Training staff is the first line of defence, says expert.
South Africa has become a major centre for cybercrime, with ransomware, invoice hijacking and romance scams among the most common threats facing individuals and businesses.
Following LexisNexis Risk Solutions’ recent report, the company’s Jason Lane-Sellers, director for fraud and identity, said weaknesses in both the public and private sectors leave the country exposed.
“Ransomware has grown as a threat due to the rapid digitisation of services and infrastructure,” he said.
Ransomware is a form of malicious software that locks a system until a ransom is paid. And while this is not a new crime, criminals take advantage of continued poor awareness and training among staff.
“Criminals exploit this by targeting users who lack awareness. Staff training is key to countering these vulnerabilities.”
Ransomware still enters systems through e-mails or attachments that appear harmless. Once clicked, a malicious code spreads across linked networks and can quickly cripple an organisation, Lane-Sellers said.
The Citizen reported on invoice hijacking last week, where criminals intercept company invoices or payment instructions, change the banking details and divert funds.
“Impersonation fraud and the manipulation of organisational processes have merged as significant challenges,” he said.
What started in Western Europe a few years ago is now a major global problem and a growing challenge in South Africa. The scale of losses is high and trust between companies and clients is eroded, said Lane-Sellers.
“Companies can protect themselves by establishing strong internal processes that include authentication and verification checkpoints at all levels, including senior management.”
Comprehensive fraud awareness training for employees is critical as a first line of defence, he said.
Liability for stolen funds is not always clear.
“It depends on the specific process and applicable regulations. Typically, the end user bears responsibility in transactions,” he said.
Regulators in many jurisdictions are reviewing frameworks to determine accountability but, for now, companies must take responsibility for their protection. Strong process controls that cannot be bypassed and real-time monitoring of transactions by financial institutions are needed.
“It is essential to identify mule accounts being used for fraudulent purposes,” Lane-Sellers said. A money mule transfers or moves stolen funds on behalf of criminals, knowingly or not.
ALSO READ: Organised crime one of ‘the most serious threats to peace’, Cachalia warns
Technology, AI and online vulnerabilities
Governments are struggling to keep pace with digital advancement.
“The quick advancement of digital services has outpaced their ability to regulate and enforce laws. To close the gap, they must prioritise understanding the impacts of cybercrime and take decisive action.”
Sharing of data between banks and regulators about suspicious accounts is one way to improve detection. Without such cooperation, criminals continue to exploit weak oversight, Lane-Sellers said, adding that SA’s rapid digital expansion, faster payment systems and youthful population create opportunity for criminals.
“While the advancements are positive, they expose vulnerabilities criminals exploit.”
Romance scams continue to permeate, where fraudsters pretend to be in a relationship with victims online to get their money.
“They target vulnerable people, who are then often too embarrassed to report what happened. This makes the true scale of the problem difficult to measure,” Lane-Sellers said.
Dating platforms should verify users and detect unusual interactions, while banks must monitor for suspicious transactions.
Artificial intelligence can enable crimes through automated scripts, fake interactions and deepfakes.
“At the same time, it can be a powerful detection tool,” he said.
Regulation is needed to ensure AI is used responsibly to protect consumers, while still enabling innovation.
