By James Browning
The last year has been shaky for South African cyber security, having seen a slew of data leaks and ransom attacks on large organisations such as Absa and Transnet.
People have been urged to be wary of scammers as this trend has continued, with pharmacy chain Dis-Chem and real estate service Averly being some of the latest victims.
Dis-Chem reported earlier this month that a security breach of a third-party database provider exposed the records of up to 3.6 million customers. The leaked information contained an individual’s first name, surname, email address and cellphone phone.
Less than a week later, South African real estate service Averly reported that a ransomware attack on a third-party database provider compromised the personal information of its customers. Averly’s online platform aims to help landlords and real estate agents identify well-behaved tenants.
The leaked information included first names, surnames, email addresses, residential addresses, Averly login information and even ID numbers. Averly’s supplier confirmed that the attackers did not access financial information.
These leaks come just two months after a TransUnion hack where millions of personal records of South Africans were exposed. In August 2020 the credit bureau Experian suffered a breach which exposed the information of as many as 24 million South Africans and almost 800 000 businesses.
Ransomware attacks (where attackers gain access and hold a system or information hostage, as was the case with TransUnion) have also become increasingly common. Organisations such as Transnet, the national Space Agency, and the justice department have all been recent victims. Even the country of Costa Rica has recently had to declare a state of emergency following sustained ransomware attacks on government systems.
While any single one of these leaks often don’t contain a wide amount of sensitive information, bad actors can buy and collect personal data until they have a staggeringly detailed profile on an individual. Scammers will then use this information to convince you they are trustworthy, and try get you to do something or share details so that they can gain access to things like your bank account.
Here is some advice for best security practices from the experts:
1. Do not click on any suspicious links.
2. Refrain from disclosing any passwords or PINs via e-mail, text or even social media platforms.
3. Change passwords often and ensure there is complexity in the configuration (ie, with the use of special characters). Cybercriminals try out millions of passwords within minutes, so if you are using a password that’s in the mega list of half a billion compromised passwords, you are running a big risk.
Also never reuse a password across different websites. Instead build a password formula that uses a combination of characters from the website you are on, meaning they won’t be easily forgotten, no matter what website you are on.
4. Ensure regular anti-virus and malware scans are performed on any electronic devices and check software is up to date. Never download anything from a website or content provider whom you don’t trust. Ransomware attacks are perpetrated via malware that runs on the victim’s computer terminal, and phishing attacks, that attempt to get the end-users to download malware on their computers, are on the rise.
5. Only provide personal information when there is a legitimate reason to do so, and even then be cautious.
6. Be aware of the latest scams. Subscribe to newsletters from cyber security blogs to remain in the know of the latest threats.
7. Use VPN when browsing the web. Virtual Private Networks (VPNs) hide your web identity, allowing you to be protected from cybercriminals.
VPNs ensure your information is encrypted, which saves you from the risks of data theft, among other things.
8. Be careful what you post. With image recognition technology growing it’s possible for anyone to upload a person’s image and use the information to either carry out advanced social engineering attacks, or to hoard information for the purpose of blackmailing or misrepresenting anything in the future.
While all this advice cover most cases, they are quite general and can leave people unsure when there is a “legitimate reason” to share information, or when a link is “suspicious”. The rule of thumb is to go directly to the source if possible and to generally be extra cautious on what and whom you trust. Even an unusual chat with a “friend” online needs to be viewed with suspicion.
The internet is a marvellous tool, keep safe, and enjoy.