Beware spear phishing
A new sort of cybercrime is fleecing companies and institutions of millions of rands.It is known as "spear phishing" or "whaling attacks". Banks and forensic auditors have noted a marked increase in the number of incidents of such fraud over the past few months.According to forensic investigator Jacques van Heerden, spear phishing targets executives of blue-chip companies, parastatals and banks, often using their e-mail addresses.Often, explained Van Heerden, the attack could take the form of an e-mailed invoice within which malware - malicious software - was hidden."We've seen a big increase since last year, with a lot of malware attacks, which have become very sophisticated," Van Heerden said.Last week the SA Bank Risk Information Centre, the banking sector's security body, warned of an increase in whaling attacks with the launch of its #Skelm awareness campaign.Sabric information hub general manager Susan Potgieter said the amount of money lost in each attack had increased recently.Sabric estimates that cybercrime costs South Africa about R1-billion a year.In 2013, R72.9-million was lost to online banking fraud and 3872 investigations were conducted. This increased to R84.1-million in 2014, with 5151 investigations. Last year, R108.2-million was taken and 2877 investigations launched.Van Heerden said South Africa had become a prime target for international criminals.According to Sabric, widespread internet connectivity has made South Africa a preferred target for cyber criminals.It said cyber security education in this country was inadequate, and too few businesses and internet users had put in place measures to counteract such attacks.Late last year, a survey by Mimecast established that 55% of organisations globally had experienced an increase in whaling attacks.In South Africa, 52% of respondents had noted increases "in attacks designed to instigate fraudulent payments" and 39% of those surveyed had experienced attacks that asked for confidential data, such as human resources records and tax information.