Africa has experienced a number of cybersecurity incidents. There has also been a serious problem with illegal “SIM swops”. In December an attack against the e-tolling website was detected early and stopped. In January last year cybercriminals managed to steal R42-million from Postbank. A South African city was also notified of a security problem which exposed ratepayer information and in March the state security agency’s Twitter account was hacked.
Earlier in May the SAPS website was hacked and information released on the internet and in June the websites of Independent Newspapers (IOL), the ANC and various Zimbabwean government and media organisations were brought down by attacks in protest against the Zimbabwean government.
Cybercrime is an international problem, but South Africa is falling behind in cybersecurity. All organisations and the government need to focus more effort on protecting customer and citizen information. The attacks on the SAPS, the ANC website and IOL show that there is a growth in online activism in Africa and South Africa. This means that governments and organisations may be subjected to attacks due to comments made that these activists take offence to.
The National Cybersecurity Policy Framework and the National Cybersecurity Hub will help in protecting organisations and individuals as they can outline best practices for cybersecurity and provide warnings of malicious online activity.
Facebook cloning may seem to be only a nuisance, and taking security precautions for your online profiles may seem a bother, but cybercrime results in significant losses to the national economy.
In May the Internet Crime Report released by the Internet Crime Complaint Centre lists South Africa as seventh in the world in terms of the reported financial loss for last year, totalling $2 692 682.45 (about R26-million), however, Norton’s Cyber Crime Report 2012 estimates that the financial impact on South Africa from direct and indirect losses due to cybercrime is in the order of billions of rand annually.
The Internet Crime Report listed South Africa as 11th in terms of the number of complaints received. This is the first time since 2007 that South Africa is not listed in the top 10 for the number of complainants or perpetrators.
Nigeria was listed as 8th and Egypt 45th in terms of reported financial loss, and 25th and 46th in terms of number of complaints.
This year’s Symantec Internet Security Threat Report provides the statistics for last year: South Africa is fourth in the world for malicious e-mails and second for e-mailed phishing attacks. In both cases the number decreased from 2011.
However, this does not mean our guard can be lowered. New technologies provide cybercriminals with new ways of conducting their scams. Viruses can now infect or be copied through social media, smart- phones, and cloud computing such as Dropbox and Google Drive.
To protect against Facebook cloning and other attacks that exploit social media, the information posted on social media profiles should be limited, and the available privacy settings can be used to restrict who can see your information. Don’t add people you don’t know and check if the “friend requests” sent to you from people you know are legitimate before accepting them (especially if you already have that person as a contact).
Basic information security measures everyone should take include making sure there is reputable antivirus software installed on your PCs, laptops, smartphones and tablets. The antivirus program should be updated at least once a day. Users should not respond to any e-mailed requests for account details, or click on any e-mailed links to a bank account. If the e-mail claims to be from a bank or company, rather contact that company directly to query the e-mail. This will also alert them if the e-mail is a scam.
If you encourage all your family and friends to follow basic online security measures with their profiles and computers, it will reduce the chance of their accounts being compromised and passing on any infections by e-mail or social media to you.
Organisations can help by providing some awareness training to all their computer users. For example, a method for cloning Facebook accounts was demonstrated at a conference in Sao Paulo in December 2011, and another method of hijacking Facebook accounts was reported in early May this year.
By alerting users to these issues and ways to protect against them, the users could take steps to protect themselves. Users should also take responsibility for protecting their personal profiles, computers, and other devices. - The Mercury
l Dr Van Niekerk is a post-doctoral scholar at the University of KwaZulu-Natal’s School of Management, Information Technology and Governance.