South Africa’s Growing Challenge with Online Fraud
South Africa is facing an unprecedented proliferation in fraud incidents.
Currently ranking among the top in cybercrime density, fraudsters continue to intensify their efforts according to data from regulation bodies.
South Africa ranks fifth among countries with the highest cybercrime density, according to data from VPN provider Surfshark. The rise in digital fraud is further evidenced by The South African Banking Risk Information Centre (SABRIC), whose 2022 report shows that digital fraud in South Africa is disturbingly increasing.
In 2022, digital banking fraud increased by 24% year-on-year, mainly due to rising incidents in banking applications and internet banking. As is the case with many other regions, criminals are exploiting the growing internet penetration as customers adopt new online platforms.
Banking application fraud grew by 36% year-on-year, and the average loss per incident of online banking fraud increased by 9%. In total, losses from digital banking fraud rose to R740,847,488 (about $40.8 million) in 2022. This marks a 68% jump in financial impact.
To defraud bank customers, fraudsters use a range of tactics, including exploiting data vulnerabilities and stealing login credentials. However, social engineering techniques remain central, with two nefarious methods in particular: phishing and vishing.
Wave of phishing scams
Phishing is a pressing issue in South Africa. According to Huge Connect, phishing attacks were responsible for losses of approximately R200 million (about $11 million) in 2023, a 50% increase from the previous year.
The danger extends not only to individuals and their banking institutions but also to companies. According to Kaspersky, phishing attacks targeting corporate users increased by 134% in Q3 2023 compared to Q2 and by 16% year-on-year. Affected organizations include significant institutions; Passenger Rail Agency of South Africa (PRASA) allegedly lost about R30.6 million ($1.7 million) in a phishing scam.
Common and advanced phishing tactics
South African users face common phishing tactics. Firstly, phishing emails lure users to websites that look like legitimate bank sites (e.g., Standard Bank, ABSA,and others). Victims are then prompted to verify or update their contact details or provide other sensitive financial information (typically login details, credit card numbers, etc).
In some cases, vishing is employed to acquire a one-time password (OTP) or random verification number (RVN) necessary to conduct fraudulent transactions. Larger fraudulent schemes often involve various methods—either individually or in combination—such as spear phishing*, whaling**, smishing, business email compromise, pretexting, and angler phishing***.
Rise in AI-driven fraud
Like other regions, South Africa is experiencing a rise in AI-driven fraud. The results of the Kaspersky survey are also concerning: up to eight out of 10 South Africans cannot tell the difference between an authentic image and an AI-generated one (deepfake). This further supports the success and effectiveness of phishing, vishing (voice deepfakes), and impersonation scams. Moreover, international cybercrime syndicates are increasingly involved in the region.
Read more about AI-driven fraud
Growing threat of ransomware
Ransomware, where hackers encrypt a victim’s data and demand a ransom for its release, is another of South Africa’s acute cybersecurity problems. These attacks can be particularly destructive, are difficult to mitigate, and have seen a notable increase. According to The State of Ransomware 2023 report, published by Sophos, South Africa had the biggest increase in attack rate, with 78% of organizations hit compared to 51% in 2022.
Solution? Cooperation, education, and technology
To prevent new digital banking platforms from becoming the most convenient way for criminals to steal from bank users, South African financial institutions need to strengthen their anti-fraud measures.
There are several ways to achieve this. A multi-layered approach to fraud prevention involves collaboration between financial institutions and law enforcement agencies, increasing customer awareness, and, last but not least, investing in advanced technological solutions such as behavioral intelligence to effectively prevent even new types of fraud while maintaining maximum user convenience.
This is the only way to keep up with cybercriminals and, above all, to safeguard South African bank customers from the current wave of sophisticated online fraud.
Learn more about behavioral intelligence
* Spear phishing targets a specific person or group and often includes information of interest to the target, such as current events or financial documents.
** A whaling attack targets high-profile employees, such as the chief executive officer or chief financial officer, to steal sensitive company information.
*** Angler phishing targets social media users. A hacker creates a fake account and pretends to be a customer service employee from a specific company.