Search results: phishing

Cybercrime attacks costing more than $1,1m per minute

2 Oct

Did you know that every 60 seconds, $1,1m (R16,6m as @ 7/09/18!) is lost to cybercrime attacks? That amount of money is almost impossible to fathom, but it’s a reality! It is estimated (by RiskIQ) that a whopping 5 518 records are leaked in data breach incidents every minute. That’s hard to keep up with.

The security efforts in place, which are costing the companies that incorporate them, just aren’t working (or so it seems)!

The research carried out by RiskIQ has also uncovered the following shocking stats:

  • 1 861 individuals are scammed every 60 seconds
  • 1.5 organisations fall victim to ransomware ever 60 seconds
  • When incidents of ransomware, malware, phishing and leaked records are combined, the stats show that 2.7 million people are affected by cybercrime every 60 seconds.

The real danger comes in when organisations don’t even know that they are running vulnerable third-party code. Four vulnerable web components are discovered every 60 seconds, according to the RiskIQ stats.

An Example of how Vulnerable Third Party Code Causes Losses

A fine example of this happening is the Megacart hack. This was third party code used to access hundreds of e-commerce websites. What consumers didn’t know was that when inputting their credit cards details to make payment, their card details were being sent to a third party.

Unfortunately, there’s no way for a user to know that they are a victim to such an attack. So, what can you do to protect yourself?

  • Only make online payments via sites that you know to be reputable.
  • Always check the security of an e-commerce site before you pay.

While the cybercrime industry remains as lucrative as it is, it is expected that such cyber-attacks will only increase. Being aware of the risks and ensuring that you have various insurances in place to protect yourself from the potential losses of online payments are steps in the right direction.

Have you lost money as a result of cybercrime? Let us know about it. We would love to share stories of cybercrime to create further awareness.

 

 3 Lesser Known Online Scams

31 Jul

The internet has changed. Scams and tricks that caught people out years ago just wouldn’t work these days…or would they?

The internet is a wonderful place. It can simplify our lives and provide exceptional convenience, but that doesn’t mean that it’s not flawed. Along with the convenience comes the risk. Online scams exist and millions of people around the world have found themselves victims of these scams. It would be irresponsible to believe that the internet is a safe place.

Data scavengers

One thing is for certain, online scams and hoaxes are all designed around one basic need that hackers and criminals have, and that’s to collect data.

Once the personal data of an individual or business is obtained, that’s when purchases can be made, identities can be stolen and losses sustained. Without the right data protection and security mechanisms in place, it’s not a case of “if your data is hacked”, its more a case of “when your data is hacked”.

Phishing and Malware scams are a major problem for young and old, there’s no discrimination. It’s easy to fall victim to this when you shop online, read your email, or access your social media accounts.

It can be hard to keep track of all the online scams and hoaxes that go around each and every year, but we hope that this list provides a bit of insight into some of the lesser know. Some are old, some are new…but all of these are still highly prevalent in the online community.

Here’s our top pick of three scams that you might not have heard of yet:

Greeting Card Scam

It’s Christmas or Easter and you might be expecting a greeting card or two. With the digital age upon us, it’s not unusual to receive a greeting card in your email inbox. You open the email, click on the card and before you know it, a secret program is downloaded to your computer. You don’t think much of it and go on with your life. Maybe pop-ups appear now and then or your system is slow.

Behind the scenes, the downloaded software is quietly gathering your personal and financial information and sending it back to the criminals behind the hack.

A decent computer security system should be able to protect you against this kind of hack. Remember though, unless you personally know and recognise the sender of an email, don’t open it or click on any links and attachments.

‘You’ve Won the Lottery’ Scam

We all want to win the lottery so you will be forgiven if you find yourself falling for this one. This scam usually presents itself in the form of an email informing you that you have won a chunk of change. The initial excitement of being able to quit your job could make you overlook the fact that you haven’t bought a lottery ticket and the fact that you have to pay a processing fee to collect your prize.

You can protect yourself from this type of scam by being realistic. You should never have to pay money for a prize and if you haven’t entered a competition, don’t open emails or even respond to an SMS claiming that you have won!

Hitman Scam

Ever had your life or the life of a loved one threatened? That’s what the Hitman scam is all about. You receive an email stating that you or a family member will be kidnapped/killed if a ransom is not paid. These emails are believably threatening as they are often filled with your personal details which the criminals will have retrieved online.

You can protect yourself from this scam by limiting how much personal information you give out online and ensuring that you don’t converse with fake ransom emailers.

Many Other Online Scams Await You

Unfortunately, these three scams are just the tip of the iceberg of scams that are out there. Other popular scams include phishing email scams, Nigerian scams, bank loan and credit card scams, romance scams, fake antivirus software scams, Make-Money-Fast scams, travel scams, Bitcoin scams, fake shopping websites, and many more.

Avoid being a victim of scams. Store all your personal particulars in an off-site, data encrypted cloud account and ensure that you are always suspicious of potential threats. If something seems too good to be true or doesn’t quite sit right with you, avoid it at all costs.

SAPS warns of online scams

5 Jun

Recently the Newcastle SAPS thought it necessary to issue a public warning about online scams after noting an increase in the number of incidents where individuals were paying for cars online and never receiving the vehicles. While you might think this is a “no-brainer”, there are some who clearly don’t think the same way.

You should never pay over any money for a vehicle until you have actually seen it, but there are those who are still caught out in this way. And it’s not just the purchase of vehicles where this happens. Many have been caught out paying for items online that they just never receive, ranging from a car to a gift or even an item of clothing. The risk is real and South African’s need to be more careful when transacting online.

Tips issued by the SAPS

In an attempt to help South Africans protect themselves, the SAP have issued a few tips as follows:

  • Be smart to phishing attempts. Know without a doubt that your bank or credit card company will never contact you by telephone or email to ask you to update your personal details. If you are requested to click a link to update details, you are putting yourself at risk. Your personal information can be collected and used for fraudulent activity. Online competitions are also a great way of phishing. If you have to complete forms with your personal particulars in order to win money or an impressive prize, you might become a victim of phishing.
  • Never share or write down your PIN, password or online ID as these can be stolen and used to carry out fraudulent purchases in your name.
  • Do not save your internet banking profile and password details on your computer, and try to avoid doing online banking on any public computers.
  • Make use of the limits on your cards and accounts. This can save you major financial losses should a criminal access your accounts.
  • Only transact with reputable companies online. If you find a product that is too good to be true, it usually is. Be careful.

Newcastle SAPS Corporate Communications Officer, Captain Jabulani Ncube urges all South African’s to be aware of the risks and to take the necessary safety precautions to avoid becoming part of the statistic.

Digital tech crime in the spotlight: Interesting tricks used by card fraud criminals

22 May

At the end of 2017 the statistics on card fraud were made available to the public and how interesting they were. A quick review of the stats provided by SABRIC (South African Banking Risk Information Centre) shows that over the course of 2017, credit card fraud increased by 1% while debit card fraud actually decreased by 8.5%!

Why did debit card fraud decrease so much?

According to Kalyani Pillay, the CEO of SABRIC, debit card fraud events took a steep decline as a result of fewer lost and stolen cards. There were also fewer counterfeit cards on the market.

This doesn’t mean that fraud isn’t happening, it’s just that criminals have adjusted their tactics in order to take advantage of innovations in the banking landscape.

Here are the latest fraudsters’ tricks

SABRIC released a list of 7 of the latest tricks used by card fraudsters in South Africa at the moment.

#1. Lost and stolen card fraud
The easiest way for criminals to acquire cards is when they interfere with the physical transaction process. This usually happens at the ATM by opportunistic criminals offering to help people, or devising a way to acquire the card PIN. Cash is then drawn from the card at various machines until the daily limit is reached.

#2. Issued card not received fraud
This is when the criminal collects or intercepts a card before it is delivered to the right person. While most banks ensure that cards are delivered by courier direct to the client’s home, or that the customer personally collects the cars from their branch, some cards are sent by mail. These credit cards, loan cards, clothing and merchandise account cards and similar are then collected by the criminal.

#3. Card falsely applied for fraud
Here, the criminal gathers information on an individual and applies for credit and cards in their name, with their details. The card is then issued and used, racking up a bill which must then be paid for by the innocent party.

#4. Counterfeit card fraud
Criminals with the right equipment and software can steal information from the magnetic strip of an existing card. The information can then be used to create a false card. This is often called “card skimming” and can be done at ATMs.

#5. Speedpoint card skimming fraud
This is when criminals steal legitimate Point of Sale (POS) devices from merchants and then convert them into card skimming machines. This usually goes unnoticed as speed point machines can be replaced with similar machines that don’t belong to the actual company.

#6. Replacement card fraud
Again, theft of personal information plays a role in this type of card fraud. Criminals gather all the relevant information on an individual and then apply for a replacement card which is then handed over to them, ready to use and abuse.

#7. Card not present fraud (CNP transactions)
Certain transactions such as online purchases or mobile purchases don’t require a physical card at the point of purchase. Data breaches, phishing, and malware can be used to gather card information from various sources. This information is then used to complete online and mobile purchases and transfers.

Always make sure that your personal information is protected and that your data is securely backed up to the cloud. If you are looking for peace of mind and a secure backup option, check out the online backup system features at Soteria

Cyber threats to watch out for in 2018!

16 Jan

As time progresses, so do the techniques and abilities of hackers and opportunistic online criminals. With 2018 comes a whole host of new and improved (for the hackers that is!) cyber threats to watch out for. Be aware – you have been warned!

Cyber security challenges to be expected

Being informed and prepared is the best defence. The industry expects to see the following on the increase this year:

Large data breaches

Cyber criminals are getting more confident and this year bigger data breaches than ever before are expected to be seen. According to security expert, Marc Goodman, companies holding information on people’s browsing habits could very well become the next targets of hackers.

Cloud based ransomware

When you consider the crippling impact ransomware has had on many companies including the likes of FedEx, it’s a scary concept to consider that this could become a problem in the cloud too.

Imagine backing up your data only to have it fall victim to ransomware in the cloud. When choosing an online backup company, make sure that they offer top notch data encryption too. At Soteria Cloud you will find that we offer safe and secure data encrypted backups suitable for both home and business.

AI used for phishing

We know how easy it is to become a victim of phishing. All one has to do is be tricked into exposing their personal information and soon they will find their identity stolen. It is expected that in 2018, hackers will start using AI for phishing and to design more effective malware.

Cyber-physical attacks

This particular cyber-threat is a scary one! These attacks are expected to be aimed specifically at transport networks to cause immediate disruptions or to force owners and investors to pay for the safe return of operations and systems.

What’s disconcerting is that hackers can find ways to exploit the vulnerabilities in older models of planes, ships, trains and more.

Cryptocurrency mining

You might think that it’s the theft of cryptocurrencies that’s the risk to watch out for, but it’s not. Mining of cryptocurrency requires large amounts of computer processing power and hackers are able to steal computer processing power for their mining, by hacking into other networks.

They can breach the security of large corporations with massive computer processing power such as power plants, hospitals, airports and more. And this just means trouble for all involved.

Election tampering

We all know about the Russians hacking and tampering with the US election voting system and this is a major concern for the year(s) ahead. Hackers are expected to target voting machines, voter rolls and even the software that is used to operate them.

It’s going to be a busy year for hackers in 2018 and so it’s best to ensure that you’re prepared. Make sure that you change your passwords regularly, use complex passwords, only connect to safe and secure networks and of course, store your sensitive information in the cloud (only if it’s encrypted).

Let’s hope the experts can limit the negative impact of these cyber threat predictions this year!

SA Citizens Should Be Careful Of Fake Government Websites

22 Aug

Online fraudsters in South Africa have been at it again! On the 27th of July 2017, the ZA Central Registry issued a warning regarding fake SA government websites and email addresses.

These fake sites are being set up and used to try and trick the public into divulging personal and sensitive information. The aim of this particular type of scam is to acquire people’s user names, passwords, ID numbers, financial information and more. This information is then used for identity theft and fraudulent purchases.

Those who are applying for government tenders or dealing with government departments are most at risk. This type of scam is called cybersquatting.

Cybersquatting? What Is That?

Cybersquatting is not your regular identity theft scam. This particular online scam runs a little deeper. It involves ‘scamsters’ who register a well-known or trusted brand name as a website URL.

The main objective of the scam is to sell the registered domain name for a profit. The problem that arises from this is that fraudulent activity can and does get run from many of these websites. A website domain name that seems legitimate is more likely to trick unsuspecting online users, which would certainly seem to be the case!

How Has Cybersquatting Affected the SA Government?

In the case of the SA government, it would appear that cybercriminals have made contact with members of the public and directed them back to fraudulent websites that, for all intents and purposes, look just like an official government website.

The contact is typically made via email where a link is clicked, a scam we are all too familiar with: phishing!

Members of the public are urged to take a moment to scrutinise the links that they receive before clicking on them. Making sure that the website URL is in fact an official government domain is essential. Official government website URLs in South Africa will end with “.gov.za”. If the website URL ends in “.co.za” or “.com” or anything else, it is most certainly not an official government website.

What To Do If A Website Appears To Be Fraudulent

Members of the public can do their part to protect fellow South Africans from the damaging effect of fraudulent websites. First and foremost, the website URL should be reported to the ISP (internet service provider). You can also ask the ISPA (Internet Service Providers’ Association) for assistance.

It is up to each and every online user to protect their personal data and to ensure that others don’t fall victim to potential threats and scams! That includes ensuring that you don’t supply personal data to unknown sources and that you protect all of your data on your devices too.

Need more tips and advice on how to avoid being a victim of cybercrime? Let us know – we would love to assist!

Card Fraud is Rife in SA, but SA Has One of the Best Card Fraud Regulations

13 Jun

Unfortunately card fraud in South Africa is a reality. Fortunately though, it’s not overly feared as both merchants and consumers are aware that card transactions are protected by the PCI DSS (Payment Card Industry Data Security Standard) which is set in place specifically to prevent fraud.

Card regulations in SA make fraud difficult, from the very first step of the transaction

Merchants and their banks are required to store credit card and debit card information securely and it has to be password protected as well as encrypted. This provides a measure of compliance as well as an additional level of protection for those processing card transactions. Unfortunately, no system is impenetrable.

Most legitimate online payment systems are compliant with PCI DSS and users can take comfort in knowing that their data is encrypted when captured. Unfortunately, consumers aren’t entirely wise to the world of phishing and can find themselves providing credit card details to sites without the correct mechanisms in place.

PCI DSS insists that merchants processing cards must meet with 12 universal requirements. The rules in place are determined by big card names such as Discovery, American Express, Mastercard and Visa. The banks that these brands work with are regulated and secured.

The risk doesn’t always lie with the consumer

Updated authentication practices are continuously being introduced in SA as new threats and attempts are uncovered. Take for example the new chip cards with authentication pin that now require dual-authentication, and the recent announcement of the Mastercard biometric cards that are in the testing phase. As these changes are made, regulations in terms of card security and anti-fraud mechanisms are updated. It’s something that South Africa has been on point about.

It’s interesting to note that the majority of the risk lies with the holding bank, and not with the consumer, should fraudulent activity happen on their card. If all the safety mechanisms are in place and fraudulent transactions occur, the consumer can dispute it with the holding bank for the amount to be reversed.

Phishing is the Number One Cause of Card Fraud in SA

Unfortunately, phishing is still the number one cause of card fraud in the country and in most cases it happens when a transaction is made online, on an unfamiliar site. There are ways to determine if a website is suspicious or not. Here are a few tips:

  • There are no available contact details – if there are contact details, call the company to confirm legitimacy
  • Browse the site and look for spelling errors or anything that might imply they are not a professional company
  • Look for poor quality graphics
  • Check for the payment gateway security that they offer – it should be made visible on their payment page
  • For your own peace of mind, you can also check who the website belongs to / is registered to at the following link: https://www.registry.net.za/whois/

The South African card fraud regulations and protection plans offer a comforting level of security, but it is up to the consumer to ensure that fraud does not occur due to negligence on their part. Always check that you’re transacting on a safe and secure site or look for alternative payment options if you are worried about entering your card details into an unknown website.

Have you been a victim of card fraud? Let us know what happened and how you handled the situation.

Safeguarding Your Data from Ransomware In the Cloud

30 May

2016 seemed to be the year of ransomware and you would think that by now businesses would have it under control and be able to safeguard themselves, but that just doesn’t seem to be the case.

It may come as a surprise, but ransomware is not really new, it’s probably just never been this bad. It’s believed to have been around for more than 10 years already! Back in 2014, 3.2 million cases of ransomware were reported. These numbers are particularly surprising, as we know that many people don’t report cyber-crime, so the figures are probably considerably worse!

What’s ransomware?

Similar to the kidnapping and ransom request of humans, ransomware is a nasty little way for hackers to steal your data and then force you to pay them to return it.

It’s usually activated by means of phishing. You receive an enticing email, click on it or open an attachment and your system is contaminated with software that’s used to encrypt all the data on the computer. When you try to access your files, the computer will present a notice demanding payment in bitcoins in order to gain access to your data. It’s frustrating and there’s little to be done to reverse it once it’s happened, unless you pay the ransom (but then there’s also no guarantee that you will get anything back either).

There’s no magic cure to avoiding a ransomware attack, but one can ensure that everything is done to limit the consequences of such an occurrence.

Protect your data

In choosing to back up your data and systems your business can’t be held to ransom if your network is breached. However, your back up strategy needs to extend beyond simply keeping a copy of your data on your computer. The best solution is to rely on the cloud for storing your data.

Why is cloud storage the answer?

Cloud systems are equipped to detect, deter and destroy ransomware attacks before the criminals are able to enter the network and gain control of data. With cloud computing, you have more visibility of the potential risks and threats faced.

Cloud back up is a fail proof way of ensuring that you don’t have to pay ransoms and worry about losing data. If your system is hacked, you have a backup safe and secure in the cloud and better yet, it’s all encrypted in cloud so pesky hackers can’t do anything with it, even if they tried.

Simply signing up for cloud storage is not enough to protect your data from ransomware. Your IT team will need to do a bit more to ensure security and take full advantage of the security features offered by the cloud. Here’s a taste of what that “bit” more includes:

  • Ensure that all advanced cloud security features are understood, activated and working correctly at all times
  • Take advantage of cloud services’ disaster recovery capabilities
  • Educate all of your network users on the risks and threats and how to conduct themselves in a responsible and secure manner when making use of systems and networks.

It’s not really a case of IF ransomware will affect your business. It’s more a case of when. Make sure that you’re safeguarded against its potentially devastating effects by backing up to the cloud. Find out more about cloud backup features today. Get in touch with us at Soteria Cloud.

SA – One of The World’s Top 10 Most Targeted Countries for Travel Cyber-Crime!

16 May

Paying for travel online is commonplace these days, but there’s still some fear around online payments in South Africa, and for good reason. SA is actually one of the world’s most targeted countries for travel cyber-crime. In most instances it’s because establishments are unaware of, or uneducated in how to protect their systems and their customer data.

In March 2017 a Cyber Security CI Middle East & Africa Forum was hosted in Cape Town. A focus of the event was on educating the market on the risks faced by the South African travel and tourism industry in terms of data breaches and cyber-attacks.

As a local travel and tourism company, there are things that you need to be aware of when it comes to protecting the integrity of your stored data and deterring cyber-attacks.

The tourism market place is certainly growing in South Africa, but so is the occurrence of travel-focused cyber-attacks. It’s important for travel related companies to understand the threat and how it’s evolving and developing. The Forum was determined to help educate local businesses on how to defend and protect themselves.

Why is the SA Travel Industry at Risk to Cyber-criminals?

The challenges that the tourism industry faces in SA is that there are so many ways in which travellers can purchase flight tickets, book accommodation, book car hire and similar. It’s safe to say that any company that’s travel focused has data moving back and forth in a number of ways and in massive quantities.

It can be difficult to protect all bases, but certainly not impossible

At the Forum, the importance of encrypting data ­– one of the most important parts of any data security setup, was once again highlighted. Encryption, something that we cannot reiterate enough at Soteria Cloud.

The PCI Forum general manager mentioned a few reasons why travel and hospitality companies are caught off guard and taken advantage of. Some of these scenarios include:

  • Leaving default passwords in place after POS and system installers have completed their side of the process
  • Leaving ports open and unprotected on payment systems

One very important tip that business owners could take away from the seminar was regarding cyber-scams that involved phishing, ransomware and similar. Professionals advised that users will generally only click on emails and links that they trust. Much the same as applies to all business owners and online users in virtually any industry. At Soteria Cloud we suggest that you ask yourself whether or not you know the source of an email and if you solicited such communication. When in doubt, don’t click!

Do you run a travel and hospitality related business in South Africa?

If the answer is Yes, then you need to ask yourself some questions, such as;

  • Who installed your Point of Sale, online payment gateways and various processing systems?
  • Have you changed your passwords since your POS was installed?
  • Do you have someone professional managing your systems?
  • Do you ensure that your stored customer data is encrypted?

That’s a lot to think about and right now is as good a time as any to check! Need advice and info on how to get your systems more secure? Contact us at Soteria Cloud!

SA businesses alarmingly affected by Cybercrime

18 Apr

Cybercrime is something that has been on the radar of IT security experts for quite some time now. This type of crime presents itself in a variety of ways and can be carried out for various reasons, which include monetary gain, pushing an alternative viewpoint or even causing disruption to competitor businesses. It can even go as far as industrial espionage or trying to overthrow government offices. To say that modern cybercrime is “complex” is an understatement.

It’s astonishing to realise, that even though the majority of the business world is well-aware of cybercrime and the types of threats out there, so many still fall victim to it. On a daily basis, malware and cyber-attacks are experienced by hundreds of businesses.

One frustrating fact for experts in the field is that many attacks aren’t reported, which makes documented statistics lacking in terms of reliability. This also makes it hard to create real solutions for the threats and risks being faced.

Today’s cybercriminal is resourceful and highly effective

Cloud computing, mobile connectivity and the IoT only make the tasks of cybercriminals easier. You might prefer to believe that South Africa is excluded from the disturbing global stats, especially when they claim that daily attacks take down organisations and cause them to lose millions. According to the SABRIC (SA Banking Risk Information Centre), South Africa loses on average, R1 billion annually to cybercrime. And this amount is expected to increase at a rapid pace over the next few years.

Interesting facts about cybercrime and SA businesses

  • 32 % of businesses in SA have experienced cybercrime
  • The “bring your own device” or “bring your own application” is one of the biggest culprits of cybercrime to the SA business environment
  • Whaling is becoming a popular form of cybercrime in SA. This is phishing aimed at executives high up in the chain of command. The objective of whaling is to get these execs to reveal sensitive information in terms of access credentials, finances and personnel and customer details by means of clever social engineering cons.
  • Incorrect data storage, access controls and sharing of data is also a major cause of cybercrime in the business environment in SA. Backups done to the cloud must be encrypted and each user must be assigned limits and allowances in order to control who can and cannot access sensitive data.

In a world where cybercrime seems to be forever on the rise, it’s obvious that SA businesses need to start realising that they too are affected. If your business has not recently taken a look at its cyber security strategy and systems, now is the time! For safe, secure and affordable encrypted online data backup services, check out our business packages at Soteria Cloud today.