By Tanya Waterworth and Sameer Naik
With the festive season getting under way, cybercriminals are on the prowl, and experts have warned that online shopping would be targeted.
The cybercrime rate soared during lockdown, they said, and was set to increase over the next few weeks.
This as the CyberCrime and Cybersecurity Bill was passed by Parliament on Wednesday, with the draft legislation ready to be signed into law by President Cyril Ramaphosa.
Despite many retail shops being open, many South Africans have turned to online shopping to avoid the risk of contracting the coronavirus, opening them to cybercrime attacks.
Criminals have also targeted those working from home where company IT security protection is not in place, leaving staff and companies exposed.
University of KwaZulu-Natal professor in criminology and forensic studies, Nirmala Gopal, whose research field is cybersecurity and cybercriminality, said this week that cybercriminals looked for easy targets – ordinary South Africans.
"Their modus operandi will probably be informing one of prizes they have won, or free airtime, or reduced prices of popular food and cellphone items."
She said that while there had not been aggregated data, "based on past trends, it is safe to suggest that during lockdown, cybercrime increased.
""The most prevalent methods used are phishing, spam and cyberbullying.
"Of recent, cybercriminals have infiltrated WhatsApp numbers and are scamming unsuspecting individuals through WhatsApp.
"The public should be wary of this, as well as unfamiliar emails requesting invoice payments. In this instance, the email user will try opening the email attachment which may be affected with a virus. The virus has the potential to shut down entire systems."
Gopal said many criminals worked in syndicates, many working from outside the country.
"They are highly informed of cyber laws of the country. For example, South Africa passed the Cybersecurity Bill this week. We still don't have institutionalised mechanism for prosecuting.
"In addition, the majority of South African law enforcement agencies are ill-equipped to successfully manage cybercriminality," she said, warning that "cybercriminality will see a significant increase in the next few years and unless we educate our society, South Africa is at risk".
Gopal said the respondents in her research had suggested large-scale awareness and school education on cybercrime.
"Participants also believe that the state must engage in media campaigns, similar to Covid awareness campaigns, to educate awareness."
Also highlighting the threat of increased cybercrime during the weeks ahead, cybersecurity specialist at Mimecast, Duane Nicol, said information from their Threat Intelligence Centre indicated the retail and wholesale sector remained the most targeted sector.
"This is highly likely to remain a target due to the strong financial motivation of criminals, increased e-commerce activity and the potential for data/credential exfiltration and third party compromise if an attack is successful.
"It is also safe to predict that this sector will see a continued spike throughout December due to the holiday shopping season," said Nicol.
He said that between January and October, Mimecast detected and blocked 1.02 billion malicious threats, compared to 932 million threats for the whole of last year.
In just October, 163.92 million attacks were blocked – up 22% in comparison to September.
"Threats are increasing in volume. Organisations are experiencing a surge in malware and there is currently hugely increased detection volume in the sub-Saharan Africa region in particular," he said.
IT expert, Anna Collard from KnowBe4 Africa, said cybercriminals would be licking their lips at the prospect of large numbers of online shoppers during the festive season.
"The holiday period is a bonanza for criminals who see multiple opportunities to catch unaware shoppers, particularly online. Cybercriminals are ready to exploit our blind spots during the season. For example, we are likely to make more purchases during this period and be less vigilante about charges on our accounts.
"There are more phishing and social engineering attacks, greater attempts at breaching HR departments that are particularly active toward the holidays and even fake e-commerce that will take your payment details and ship nothing but grief and regret," said Collard.
She said South Africans were “incredibly vulnerable“ to cyberattacks due to their inexperience in internet safety, often using their cellphone devices to connect, saying "whenever people flock to the internet, cybercriminals won’t be far away."
Threats include fake sites, which look like authentic companies, false deals with massive discounts or promotions, or even fake calls purporting to be from the target's bank.
Business development director and IT expert at Nclose, Stephen Osler, was also expecting a huge surge in cybercrime during the festive season.
"Unfortunately, these criminals prey on the vulnerable and people's emotions. The festive season is the perfect time to take advantage of the increase in online shopping and people's emotions, during both the pandemic and festive season."
Osker said there had been many newcomers to online shopping during lockdown.
He warned consumer to approach a new online purchase with a sceptical mind, especially specials that seemed to be too good to be true.
The objectives of the Cybercrimes Bill is "to create offences and impose penalties which have a bearing on cybercrime, to criminalise the distribution of data messages which are harmful and to provide for interim protection orders and to further regulate jurisdiction in respect of cybercrimes“.
The Bill also aims to regulate the powers to investigate cybercrimes, as well as imposing obligations on electronic communications service providers and financial institutions to assist in the investigation of cybercrimes. It also provides that the executive may enter into agreements with foreign states to promote cybersecurity.
Independent on Saturday