R1-billion lost to cybercrime in three years

© weerapat1003 - Fotolia.com

The identity theft of businesses is used as a mechanism for fraudulent activity by perpetrators, which is making unwary South African businesses pay dearly for lack of diligence and governance.

"Identity theft is not a problem that is restricted to individuals, who may find that their personal details are being used to make transactions they are unaware of. It is also becoming an issue confronting companies that find their corporate information, both in the public domain and internally, being targeted and misused by cyber criminals.

"This becomes even more serious when the fraudsters have accomplices in key departments within a targeted company that advise them and actively assist with perpetrating fraud."

Typically, the most common techniques used by corporate identity thieves involve 'phishing' for and then using information.

Examples

• People impersonating officers of the company by using information found in the public domain, namely the company's brand and electronic letterheads
  
• Criminals who operate in the e-commerce space, copy elements of a company's identity and then establish false websites and use these to defraud customers or suppliers
  
• Those who register a company with a name that is almost identical to that of the targeted company. They then set up bank accounts in this name to funnel money into their own accounts after advising unwary suppliers about 'a change' in banking details
  
• By altering a company's correspondence, invoices or instructions after hacking a company's records - generally, payment terms are changed and the recipient is requested to pay money into bogus accounts
  
• By creating false invoices with fraudulent banking details so that funds can be easily diverted. For example, a clerk acting in good faith accepts the invoice and issues a payment instruction - including the 'new' account details in the payment instruction
  
• Thieves who pretend to be a company's bankers and use disguised correspondence and sites to gather information on customer and supplier accounts
  
• Criminals who access a company's IT systems and infiltrate pathways, copy data and undertake transactions
  
• Cyber criminals who recruit employees within a company to assist them as accomplices in undertaking fraud

"With business' growing reliance on technology, networks and the Internet, so the dangers of cybercrime will increase, with fraudsters and hackers adopting more sophisticated techniques for exploitation," continues Nyembe, who stresses that South Africa is just one country facing what is a universal, global threat.

Tips for reducing fraud

Companies can reduce the risks associated with staff colluding with criminals to perpetrate fraud by:

• Regularly reviewing internal controls and tightening them where required
  
• Recognising that it is often trusted senior employees who perpetrate fraud as they can bypass controls. Counter this through, informal audits and approval procedures that require more than a single authorisation is recommended
  
• Creating a security-culture regarding the use of computers and policies to safeguard information

Avoiding cybercrime by:

• Allocating responsibility for dealing with cybercrime with a senior official
  
• Ensuring that staff are adequately trained and aware of procedures to safeguard their documents, data and systems
  
• Using monitoring and data mining techniques to strengthen technological detection measures by identifying changes in patterns within data traffic
  
• Having the ability to deactivate and isolate all affected technology when it has been ascertained that a cyber-attack has taken place
  
• Segmenting networks so that it is more difficult to access one network through another
  
• Educating customers and suppliers about phishing scams
  
• Checking all details on invoices carefully if a supplier requests that payments are made to a new account number

It is essential that companies remain vigilant at all times to ensure that any irregularities are picked up as soon as possible.

"We understand that when fraud is perpetrated, it is imperative that the bank responds quickly to a customer's request for assistance. We also urge our customers to report incidents involving cybercrime to the police. It is only when the prevalence of these acts become known that steps can be taken to stamp this out," concludes Nyembe.