Top 10 Scams in South Africa
As technology and security progresses with the times, unfortunately so does the ingenuity of the fraudster. We have compiled a list of the Top 10 latest scams in South Africa which is by no means a comprehensive one. The reason for this compilation is and always will have one purpose in mind. The best method to combat fraudsters is and always will be through the power of education.
This scam involves the victim receiving a telephone call from a fraudster claiming to be an employee of a reputable computer software company. The fraudster then convinces the victim that there is a technical issue with the victim’s computer and in order to rectify it, they need to follow instructions provided to the client telephonically.
The Fraudster attempts to manipulate an individual’s natural human tendency to trust in order to further his/her own malicious means. The hacker’s ultimate goal would be to remotely take over your computer in order to advance their own agenda by stealing credit card numbers, online banking logins or harvesting personal data for sale to identity thieves. Often these fraudsters will either attempt to gather information about you over a period of time in order to build a profile on you, as well as to build trust in order to get their “target” to reveal sensitive information.
Phishing can best be explained as a type of internet related fraud whereby a fraudster sets up a mirror image (Fake Site) such as a fake banking site which customers are lured to use. This can lead to large losses and there have been numerous instances of phishing reported in South Africa. Phishing is where you receive an email from what appears to be your bank or other financial institution requesting you to reset or confirm your security details, often by following a link. These links however will usually take you to a fake website with the aim of getting hold of your personal or financial details to defraud you. The instances of phishing seem to be rising each year. The key to stopping phishing is education as there are numerous steps that can be taken in order to prevent this from occurring.
This type of scam often goes hand in hand with the Phishing Scam. The Fraudster uses the information that he has gathered from you, for example your cell phone number and security information the Network Provider uses to verify who you are. The Fraudster then requests a SIM swop with your Network Provider. This allows the fraudster to now receive any One Time Passwords your online banking would send to you when logging in or transacting on your online profile. South African Network Providers have become more stringent on their processes when requesting SIM swops so that it has become increasingly more difficult for any Fraudster to commence a “Hostile Takeover” on your handset.
This type of scam involves a Fraudster impersonating a City of Johannesburg Official. How this scam operates is often by residents querying legitimate Utility bills for their Water and Electricity usage. The Fraudster then entices the victim by claiming that if they pay a deposit the Official will be able to reduce or completely clear the sum reflected on the victim’s utility bill. The Fraudster will even meet with the victim, with a fake copy of the victims utility bill, edited to reflect the new agreed upon sum owed. The Fraudster even has an employee Identity Card printed on a City Of Johannesburg employee card. The Fraudster claims to only accept cash in order to pay for this discount. Once the victim has paid for the “discount” the fraudster provides the victim with the fake copy of the utility bill reflecting the discounted amount owing.
The warning sign for this scam is that the Official only accepts cash for the “Discount”.
The success of this scam is in part due to the fact that these Fraudsters are often spotted on the premises of the victim where Utility Meter readings are conducted which builds a certain amount of trust in the victims mind.
When a criminal fraudulently identifies himself to the police as another individual at the point of arrest, it is sometimes referred to as criminal identity theft. This can lead to numerous ramifications such as receiving court summonses, traffic violations and/or other registered infringements as a result of the criminal identity theft. The main issue with regards to this type of identity theft is how to manage the ramifications going forward and clear the victim’s name.
Identity Thieves also often submit fake Tax Returns to the SA Revenue Service (SARS) with stolen identities. The fraudster submits the fake annual income tax return with the goal of receiving a payout from SARS.
Credit related identity theft is the most common form of identity theft. Thieves utilize the identity of a person in order to access credit or obtain more credit from financial institutions. They will either target existing credit providers to that individual or they will open up new credit facilities at banks, retail stores and other facilities in that person’s name.
Often known as credit card skimming, is the practise of copying the data within the black magnetic stripe often called the magstripe on the back of your credit card which stores your electronic data. Fraudsters copy this information and then reproduce a physical credit card with the same magnetic stripe associated with your credit account. This is known as a cloned credit card. These credit cards are then used to withdraw funds and transact from your bank account as these cards often do not require a PIN number when transacting below a certain threshold.
This type of fraud still makes the top 10 list because of how often this still occurs in South Africa. Candidates applying for positions at companies are lying on their CVs in order to be picked for the job. Often candidates lie about their qualifications on their CVs. Not only is this blatant Fraud, but companies are investing resources into their staff members. These resources are now being floundered on incapable fraudsters who are not qualified to do the job they were hired for. Another issue is these fraudsters now have access to sensitive company information which is a massive security risk as this individual can potentially commit further fraud. Ultimately the Company is the victim in this Scam, but the run on affects could potentially hurt the consumer as well.
A USB Rubber Ducky is a USB type device that is able to be inserted into a computer which then automatically launches a malicious program. It operates on the ‘trust’ protocols present between input/output devices on the computer. The USB rubber ducky ‘tells’ your computer it’s another input device such as a keyboard, which allows it to deliver a malicious program. The hacker is able to achieve different goals depending on which malicious program he has placed on the USB Rubber Ducky. Should the hacker place a keylogger as the malicious program, they can record keystrokes and passwords for login details on a computer. This is why this tool is one of the favourites among hackers or fraudsters who can purchase this device with the pre-loaded program and can potentially insert the device on company computer terminals in order to record sensitive login details to company systems.
Ransomware is a type of malware that infects a computer and then demands a ransom from the user in order to restore functionality and the users data. Ransomware usually infects a users computer from a downloaded file or a vulnerable network. The program restricts User access to their terminal and if the user does not pay the hacker, the user is threatened that all their data and the machine itself will be erased permanently. The Hacker encrypts the users files on their system so that the user is not able to access them. Users have no guarantee that the removal of the ransomware will be done once they have paid the ransom.
This has become quite a popular scam within South Africa that involves fraudulent Debit orders being deducted from individual’s bank accounts. Fraudulent Companies that usually operate in the call centre space contact consumers about products or services with the main purpose of obtaining the victims bank account details. Fraudulent debit orders are then submitted against that individual’s bank account. The debit order amounts are usually small values less than R100 so they can avoid obvious detection by the victim, as well as fall below the threshold that most consumer’s bank accounts have in order to trigger an SMS notification of the debit order going off the account. Victims Bank account details can also be obtained via other means of stealing personal information such as hacking, phishing or social engineering.