Scamming is on the rise globally and hackers and scammers are becoming more sophisticated. Sadly, South Africa is among the top countries being targeted, and lower-digital literacy makes falling for the scams easy.
“It’s a huge headache for Chief Technical Officers (CTOs) and IT managers in both corporates and SMEs, who are finding that one of the ways scammers get access to business data is through the company’s own employees,” says ProfitShare Partners founder and CEO, Andrew Maren.
“By implementing what’s called ‘phishing’, employees unwittingly allow scammers access to their system, which ultimately impacts the company’s data and can result in data breaches, ransomware and other nefarious malware taking over company systems.”
Maren urges all SMEs to be aware of the latest trends in threats and scams by staying up to date with what’s happening across the globe by checking in regularly with The Hacker News.
“While threat actors may be operating from anywhere, they are able to target companies and, where they find an easy way into systems, those companies end up facing the full brunt of cyber criminals.”
Don’t follow that link…
A common phishing con is when you get an email that looks legit, with a bank or corporation’s logo and branding on it. By speaking to a few of your colleagues, a cybercriminal can easily use names and services that you recognise, making their entry to your system fairly easy.
“Conventional wisdom tells us that a hack or breach of your system is not so much an ‘if’ scenario, but a ‘when’. IT managers should keep training staff and ensuring they understand the latest in criminal trends,” says Maren. In the meantime, here’s what you should look for and do to avoid being the staff member who lets the hacker in the door…”
- Do not click on links, ever… Your bank or internet service provider (ISP) will not send you a link to your account, or even to theirs, for the most part. If you do get an email suggesting you contact an organisation via a link, phone the company and ask to speak to the appropriate division
- Do not trust that the phone number the message provided in the email is really that of your bank/finance facility or ISP. Rather go to their official website and make a call using that number.
- DO NOT assume a “chatbot” is safe – and do not hand over ANY info that would give scammers a chance to access your accounts or business contracts. As automation and chatbots become mainstream contact points, always be aware that they can be programmed by hackers.
- Always call your bank’s fraud department or your ISPs accounting division to check suspicious activity
“A quick glance at The Hacker News or other publications that highlight fraudulent activities will bring up important issues all staff members should be aware of. In one of the latest, threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware,” Maren warns.
“So while you’re innocently watching tutorials on YouTube, hackers are mining all your data.”
Maren urges tech staff to keep sharing the ways in which breaches can occur and checking company hardware and software regularly for irregularities. “With so many remote and hybrid workers doing their daily online business out of office, IT staff should be running solid anti-virus software on remote machines on start-up.”
Cybercrime is estimated to cost Africa $ 4 billion or R73-billion a year, and the South African economy around $ 10 billion a year. The only way to avoid becoming a statistic is to continually keep the threat of cybercrime top of mind, and take the advice of professionals to avoid it.
“Use strong passwords, and don’t use the same password for all your logins,” says Maren. “Change your passwords regularly and always log out properly when you’ve completed a talk on your system. This may sound like one of the boring parts of a job but – ignored – it could be the most costly.”