Virtual identity theft - the recent experience of Experian

During the past week, Experian, one of South Africa’s largest credit bureaus, confirmed that it was scammed. It was duped into handing over data including ID numbers, telephone numbers, and physical and e-mail addresses of more than 23 million South African individuals and nearly 800,000 businesses to a pretender. Someone who convinced them that they ‘should’ be granted access to this information.

This person was GOOD! 

The transfer of information took place at the end of May. It took the company 57 days to figure out something went wrong and then another month before the matter was resolved. The company said it couldn’t alert the public because they needed to use an Anton Piller court order that relies on the element of surprise to be effective. It allows for search and seizure without warning.

South Africa's largest banks warned the public to be extra careful at this time. Even partial information can, through the deliberate and intricate dance of backwards and forwards searches, enquires and cross-referencing be used to source all of your personal information.

Scammers will repeat the information they already have back to you on the phone, asking you to confirm these details. Having won your trust, they will then ask you to provide additional, sensitive information. They will cement their ‘authenticity’ by using the same jargon or phrases from institutions that you would be familiar with. Even for experts, such as Experian, it can be difficult to distinguish between fraudsters and the real deal.

 

Experian says it has been monitoring places like the dark web (an illegal, virtual black market not accessible with regular search engines). It has enlisted the help of a leading digital forensic investigator to do so.

Insider investigations also point to the fraudster intentions: they wanted to use the information to contact consumers to offer services in the insurance and credit services arena.

What you can do to protect yourself from identity theft?

1. Avoid public WiFi hotspots. Just because it is ‘free’ and you have installed antivirus software, it does not mean you are automatically safe.
2. Use different, strong passwords. These should contain a mixture of capitals and lower case letters and numbers. Change these periodically and don’t record them where and in ways others can find them.
3. Keep an eye out for sham correspondence. Website and email addresses, WhatsApp and SMS messages, logos and layouts may look identical to the originals. (They may even have been copied or stolen.) Never give out personal information on the phone. When in doubt, say you’ll visit or contact the organisation later. Follow up as soon as possible with the institution’s fraud or communications departments. Do not provide personal or financial information via email either. No legitimate company will ask you to do so. No bank or government department would ever use a Gmail address!
4. Avoid clicking on links in unsolicited emails and be wary of email attachments. This is a favourite method scammers use to install software on your computer that collects and transmits your personal information. It can control the computer and make it do transactions automatically.
5. Use trusted sources to keep you up-to-date on scams. These have increased exponentially during the lockdown.
6. Verify charities before making donations. We all want to help during this time. Don’t help the wrong people!
7. Check your social media privacy settings. Criminals operating in cyberspace can collect a lot of data from your posts on social media.  Check all your privacy settings on Facebook, Instagram and Twitter and be careful about what you share.
8. Shred sensitive documents. Be careful about what your rubbish bin can reveal about you. It may seem ‘old school’ but it does happen!

According to a new report by consultancy firm Accenture, South Africa had the third-highest number of cybercrime victims of any country in 2019, even though we only rank 25th in terms of the size of our population.

Why?

More people are using banking Apps – fraud via mobile banking application has doubled in the past year. South Africans lost R2.2 billion in cyberattacks. Add to this that there is a lack of cybersecurity - South Africa only adopted the Cyber Crimes Bill in January 2020, and is still developing law enforcement training.

How prevalent is it?

Cybercrime is a massive problem worldwide. One report shows that about 3.5 billion people had their personal information stolen in the top two of the 15 biggest data breaches of this century alone. The smallest incident on this list involved the data of a mere 134 million people.

The 2019 Accenture report state that in South Africa, 577 malware attacks took place every hour, which is an increase of 22% from the previous year.