SASSA Grant Fraud – Cyber Hacking

R175 Million Grant Fraud Exposed at SASSA as Threats Continue

More than 26 million South Africans rely on some form of social grant to cover their basic expenses, and with the recent increases in the cost of living, this financial lifeline from the state has become a matter of survival for many families.

Unfortunately, cybercriminals may be planning to target the South African Social Security Agency (SASSA), which has recently been shown to have significant cybersecurity vulnerabilities.

In this article, we take a look at the recent R175 million cyber fraud incident reported by the agency, in light of media reports suggesting its online application system may be an open invitation for fraudsters.

Here’s what every citizen needs to know with yet another government department buckling under the pressure of the country’s growing cybercrime wave.

R175 Million Stolen in Grant Fraud

The NaughtySecGroup has reared its ugly head again, claiming responsibility for stealing R175 million from social security grants by allegedly opening a staggering 100 000 fraudulent bank accounts across the country.

The hacking group, which made headlines last year by nearly stealing TransUnion’s entire data set for South African clients, says the recent move was in retaliation for not receiving the $60 million (close to R1 billion) ransom they demanded.

If the hackers are to be believed, the safety of South Africans’ financial information and the security protocols used by banks for account opening procedures are now in question. SASSA has revealed very little information in the wake of these claims, failing to reassure the public that the situation is under control.

Researchers Spotlight SASSA’s Cybersecurity Vulnerabilities

As the social welfare agency reels from its recent brush with fraudsters, a recent article reveals that the agency may be extremely vulnerable to follow-up attacks by cybercriminals.

Two students from Stellenbosch University conducted independent research into the agency’s vulnerability status by using a random sample of ID numbers to test the agency’s online application security. The results are alarming, to say the least.

  • When testing the system with ID numbers issued to people born in 2005 – representing a relatively young cohort of citizens – the researchers found that 91% percent of these numbers were associated with grant applications.
  • Given the young age and presumed good health of the applicants, it seems highly implausible that they would all be genuine grant applicants.
  • The researchers also applied for grants through the system at a rate of 700 per minute, an action that should have triggered a security alert and prevented further applications. However, the application process continued without interruption.

In conjunction with the claim of the R175 million fraud, these findings cast serious doubt on the security protocols in place at government departments, as well as in the financial sector.

Make Secure Cloud Storage Your First Line of Defence

At a time when the institutions we typically trust to protect our personal information – such as the banks or government – are under fire for failing to prevent cyberattacks, businesses and individuals should be thinking about beefing up their data protection.

Secure cloud backup is a proven method of keeping your personal, business, and financial information out of the hands of hackers.

To raise your security level, we invite you to browse our range of secure cloud storage packages and total data protection solutions. Powered by Acronis, for businesses and households of any size, you can trust Soteria Cloud to protect your most valuable asset – your data.

A ‘Security Incident’ or hack attack? What the Twit, Twitter!

Already facing a potential Federal Trade Commission fine of $250 million after admitting to improper usage of users’ personal information in 2019, Twitter is in privacy hell! Whether or not you are an avid Twitter user, you will probably have heard that the company also suffered a recent hack attack which they classified as a security incident. According to inside reports, the attack included some high profile users such as Bill Gates and Elon Musk. What the twit, right!

Okay, hold on, let’s start at the beginning. What happened?

On the 15th of July 2020, a social attack was engineered and carried out on Twitter. According to the company, 130 Twitter accounts were attacked. The hackers used 45 of those accounts to spread Tweet posts and gained access to the inboxes of 36 others. Data was downloaded by the attackers from 7 accounts successfully.

More About the Attack

So how did the hackers ever gain access to the accounts of 130 unsuspecting users in the first place.? The answer is actually rather ambiguous as it’s both simple and complex at the same time.

Twitter has gone to great lengths to investigate what they initially referred to as “a security incident” and have found that it is the result of a small group of their employees being targeted through a phone spear-phishing attack.

What is a phone spear-phishing attack?

Quite simply, fraudsters send emails from a known or trusted sender in order to get the target to reveal confidential information. This method works more often than not as the target believes they are talking to their trusted contact, when in fact, they are not.

In order for the attackers to be successful, they needed to obtain access to the internal network where they could gather the credentials of specific employees with access to internal support permissions. To some degree, they succeeded.

Their hack, however, required a two-step approach as none of the targeted employees had all the necessary permissions that were needed by the hackers. Using the credentials of some of the employees with the right access, they were able to target 130 Twitter accounts; tweeting from 45, downloading the Twitter data of 7 and direct messaging of 36 users.

What is the Risk to You?

For the most part, the hackers were unable to access the private info in the majority of the hacked accounts (save 7 that is). Twitter confirmed the following:

  • The hackers could view user’s email addresses and cell phone numbers.
  • Hackers were unable to view previous account passwords.
  • The company is still investigating how much information the hackers gained access to from accounts that they were able to take over.

The investigation is still underway and Twitter says it will do everything it can to ensure that a similar attack doesn’t happen in the future.

Steps You Can Take

Just to be safe, you should change your Twitter password and take the time to suss out your profile for any unusual activity. Make sure that you never click on email links or attachments, even if it seems to come from a trusted source. Check with the source first as to whether or not they messaged you and why.

At Soteria Cloud, we have a tendency to repeat ourselves – with good reason. We can’t tell you often enough how important it is to change your passwords regularly and that you should be storing sensitive information in an encrypted format in the cloud.

If the Twitter hack gave you a bit of a scare (or wakeup call), perhaps now is the time to start looking into ramping up your cloud backups and device security.