Hackers siphoned R250-million in banking-related crimes

Hackers using state-of-the-art technology stole and defrauded South Africans out of R250-million in a single year.

The South African Banking Risk Information Centre (Sabric)‚ in releasing the country's latest digital banking crime statistics on Thursday in Johannesburg‚ revealed that in 2017 cyber-criminals were involved in 13‚438 online‚ mobile and internet banking attacks.

The total sum siphoned off in all digital banking-related crimes during that year was R250-million.

In a statement‚ Sabric said between January and August 2018 there had been a 64% increase in such attacks‚ with a 100% increase in mobile banking app hacks‚ and nearly 50% increase in online banking attacks.

Between January and August 2018‚ cybercriminals stole more than R23.5-million in mobile banking hacks‚ R89.3-million in online banking attacks‚ and R70.1-million in banking app breaches.

Sabric's chief executive officer‚ Kalyani Pillay‚ said criminals were always looking for ways to exploit digital platforms to defraud victims.

She said because banks were deploying "robust" mitigation strategies‚ "it is easier [for criminals] to target people‚ as they are the weakest link”.

Pillay said criminals were very skilled at using social engineering to manipulate their victims into divulging their personal or confidential information.

"They capitalise on the fact that not all digital banking clients are digitally literate and exploit this vulnerability. Using technology‚ coupled with social engineering‚ criminals can gather sufficient information to impersonate victims‚ bypassing bank security protocols."

She added that in most cases‚ clients were still compromised because of phishing‚ vishing or the installation of malware onto victims’ devices.

This was done by having victims click on links‚ enabling criminals to steal sufficient personal information to access their online banking profile.

Phishing sees criminals send emails to people reportedly from reputable companies to trick them into revealing their personal information‚ including bank card details and passwords‚ while vishing occurs when criminals telephone people pretending to be from well-known businesses and con them into revealing their banking details.

Pillay said it was critical that consumers were aware that they were their money’s best protection on all digital platforms.

“We cannot stress the importance of not sharing confidential information with anyone or clicking on links in unsolicited emails.”