Phishing: Impersonating officials and what to do about it


Government departments have warned businesses against being fooled by email scams for some time.

But the economic hardship from the coronavirus lockdown has increased the number of fraudulent emails circulating online.

Even the World Health Organisation has warned the public about fake emails sent in its name.

The problem with the fake emails is that cybersecurity is not a priority.

According to a 2018 report from cybersecurity leader Varonis, "58% of companies have over 100 000 folders open to everyone, and 41% have over 1 000 sensitive files open to everyone".

This means that, if one person in the corporate ecosystem lacks the necessary security and opens a dodgy email or PDF document, it could affect the company's overall security.

Over the last five years, the principal at Pienaar Consulting, Maria Pienaar, has found that companies have dramatically cut their IT and security budgets, which is a problem as it opens the company to increased cyber and phishing attacks because of more gaps in their security solutions.

She explained that there needed to be more public awareness and education "like what the banks and cellphone networks have done with the scam alerts".

"Cybersecurity must be a priority from the board level down, with closer collaboration with the business side, finance department and IT," she explained.

Investigating cybercrime has increasingly become a priority for the police and the Specialised Commercial Crimes Unit of the Hawks, which handles cybercrime and has trained over 3 000 members between 2017 and 2019.

In the 2018/19 financial year, the Hawks successfully investigated 104 cyber-related cases out of a total of 130 complaints – almost all of it leading to convictions.

In its annual report, the National Prosecuting Authority (NPA) noted the successful conviction of an IT specialist, who pleaded guilty to two counts of fraud and was sentenced to 10 years' imprisonment, three years of which were suspended.

"The accused introduced, or caused to be introduced, or loaded into the company computer system, a computer software which had the capacity to allow an unauthorised person to remotely access the company's user access codes, online bank account portal and users' online banking passwords," wrote the NPA.

Then, in October 2016, someone accessed that company's accounts and stole R703 079.

Although there has been an increase in training received by SAPS officials, Jacqueline Fick, a forensic investigator specialising in electronic fraud, believes that more needs to be done.

According to Fick, the police do not have an accurate figure of the number of cybercrime cases because "victims do not report all these instances to the police".

"Or," she said, "where the victim does report the crime, the docket is not opened. For example, a complainant is sent away, with police saying it is a commercial matter."

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Lockdown For
Voting Booth
Matric results are out! Are you happy with your child's result?
Please select an option Oops! Something went wrong, please try again later.
No, the pandemic really messed up their ability to focus
34% - 843 votes
Yes, they did well given the circumstances
66% - 1620 votes
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.