Cape Town - Cyber criminals employ simple strategies to steal personal and financial information, warned a cyber security expert.
Moves by banks to increase security of cards through chips and the Department of Home Affairs planning to introduce biometric scanning, have driven cyber crooks to smartphones.
“As it becomes more and more difficult to commit card fraud due to the latest technology, mobile smartphones and the dedicated apps they support have become an increasingly attractive alternative for attackers to target,” Xavier Larduinat, senior technologist at Gemalto told Fin24.
He said that cyber crooks employ four social engineering methods to target victims:
“A phishing attack is one in which the perpetrator targets a specific person or organisation,” he said.
This may take the form of e-mails addressed to specific people with topics in which they have expressed an interest. Typical examples include an e-mail from the SA Revenue Service (Sars) or your bank addressed to you with either a refund or payment notice that mimics the organisation.
“This uses company biographies and online profiles to specifically target executives or board members,” said Larduinat.
In companies, this method has proven effective in convincing junior employees to make payments to service providers at the behest of senior managers.
By specifically targeting executives, cyber crooks have also been able to compromise entire corporate networks and hold PCs to ransom.
“SMiShing is a phishing attack that uses text messages,” said Larduinat, explaining the process.
In SA, SMSs on lottery wins, traffic fines, bank deposit notifications and coupon specials are often maliciously designed to convince consumers to part with cash. Typically, when you respond to an SMS, the scammer demands a “registration fee” or “entry fee” to begin the process of extracting cash from you.
For fines or payments, scammers often pose as collection agents.
“Confidential information is solicited over the phone,” said Larduinat.
Scammers will make calls claiming to represent internet companies warning about virus infections on home computers. They can often obtain personal information from discarded mail and will typically demand payment for their “antivirus solution” which may in fact, install malicious software on home computers.
Larduinat said that identity theft plays a crucial role in perpetuating financial fraud.
“Identity theft is a fundamental component of banking fraud and enables much of the fraud seen today.
“Unlike credit cards stolen physically, which have a limited span of time until the users realise that theft has taken place and take appropriate action, victims of banking credential and identity theft often don’t discover this immediately.
This enables criminals to perform a broad range of financial transactions or contractual exchanges before the situation is remedied,” he added.
- Follow Duncan on Twitter