Tag: crime

By Vernon Pillay for IOL

Debt-IN, a debt recovery solutions partner to many South African financial services institutions, including African Bank, has announced that a ransomware attack by cybercriminals has resulted in a significant data breach of consumer and employee personal information.

It is suspected that consumer and personal information of more than 1.4 million South Africans were illegally accessed from Debt-IN servers in April this year.

It should be noted that this breach only came to light last week with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on hidden internet sites that are only accessible by a specialised web browser.

According to Debt-IN, the company is working closely with the regulator, law enforcement agencies and other cyber-security partners to rapidly gather facts, resolve the issue and provide ongoing information to clients.

Earlier on Wednesday, African Bank confirmed that one of its appointed professional debt recovery partners, Debt-IN, was targeted by cybercriminals in April 2021.

According to a statement by the bank, Debt-IN is now aware that the personal data of certain customers, including a number of African Bank Loan customers under debt review, has been compromised.

African bank said that Debt-IN is confident that no data shared post-April 1, 2021, has been compromised.

“A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact,” the bank said on Wednesday.

“We have been collaborating with Debt-IN to address this breach. We have notified the relevant regulatory authorities, and we are also in the process of alerting customers who have been affected via email and SMS.”

African Bank customers can call 0861 111 011 if they suspect any fraudulent activity on their accounts.

According to the debt recovery firm: “While the investigations are ongoing and the analysis subject to change, the findings to date show there has been no further breach and enhanced data protection measures remain securely in place.”

“The company has taken immediate and appropriate actions to reinforce existing security measures and to mitigate any further potential impacts of the breach, including assembling a team of highly regarded and globally experienced cyber breach and forensic experts to work with Debt-IN on the incident.”

“Debt-IN deeply regrets this cyberattack, and we apologise unreservedly for the inconvenience and anxiety this the data breach has caused our clients, and their customers,” says Mark Essey, CEO.

“We are taking this matter very seriously. In this age of highly sophisticated information security threats and an estimated 17 billion cyberattacks around the world every day, Debt-IN is committed to doing all it can to protect clients’ information.

 

A new fake online shop is scamming South Africans out of money by claiming to sell stolen goods recovered from the looters who ransacked stores in July’s unrest. This is according to a recent report by MyBroadband.

  • Bulksales.store was brought to the attention of MyBroadband after one of our forum members asked whether it was a scam site
  • It has one Hellopeter rating was available — a negative review from a customer claiming to have lost money and stating that the store was a scam
  • The site looks clean, with a professional-looking design
  • It carries huge discounts on premium tech products, which included products like an Xbox Series X selling for R6,000, a discount of 50% from its normal price R12,000
  • The site claims that it was selling the items “so that all looted store (sic) can get their insurance payouts”
  • Major retailers like Game, Makro, Incredible Connection, HiFi Corp, Matrix and iStore were shown on the page, implying that the recovered loot was originally from these stores, but such stores deny they are reselling stolen goods
  • Contact Us section had a warehouse address which was actually an office space
  • No contact number available, only an email address
  • Plagiarised Terms and Conditions copied largely (83%) from a business-to-business marketplace called Lantador
  • Suspicious Return/Refund section was generated using a generator tool
  • Expensive courier options with a R1,800 Express option.
  • Unusually long delivery times ranging from 3 (Express) to 31 days (Standard)
  • The support phone number was listed on Truecaller as “Scam”

Source: IOL

Giant South African retail chain Shoprite Group have tightened the screws on criminals targeting its stores.

The supermarket chain said that its efforts to prevent crime and the protect its customers and employees by employing a team of security experts comprising of ex-police officers and using technology has resulted in a 16% year-on-year decline in violent and serious crime, including armed robberies and burglaries, from July 2020 to May 2021.

The in-house team – operating from a centralised command centre – is involved in the entire process from identifying suspects to their arrest, being in court to oppose bail, working with police to ensure they have a complete and accurate docket, working with the National Prosecuting Authority and providing evidence in court, to do everything it can to ensure criminals are prosecuted.

Shoprite said crime and high risk situations are picked up through store and fleet monitoring, live information feeds and the group’s intelligence network, and security devices are immediately triggered.

When robberies do take place, the team is proving highly effective in securing arrests and prosecution, and the Group is becoming known for its capability to identify, trace and arrest suspects.

Head of Group Security & Loss Prevention, Oswald Meiring, believes Shoprite is a retail industry leader with its initiatives which are centred around a team of in-house investigators, which include former police members and detectives, with a unique mix of skills and extensive experience in commercial crime, fraud, serious and violent crime.

The team’s network includes informants, third parties working exclusively for it and an expert criminal lawyer.

The command centre team makes extensive use of technology and software systems including electronic dockets, suspect photo albums and evidence files.

A team of data and crime analysts do predictive analysis, identify suspects, and link suspects to each other and to the crime scene.

This technology, including video footage and a chain of evidence, has been critical in court proceedings.

The net result is that the investigation team made 752 court appearances, including postponements, bail, testifying and sentencing, in the 11 months from July 2020 to May 2021.

It secured 64% more guilty findings and/or convictions than the previous 12 months, amounting to 303 years and six months of prison sentences and 46 years and six months of suspended sentences.

The team has been instrumental in 200 arrests in the first 11 months of this financial year. The majority (54%) of crimes currently in court are for armed robbery, 26% are for theft and the rest include crimes such as arson, assault, looting, burglary and fraud.

As some cases were postponed in the last year due to lockdown restrictions, the team is currently in court every day.

Meiring says the Group focuses on fighting crime because it is the right thing to do as a concerned and responsible corporate citizen. “We also believe that securing arrests and sentences for crimes acts as a deterrent and ultimately reduces crime. We believe this is an important element of our contribution to make South Africa a safer environment for everyone.”

The Shoprite Group encountered specific lockdown-related challenges and benefits. Increased unemployment led to more opportunistic crimes, and mask-wearing made it more difficult to identify suspects. However, suspects couldn’t move around freely, resulting in increased arrests, while curfew hours also assisted in detecting criminal activity quicker and easier.

The Group appeals to members of the public to report any suspicious or criminal behaviour immediately and anonymously by calling its toll-free number 0800 11 88 79 or by sending an email to service@asesa.co.za.

 

By Ahmore Burger-Smidt and Nyiko Mathebula for Werkmans

President Cyril Ramaphosa has just signed the Cybercrimes Bill, which seeks to bring South Africa’s cybersecurity laws in line with the rest of the world, into law. This Bill which is now an Act of Parliament creates offences for and criminalises, amongst others, the disclosure of data messages which are harmful.

Examples of such data messages include:

  • Those which incite violence or damage to property;
  • Those which threaten persons with violence or damage to property; and
  • Those which contain an intimate image.

Other offences include cyber fraud, forgery, extortion and theft of incorporeal property. The unlawful and intentional access of a computer system or computer data storage medium is also considered an offence along with the unlawful interception of, or interference with data.

This creates a broad ambit for the application of the Cybercrimes Act which defines “data” as electronic representations of information in any form. It is interesting to note that the Act does not define “cybercrime” but rather creates a number of offences such as those canvassed above.

There is no doubt that the Cybercrimes Act will be of particular importance to electronic communications service providers and financial institutes as it imposes obligations upon them to assist in the investigation of cybercrimes, for example by furnishing a court with certain particulars which may involve the handing over of data or even hardware on application. There is also a reporting duty on electronic communications service providers and financial institutions to report, without undue delay and where feasible, cyber offences within 72 hours of becoming aware of them. A failure to do so may lead to the imposition of a fine not exceeding R50 000.

A person who is convicted of an offence under the Cybercrimes Act is liable to a fine or to imprisonment for a period of up to 15 years or to both a fine and such imprisonment as may be ordered in terms of the offence.

It is further interesting to note the impact this Act will have on businesses, especially considering its overlap with the Protection of Personal Information Act 4 of 2013 (POPIA), amongst other regulatory codes and pieces of legislation. POPIA, which deals with personal information, aims to give effect to the right to privacy by protecting persons against the unlawful processing of personal information. One of the conditions for lawful processing in terms of POPIA is security safeguards which prescribes that the integrity and confidentiality of personal information must be secured by a person in control of that information. This is prescribed by POPIA in order to prevent loss, damage or unauthorised access to or destruction of personal information. POPIA also creates a reporting duty on persons responsible for processing personal information whereby they must report any unlawful access to personal information (data breach) to the Information Regulator within a reasonable period of time.

In light of the above, companies should be cognisant of their practices especially in dealing with data or information. The value of data as an asset, the oil of the new economy, cannot be understated. To quote the CEO of Apple, Tim Cook:

“We shouldn’t ask our customers to make a trade-off between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.”

Absa suffers data breach

By Dhivana Rajgopaul for IOL

Absa has laid criminal charges against the employee behind the data breach that resulted in clients’ personal information being leaked to third parties.

“Absa has brought criminal charges against the employee, and internally the requisite consequence management has been undertaken. Absa may take further action in relation to the recipients of the data once the full scope of the leak is identified and all investigations are completed,” said the bank in a statement.

According to the bank, an employee unlawfully made customer data available to external parties.

Absa warned the affected clients through an email on November 30 which informed them their personal information had been shared with external parties.

Absa said a “small portion” of clients’ personal information was leaked, but investigations would continue.

The personal information of clients that was shared with third parties includes identity numbers, account numbers, contact details and physical address.

The bank also secured an order from the High Court to carry out search and seizure operations and secured the devices that contained the data.

According to Absa, the data on the devices was destroyed.

The bank said it would contact customers who were affected by the data breach about potentially suspicious transactions.

It has also enhanced the monitoring of customer accounts that have been affected to date as well as put in place additional control measures to minimise the risk of re-occurrence in future.

 

Beware this uncapped data scam

By Hanno Labuschagne for MyBroadband

Mobile users in South Africa should be wary of scammers claiming to offer data or airtime packages at suspiciously low prices.

An online-based scam which claimed to sell unlimited prepaid data, voice calls, and messaging bundles was recently pointed out by MyBroadband Forum members.

A party calling itself “Unlimited Prepaid Bundles” was selling several mobile products which it claimed worked on Vodacom, MTN, Cell C, and Telkom’s networks.

The scammers had also taken out sponsored ads on Facebook for these “unlimited” bundles.

Upon visiting the Facebook page for “Unlimited Prepaid Bundles”, we discovered several early warning signs of trouble.

The first was the suspiciously low pricing of the bundles, which included an uncapped monthly data bundle at R249 and yearly uncapped data at R799.

After MyBroadband lodged these queries, the Facebook page and website of the scammers were taken down.

MyBroadband notified African Bank of the site and provided the details of the bank account which was being used to scam buyers. The bank confirmed it had launched a forensic investigation into the account.

Speaking in a recent eNCA interview, police minister Bheki Cele said that there had been a notable decrease in crime in several areas during lockdown Level 3.

These include:

  • Cash-in-transit heists;
  • Bank robberies; and
  • House robberies.

However, gender-based violence is currently a major concern; he highlighted the fact that more than 38 000 women were raped in South Africa last year.

He called on community members to report any abuse or violent behaviour before a crime is committed.

Lockdown measures

Cele said operations by the SAPS would be intensified during the country’s national state of disaster.

Specific measures include:

  • The conducting of static roadblocks on all national routes and major routes in order to monitor, control and ensure adherence to the regulations;
  • The conducting of vehicle checkpoints, on provincial routes, regional routes, rail routes, main streets in order to monitor, control and ensure adherence to the regulations;
  • The conducting of high visibility patrols to monitor, control and ensure adherence to the regulations;
  • Designated investigation capacity and case management; and
  • Implementation of objects of policing, in accordance with S 205(3) of the constitution of the Republic of South Africa.

 

Keep your money safe with these tips

Be your money’s best protection by following these SABRIC tips:

Tips to prevent card not present (CNP) fraud

  • Personal information includes identity documents, driver’s licenses, passports, addresses and contact details amongst others. Always protect your personal information by sharing it very selectively and on a need to know basis only
  • Never share your confidential information which includes usernames, passwords and PIN numbers with anyone
  • Review your account statements on a timely basis; query disputed transactions with your bank immediately
  • When shopping online, only place orders with your card on a secure website
  • Register for 3D Secure
  • Implement dual authentication for all accounts and products, especially for financial services products
  • Do not send e-mails that quote your card number and expiry date
  • Do not use your information if you suspect it may have been compromised. Rather use other personal information that you have not used previously in order to confirm your identity in future
  • Register for SMS notifications to alert you when products and accounts are accessed
  • Conduct regular credit checks to verify whether someone has applied for credit using your personal information and if so, advise the credit grantor immediately
  • Investigate and register for credit related alerts offered by credit bureaus

Tips to prevent phishing and vishing

Phishing:

  • Do not click on links or icons in unsolicited e-mails
  • Do not reply to these e-mails. Delete them immediately
  • Do not believe the content of unsolicited e-mails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
  • Type in the URL (uniform resource locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage
  • Check that you are on the real site before using any personal information
  • If you think that you might have been compromised, contact your bank immediately
  • Create complicated passwords that are not easy to decipher and change them often

Vishing:

  • Banks will never ask you to confirm your confidential information over the phone
  • If you receive a phone call requesting confidential or personal information, do not respond and end the call
  • If you receive an OTP on your phone without having transacted yourself, it was likely prompted by a fraudster using your personal information. Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised
  • If you lose mobile connectivity under circumstances where you are usually connected, check whether you may have been the victim of a SIM swop

Tips for protecting your personal information

  • Don’t use the same username and password for access to banking and social media platforms
  • Avoid sharing or having joint social media accounts
  • Be cautious about what you share on social media
  • Activate your security settings which restrict access to your personal information
  • Don’t carry unnecessary personal information in your wallet or purse
  • Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email
  • Don’t write down PINs and passwords and avoid obvious choices like birth dates and first names
  • Don’t use any Personal Identifiable Information (PII) as a password, user ID or personal identification number (PIN)
  • Don’t use Internet Cafes or unsecure terminals (hotels, conference centres etc.) to do your banking
  • Use strong passwords for all your accounts
  • Change your password regularly and never share them with anyone else
  • Store personal and financial documentation safely. Always lock it away
  • Keep PIN numbers and passwords confidential
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so
  • To prevent your ID being used to commit fraud if it is ever lost or stolen, alert the SA Fraud Prevention Service immediately on 0860 101 248 or at www.safps.org.za
  • Ensure that you have a robust firewall and install antivirus software to prevent a computer virus sending out personal information from your computer
  • When destroying personal information, either shred or burn it (do not tear or put it in a garbage or recycling bag)
  • Should your ID or driver’s license be stolen report it to SAPS immediately

Tips for protecting yourself against SIM swops

  • If reception on your cell phone is lost, immediately check what the problem could be, as you could have been a victim of an illegal SIM swop on your number. If confirmed, notify your bank immediately
  • Inform your Bank should your cell phone number changes so that your cell phone notification contact number is updated on its systems
  • Register for your Bank’s cell phone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur
  • Regularly verify whether the details received from cell phone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately contact your bank and report all log-on notification that are unknown to you
  • Memorise your PIN and passwords, never write them down or share them, not even with a bank official
  • Make sure your PIN and passwords cannot be seen when you enter them
  • If you think your PIN and/or password has been compromised, change it immediately either online or at your nearest branch
  • Choose an unusual PIN and password that are hard to guess and change them often

Tips for carrying cash safely

Tips for individuals

  • Carry as little cash as possible
  • Consider the convenience of paying your accounts electronically (consult your bank to find out about other available options)
  • Consider making use of cell phone banking or internet transfers or ATMs to do your banking
  • Never make your bank visits public, even to people close to you

Tips for businesses

  • Vary the days and times on which you deposit cash
  • Never make your bank visits public, even to people close to you
  • Do not openly display the money you are depositing while you are standing in the bank queue
  • Avoid carrying moneybags, briefcases or openly displaying your deposit receipt book
  • It is advisable to identify another branch nearby you that you can visit to ensure that your banking pattern is not easily recognisable or detected
  • If the amount of cash you are regularly depositing is increasing as your business grows, consider using the services of a cash management company
  • Refrain from giving wages to your contract or casual labourers in full view of the public; rather make use of wage accounts that can be provided by your bank
  • Consider arranging for electronic transfers of wages to contract or casual labourer’s personal bank accounts

By Jenna Etheridge for News24

The cellphones of State Security Minister Ayanda Dlodlo, her deputy, Zizi Kodwa, and several officials in the minister’s office have been cloned, the department confirmed on Wednesday.

“It looks like the operation is happening around Gauteng, hence the matter was reported to Gauteng police who have assured us that they have allocated high-profile investigators to look into the matter,” said department spokesperson Mava Scott.

“We are hoping it will be resolved as speedily as possible.”

Scott said the department became aware of the cloning this week and was awaiting further feedback from the investigation, adding it would then take it from there.

Earlier this month, the Hawks confirmed they were investigating the theft of money out of the State Security Agency’s offices in Pretoria.

At the time, IOL reported the perpetrators had walked into a safe at the office in Lyttelton, Gauteng, at the end of January and left with classified documents, an undisclosed amount of money in local and foreign currency, as well as CCTV cameras.

Five DStv scams to avoid this Christmas

By Tom Head for The South African

If you’re a subscriber to the network, take note. At least five major DStv scams have been identified this year: here’s how to play it safe.

‘Tis the season to be cautious, folks. There are a myriad of DStv scams waiting to trip-up some unsuspecting victims this Christmas. The network have confirmed that a number of schemes have already been detected, and bosses have raced to warn South Africans about the dangers they face.

It isn’t just the technophobes and boomers that are getting duped by the sophisticated rouses, either. These DStv scams have caught-out people across the board. But what do we need to look out for?

The gift card phishing scam
Customers receive an email informing them that they’ve won a cash gift card or huge sums of prize money from a MultiChoice competition. However, targets are then asked to provide personal details in order to claim the prize. It’ll be for a competition you definitely didn’t enter, so please, don’t hand any of your information out.

The “final notice” SMS scam
Some DStv customers have received an SMS claiming to be from DStv demanding payment for a DStv Explora account. It threatens action if payment is not made today and includes banking details. However, the network do not send such crudely-worded communications. You can contact them to find out the status of your account if you feel unsure.

Recruiting for social media jobs
There are dangerous scams disguised as recruitment ads for MultiChoice. One of the most popular ones offers applicants the chance to be driven to an interview. MultiChoice does not offer such a service, under any circumstances. Use the Afrizan website to verify any offers.

The DStv Premiem upgrade scam
Opportunists are contacting customers – via email or telephone- and offering them DStv Premium for a fixed once-off fee per yea, where the customer pays the fee directly to the scammer. Customers are asked to disregard such offers, and they are asked to refrain from letting a third-party upgrade an account for them.

Say no to installation offers
Don’t let your desire for a festive bargain cloud your common sense. If someone offers you a discounted DStv subscription at a once off payment, treat this with suspicion and check it with the network. Anyone offering “free package upgrades” or “free DStv for life” in a cut-price deal will be trying to rip you off.

How to avoid these DStv scams
The network have issued the following statement, advising consumers on how they can stay safe this year:

“There are usually tell-tale signs that can help you spot if something is a scam. Like receiving an email or SMS from us claiming that you’ve won a huge prize for a DStv competition you never entered, and for which you must either pay a fee or verify yourself by sending personal details – sounds too good to be true? It probably is.”

“MultiChoice will never request your personal details via email or SMS – please do not hand over your personal information to anyone claiming to be from DStv. Always check the email address and emails containing spelling and grammatical errors. MultiChoice only use one domain for emails (multichoice.co.za).”

  • 1
  • 2
  • 5

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top