Incidences of phishing are becoming increasingly commonplace and ever more sophisticated in SA.
So says Cordell Brewer, marketing director at e-mail marketing firm TouchBasePro, highlighting the recent warning by the South African Banking Risk Information Centre (Sabric) concerning an increase in phishing attempts aimed at local Internet users.
Sabric's data reveals that the number of phishing Web sites targeting local bank clients that have been detected and shut by the banks more than trebled over the tail-end of 2010 and the first months of 2011.
Clive Pillay, ombudsman for banking services, says the increasing ingenuity and deviousness of cyber crooks has resulted in a surge of complaints to his office about Internet banking. “The number of cases has risen from only 45 in 2009 to 484 last year.”
Sabric CEO Kalyani Pillay says phishing spam reported to Sabric shows that criminals are soliciting card information through e-mails to make fraudulent online purchases, since these transactions do not require the presence of the card or the cardholder.
“While this is not new, it is becoming more prevalent than before. It is clear that perpetrators are now able to solicit more personal information from bank clients than was the case previously.
“These shifts in trends signal serious changes in the phishing landscape, and it is for this reason that we urge bank clients to be extra vigilant with their personal information,” she says.
According to the RSA Online Fraud Report published in April 2011, for the 14th consecutive month, the US, UK and SA respectively comprised the top three targets that experienced the highest volume of phishing attacks.
“Though fake e-mails are often sent in the name of one of the country's big banks, they are increasingly targeting other institutions such as the South African Revenue Service. Some fraudsters are even targeting the clients of small businesses such as property rental firms,” Brewer points out.
He explains that phishers gather as much information as they can about companies and then send official-looking e-mails or letters - accurate down to the logo, address details - to clients informing them of a change in banking details.
“This often tricks unsuspecting recipients into depositing money into a scammer's bank account,” he warns.
Brewer urges South African companies that regularly communicate and interact with their customers by e-mail to introduce digital signatures to their bulk messages in order to authenticate them to their intended recipients.
“Companies should take steps to protect their valuable brands and even more valuable customers against these scams that attempt to abuse their brands,” he says.
While the major banks have their own in-house systems to authenticate their e-mails to their clients, he explains, most smaller companies do not have this technology at their disposal. By digitally signing a message, a user adds unique digital mark to the message, he adds.
Brewer is of the view that businesses should deploy technology that will allow customers to verify that an e-mail with sensitive information was actually sent by them and that it wasn't tampered with before they opened it.
Share