The business and private use of technology has been continuously growing for years, but the massive global switch to remote working has led to an explosion of attack surfaces, significantly increasing the opportunities for cyber-criminals to exploit.
Recent local examples, including the attack on Transnet’s port IT infrastructure, demonstrate that the constantly evolving threat landscape and the increasing sophistication of attacks means that cyber-security must remain top-of-mind.
After all, says Ilonka Badenhorst, Managing Executive at the Wireless Application Service Providers Association (WASPA), the consequences of such attacks can be severe. Anything from production and revenue losses to regulatory fines, reputational damage, and the potential shutdown of critical infrastructures may be the result.
“While security trend experts point to the fact that the threat of ransomware is becoming more targeted and sophisticated, and that cyber-criminals are now exploiting artificial intelligence (AI) for criminal gain, the simple spam email or SMS also continues to cause untold havoc,” she notes.
“Spam is usually sent for commercial purposes – promoting a product or a service – but can easily be criminal in nature instead. In such instances, it is about trying to persuade the recipient to visit a malicious website, or to disclose personal information that can be used to commit fraud.”
In fact, according to Evina’s Q1 report on fraud in South Africa, some 76% of fraudulent activity in the country last year was as a result of Clickjacking. This is where the user is tricked into clicking on a hidden payment button, which is disguised as a different button to the eyes of the user.
A further 17% of the remaining fraud is accounted for by Bypass Fraud – when you click on a fraudulent link accidentally and it short circuits the process flow, enabling payments to be made without clicks – and Spoofing. The latter is where there is the theft of the network/SIM identity of users by fraudsters, to make a payment on their behalf.
“It was with this context in mind, that we developed the SMS codes project at WASPA to help consumers fight back by launching a new feature to identify the owner of a short code, long code or USSD code – and so track down the sender of unsolicited commercial messages,” Badenhort says.
“If customers suspect fraudulent or questionable activity from a number, they have the option to send a query on the platform for assistance. These codes will be investigated and reported to the relevant service provider.”
Consumers should also make sure they understand the Protection of Personal Information Act (PoPIA) and why they need to take better care of their personal data, especially when engaging via mobile and WASPs. It is, she adds, about understanding how the service providers and mobile service platforms are managing their data and what they are unknowingly subscribing to.
A significant number of fraudulent activities occur as a result of avoidable data breaches – such as where unauthorised third parties obtain access to the personal information held by an organisation. While there is no “one-size-fits-all” approach to the appropriate organisational and security measures that should be taken, a good start can be made with proper security training.
Employees should receive training on the dangers of spam, and how easy it is to get duped into opening a link or an attachment from an unauthorised sender. And this training should also certainly extend into the e-commerce space.
Yaron Assabi, founder and CEO of omnichannel commerce enabler Digital Mall, suggests it is vital for e-commerce platforms to ensure they manage personal data with care, by giving consumers the option of removing their personal data from the platform also known as “the right to export their data or the right to be forgotten” once their transaction is complete.
“It is equally important for an effective spam response to be easily accessible to consumers. This is why we added SpamResponse platform from WMC Global. This allows users to report their experiences with unwanted or malicious messaging, with the app collecting the message date and time stamp; mobile network operator; spammer’s phone number; and links and the exact message content, sans editorial commentary,” says Assabi.
“In addition, it can collect WhatsApp, WeChat and Robocalls, while at the same time ensuring that no personal data from the enquirer is collected, meaning each report remains anonymous.”
As far as WASPA is concerned, the reality is that spam is far more of a problem than merely being unwanted or unsolicited messages. “Cyber-crime is a tangible threat that is active 24/7, and it is more vital than ever to ensure that your customers’ – and your own personal – private information is kept confidential. Measures must be put in place and steps taken to prevent such critical data being harvested via spam or any other means,” concludes Badenhorst.