By Sizwe Dlamini for IOL

Consumer, business and credit information services agency Experian has experienced a breach of data which has exposed personal information of as many as 24-million South Africans and 793 749 business entities to a suspected fraudster.

Experian confirmed in a statement on Wednesday that the breach had been reported to law enforcement and the appropriate regulatory authorities.

The company handed over information to a suspected fraudster, and the suspect had already been identified and the data deleted.

It said banks had been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers might have been exposed to the breach and to protect their personal information, even as the investigation unfolds.

Banks and SABRIC have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.

SABRIC chief executive Nischal Mewalall said the compromise of personal information could create opportunities for criminals to impersonate another person but did not guarantee access to banking profile or accounts. “However, criminals can use this information to trick you into disclosing your confidential banking details.”

“Should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder,” said SABRIC.

Consumers wanting to apply for a Protective Registration can contact SAFPS at protection@safps.org.za.

SABRIC and SAFPS urged bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications.

SAFPS chief executive Manie van Schalkwyk said: “Think of your identity information in the same way as you think of cash. Keep it safe and secure at all times, because once it is compromised, it can be used by anybody, often to impersonate you.”

It is also recommended that bank customers follow precautionary measures, including:

  • Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.
  • Change your password regularly and never share them with anyone else.
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

 

Source: De Bruyn Daly

Driving licence test centres were closed during the lockdown and even prior to that centres were running behind in renewing driver’s licences and testing first time driver’s licence applicants.

The Minister of Transport recognised these difficulties and gave motorists until August 31 to renew their licences. That has now been extended to January 31 2021 and your licence is deemed to be valid if it expired during the period from March 26 to August 31.

Check your insurance

Insurance policies require you to have a valid driver’s licence and if this is not the case, the insurer is entitled to refuse any claim made. Even if your policy doesn’t specifically require a valid driver’s licence, there could still be difficulties in making a claim without a valid licence.

It is worth contacting your insurance broker or company and getting written clarification of cover if your licence has expired or will expire this year.

Car hire

On a related topic, car hire companies will not allow car hire without a valid driver’s licence – check upfront that your “deemed valid” licence will be accepted. And as and when international travel becomes available to us again, remember that your destination country may still regard your expired licence as invalid.

Motor vehicle licence discs

All motor vehicle licence discs, temporary permits, and roadworthy certificates that expired during the period from March 26 to May 31 are deemed valid until August 31 2020.

Beware this uncapped data scam

By Hanno Labuschagne for MyBroadband

Mobile users in South Africa should be wary of scammers claiming to offer data or airtime packages at suspiciously low prices.

An online-based scam which claimed to sell unlimited prepaid data, voice calls, and messaging bundles was recently pointed out by MyBroadband Forum members.

A party calling itself “Unlimited Prepaid Bundles” was selling several mobile products which it claimed worked on Vodacom, MTN, Cell C, and Telkom’s networks.

The scammers had also taken out sponsored ads on Facebook for these “unlimited” bundles.

Upon visiting the Facebook page for “Unlimited Prepaid Bundles”, we discovered several early warning signs of trouble.

The first was the suspiciously low pricing of the bundles, which included an uncapped monthly data bundle at R249 and yearly uncapped data at R799.

After MyBroadband lodged these queries, the Facebook page and website of the scammers were taken down.

MyBroadband notified African Bank of the site and provided the details of the bank account which was being used to scam buyers. The bank confirmed it had launched a forensic investigation into the account.

Source: Talk of the Town

The SA Social Security Agency (Sassa) has warned the public not to be duped by a fake e-mail doing its rounds in which an “official” calls for people to contact its offices regarding a tender for the three-year supply of food parcels in the Free State.

Sassa spokesperson Sandy Godlwana told TimesLIVE that the agency was concerned that members of the public “will find themselves having to pay money with the hope that they will get the tender, where this is fake and a scam”.

The fake correspondence has been sent in the name of Sassa regional executive manager Themba Matlou.

“This misinformation is devoid of truth and is tantamount to causing chaos and anarchy which may lead to unrest and the undesirable consequence of damage to government property,” said Matlou in a statement issued on Monday night.

“The process to appoint service providers has just started and is only an evaluation process. Successful bidders will be duly contacted through proper channels at an appropriate time.

“The agency warns all bidders against this scam and any other bid where people purport to take money claiming they are from Sassa.

“The social relief programme is intended to assist to meet basic needs of indigent persons by means of rendering temporary and immediate material assistance in response to a crisis.We are working around the clock to ensure that suitable service providers are appointed in line with Sassa supply chain prescripts,” he said.

Speaking in a recent eNCA interview, police minister Bheki Cele said that there had been a notable decrease in crime in several areas during lockdown Level 3.

These include:

  • Cash-in-transit heists;
  • Bank robberies; and
  • House robberies.

However, gender-based violence is currently a major concern; he highlighted the fact that more than 38 000 women were raped in South Africa last year.

He called on community members to report any abuse or violent behaviour before a crime is committed.

Lockdown measures

Cele said operations by the SAPS would be intensified during the country’s national state of disaster.

Specific measures include:

  • The conducting of static roadblocks on all national routes and major routes in order to monitor, control and ensure adherence to the regulations;
  • The conducting of vehicle checkpoints, on provincial routes, regional routes, rail routes, main streets in order to monitor, control and ensure adherence to the regulations;
  • The conducting of high visibility patrols to monitor, control and ensure adherence to the regulations;
  • Designated investigation capacity and case management; and
  • Implementation of objects of policing, in accordance with S 205(3) of the constitution of the Republic of South Africa.

 

Source: MyBroadband, ESET

It’s time to file that tax return at SARS! Whilst many of us cannot wait for our refunds, this is also a time of the year where cybercriminals are waiting to attack. Sadly, with the tax season comes tax scams with cybercriminals seeking to steal your tax refund.

Carey van Vlaanderen, CEO at ESET South Africa explained: “Whilst we like to think we have become wiser to email spams and scams, cybercriminals are often in the perfect position to “fine tune” their attacks. If one attack doesn’t work, they simply adapt and improve, and then spam it out again.”

ESET offers the following tips to stay safe during the tax return season:

1. Are you worried you’re being phished? Look at the bait
Always look at who the email is from. It’s possible to fake any email address, but not all phishers are this clever – they may use a random email address that gives the game away. “Check the link that you’re supposed to click by hovering your mouse over it to display a pop-up message with the real link in it. Look closely. Does the address make sense? If any alarm bells start to ring, don’t click,” said van Vlaanderen.

2. Tax returns, invoices, wedding invitations – cybercriminals use them all
To a cybercriminal, nothing is sacred – wedding invitations, invoices and tax returns are all commonly used tactics. Always think hard before opening any attachment – even ones that seem to come from friends. It’s unlikely that SARS are asking you to refile your tax returns so please do not click.

3. Be extra careful around short URLs
If there isn’t a cap on the number of letters, why has someone shortened the link? You cannot take it for granted that URL shortening services are redirecting you to trustworthy websites.

4. Telephone numbers are not a guarantee an email is real
Do not trust professional looking emails where there is a phone contact number – this is often another cybercriminal trick. The number may work, but you will be connected to a scammer who will attempt to fool you into handing over further details.

5. Don’t auto-load images
Leave your email messages so your images aren’t automatically downloaded – otherwise you could be sending a signal to spammers. Images are often stored on the spammer’s servers and can be unique to your email. By turning on pictures in an email your computer downloads the images from the spammer’s servers, showing that you exist.

6. Is SARS really calling?
“It’s doubtful SARS will be calling you and they definitely are not going to offer any sort of gift card for filing early. If you get weird emails or phone calls, ignore them, or hang up. Always follow your gut.”

7. Encryption is the only way to go
If you file online look for encrypted websites. Make sure the website your visiting has HTTPS in front of the URL. Typically, it will have a green or grey lock showing it’s a secure connection. The last thing you want to do is share your extremely private information associated with taxes unless you’re on an encrypted website.

8. Did someone beat you to filing your tax return?
Identity theft is growing. In the USA alone, almost 60 million people have been affected – that is more than 1 in every 6 Americans. Cybercriminals will use any opportunity to monetise the effort they have taken to steal an identity, and at this time of year it’s probably tax identity theft for the purposes of tax refund fraud.

The cybercriminal’s target is not only the individual but also the tax professionals who prepare and file taxes for many clients potentially providing a single place for a cybercriminal to gain all the necessary data to file returns for many individuals.

It’s important that good data security practices and technology are in place for both individuals and tax professionals and are reviewed for effectiveness on a frequent basis.

“The next time a person or website requests personal data, ask some questions – do they really need it, how long will they store it, will it be protected, do I trust them to secure it?” said Van Vlaanderen. “The collection of personal data is, for some, a business that provides great rewards – as consumers we need to engage in the protection of our identity by being less willing to hand over our data to just about anyone who requests it.”

In a nutshell, to protect yourself, use up-to-date security software as offered by ESET, strong and unique passwords or passphrases, and encryption; and avoiding phishing scams by checking links and following your gut.

Reporting scams to the relevant authorities allows them to ascertain the scale of the issue and potentially track down the perpetrators and bring them to justice.

To find out more about ESET online security offerings, pleas click here. For more information on ESET, please visit their website, or follow them on Instagram and Facebook for updates and news.

By Bradley Prior for MyBroadband

HaveIBeenPwned has added a large data breach – involving popular writing website Wattpad – to its database of data breaches.

In June 2020, Wattpad – a website that allows users to publish their own literary content and critique the work of others – suffered a large data breach which exposed almost 270 million user records.

This data was reportedly sold to a private purchaser for $100,000, and has since reportedly been published to a public hacking forum – where it was shared broadly.

The data exposed in this breach includes names, usernames, email addresses, IP addresses, passwords, genders, and birth dates, HaveIBeenPwned said.

According to the post on the hacker website, included in the database are 145 million passwords hashed with bcrypt, and another 44-million hashed with SHA256.

“We are aware of reports that some user data has been accessed without authorisation. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” said Wattpad director of PR and communications Kiel Hume.

“From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.”

Hume said Wattpad is committed to maintaining the trust of its users “to ensure the safety and security of the Wattpad community”.

How to check if you are affected

HaveIBeenPwned allows you to check if your data was affected by data breaches including the recent breach of Wattpad.

To do this, users need to navigate to HaveIBeenPwned’s homepage and enter their email address into the search bar.

Check your email address here.

How to test your password strength

By Devon Delfino for Business Insider US

Creating and maintaining secure passwords may seem like a hassle, but it’s a modern necessity if you want to keep your information safe.

To help you understand what makes a secure password, and how to validate the strength of your password using online security tools like NordPass, here’s a quick breakdown of everything you should know about safeguarding your online identity.

How to ensure your password is secure
The core characteristics of a strong password is length (NordPass suggests 12 or more characters) and an unpredictable mix of upper and lower case letters, numbers, and symbols, with no ties to obvious personal information.

Most people are aware of the basics of password best practices: It shouldn’t include something that’s easy to guess, like names of children, birthdays, or house numbers. And you should never use commonly used passwords, or variations of them. Avoid the likes of “password” and “PaSSw0rd,” or “123456” and “123456-Devon,” for instance.

Beyond creating an unpredictable sequence of letters and numbers that meaningful to you and only you, there are other tips to help keep your password strong and secure:

  • Don’t reuse passwords: Different passwords for different accounts is always a good idea. That way, if one account is compromised, the breach is contained.
  • Don’t write your password down: While it may seem like a good idea to have a physical copy of your usernames and passwords for quick reference, this can open you up to security issues in the real world.
  • Use a password manager: A password manager is a solid tool that can help keep you organised. These store your various passwords in a secure account, and typically provide a simple solution for easily storing, managing and filling in your passwords. Some examples of password managers include NordPass and LastPass.

How to check your password’s strength and security

There are many web-based tools that can help rate your password strength, but it’s important to choose one that you trust with your credentials.

An industry-trusted password checker you can use is one from NordPass, a password management tool by the VPN service provider NordVPN.

To understand how NordPass rates your password strength, it’s important to learn the main methods hackers use to steal passwords.

These methods include:

  • Brute force attack: This is when someone tries to simply guess your username and password using trial and error, via a computer program. This allows a hacker to try many different combinations of your login information.
  • Dictionary attack: This attack type is a systematic way of guessing passwords, and typically employs commonly used passwords (like variations of “p@ssworD.”)
  • Phishing techniques: This is when someone tries to get you to reveal your personal information, like your social security number or passwords, via email or text message. The key here is that phishing scams can look like they’re coming from a company you trust or know.
  • Credential stuffing: When a companies’ security is compromised, users are left potentially open to credential stuffing. That’s when people purchase your compromised information off the dark web and then use the login from that source to try to access other accounts on popular websites. So if you re-use your passwords for multiple accounts, you can leave yourself open to this method of digital theft.

With that in mind, here’s how to use NordPass’s online strength checker tool:

  • Go to the Nordpass secure password page and click “No, use online strength checker.”
  • Input your password in the text bar.
  • Nordpass will immediately rate it for you, and provide information about your password composition, an estimate of how long it would take someone to crack your password, and if your password had been previously exposed in a data breach.

New push notification scam hits SA

Source: Business Insider SA

Push notifications allow websites to send alerts to your phone. These kind of notifications are popular for breaking news, with many media news sites sending alerts to subscribers.

You must subscribe to receive push notifications online. But criminals are building copycat sites that look like reputable platforms, and you may in fact be subscribing for harmful push notifications.

“While originally (push notifications) were meant as a tool for rapid information of users on breaking news, today they can be exploited to target shell websites visitors, filling their devices with unsolicited ads and sometimes links to potentially dangerous websites,” says cybersecurity firm Kaspersky’s Artemy Ovchinnikov.

“To achieve that, users are hoaxed into subscribing to notifications, for example, by passing subscription consent off as some other action. The victim ends up subscribed to ad deliveries, while at the same time quite unable to get rid of the annoying messages, being unaware of their source or origin.”

In the past month, Kaspersky has intercepted more than 181,000 of these unwanted push notifications to South Africans.

The good news is it’s easy to get rid of these unwanted push notifications, you don’t need specific coding skills, says Ovchinnikov. You can turn pushes off by changing your browser settings.

How to remove notifications in Google Chrome:

  • Click the menu icon (the three dots in the upper right corner of the browser)
  • Select Settings
  • Scroll down the page that opens and click Advanced
  • Among the options, go to Site Settings
  • Open Notifications
  • Under Allow, click the three-dot icon next to the address of the website from which you do not want to receive notifications
  • Select Block

You can also install a security solution on your device and avoid getting annoying notifications or scam ads by making sure you are not redirected to a fake website when you subscribe.

“Where possible, block all subscription offers, unless they come from popular and trusted websites,” says Ovchinnikov.

Inquiry into Covid-19 corruption

By Samantha Riddle for Briefly 

The Special Investigating Unit has confirmed that it will be heading an inquiry into allegations of fraud and corruption relating to Covid-19 relief.

Briefly.co.za reported that President Cyril Ramaphosa had announced the establishment of a R500-billion fund intended to fight the virus and the economic devastation that came with the national lockdown. The SIU is now waiting on the national Covid-19 proclamation to outline the mandate and remit of its probe into the fund, with the proclamation in its final drafting phase.

President Ramaphosa will now need to sign off on the proclamation before the SIU may begin to investigate allegations of corruption relating to the fund, which has absorbed 10% of SA’s GDP. When Ramaphosa had announced the package he had made it clear that expenditure would need to be accounted for, but nevertheless allegations of corruption have emerged out of the Eastern Cape and Gauteng provinces.

The South African reports that over 20 serious complaints of fraud had been recorded and are awaiting investigation. Reports have emerged of the Eastern Cape losing millions of rands to tender corruption disguised as a Covid-19 awareness campaign that never resulted in any form of outreach and cost the province R4.8 million.

In Gauteng, SIU spokesperson Kaizer Kganyago confirmed that an investigation had already started into corruption relating to personal protective equipment: “The SIU has received a lot of inquiries and a lot of allegations.

What has since happened is that we had one of the allegations that were given from the Gauteng Health [Department] in relation with the PPEs and we have started the process as we speak; the process is with the Department of Justice to try and get a proclamation.”

The proclamation would help the SIU consolidate all investigations without the need to wait for each case to receive the green light for investigation:

“When we have the proclamation we do not need to wait for a proclamation for each and every case. When an allegation comes, we can go immediately and investigate it.”

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top