Warning over scams on the rise in South Africa

Scams are among the fastest-rising issues worrying businesses in South Africa, particularly fraudulent schemes that trick victims into giving away their account details or manipulating them into making payments.

According to the LexisNexis Risk Solutions Cybercrime Report, scams now rank as the second most common type of fraud, following third-party account takeover, and account for 16% of fraud attempts.

LexisNexis Risk Solutions emphasise that not only are financial institutions targeted, but also any services where payments can be orchestrated, goods obtained or services offered for resale.

Director of fraud and identity, EMEA at LexisNexis Risk Solutions, Jason Lane-Sellers told BusinessTech that “scammers particularly target South Africans with impersonation scams, with criminals posing as banks, law enforcement and tax authorities.”

“The introduction of new technology and initiatives… has significantly enhanced the speed and convenience of transactions [but] criminals exploit these advancements by executing high volumes of attacks and swiftly moving money out of the system,” said Lane-Sellers.

Recently, Momentum’s Cyber Security Team warned that scammers are on the rise, and exploit people’s most profound human weaknesses, evading rational thought to manipulate emotional responses.

Tactics involved

The fraud and identity expert said that criminals perceive customer interactions as the least protected area of a business, prompting them to target consumers with scams and manipulations.

When direct manipulation of a business proves unfeasible, scammers redirect their efforts toward customers.

“If they successfully manipulate someone into completing a transaction, businesses may find it challenging to distinguish it from a legitimate transaction [as] traditional fraud defences often fail to effectively counter these tactics,” said Lane-Sellers

Increasingly, criminals are seen to be using artificial intelligence (AI) for social engineering, employing deepfake voices and scripted conversations to manipulate victims.

Lane-Sellers cited an example where a grandmother was tricked into transferring money after receiving a convincing AI-generated call from someone posing as a relative in trouble – an increasing ploy used by criminals.

Challenges for organisations

With an estimated 5% of South African businesses being adequately prepared for cyberattacks, Lane-Sellers said that the biggest challenge for organisations is differentiating between normal consumer transactions and scam-initiated transactions, where victims are manipulated or coached into making payments.

“Organisations must assess their preparedness to understand and identify transactions influenced by bad actors,” said Lane-Selers.

“By understanding a genuine customer’s behaviour and normal interaction or activity profile, they can recognize anomalies and disrupt scams,” he added.

What can businesses do?

The LexisNexis Risk Solutions director said that businesses must use digital identity and persona capabilities alongside advanced behavioural intelligence and machine learning models to validate genuine user interactions versus manipulated ones.

“Companies should refocus strategies for preventing fraud from merely protecting their infrastructure to safeguarding their customers,” he said.

Analytical AI could be a possible solution, as it identifies hidden patterns in the vast amounts of data available in transactions and digital interactions.

“When used properly, AI and machine learning effectively detect patterns and behavioural anomalies that would otherwise remain concealed [which] allows organisations to transition to proactive real-time risk prevention,” said Lane-Sellers.

Going forward

As generative AI and deepfake technology evolve, they pose new challenges to traditional identity verification methods. “Transitioning to more secure technologies that protect against such manipulation in authentication and verification is essential,” said Jason Lane-Sellers.

He added that while internal education on cybersecurity has long been essential, the need for consumer awareness regarding fraud risks is now more pressing than ever.

In the UK for example, banks and financial institutions have made fraud education a central part of their messaging, advising consumers to remain vigilant against unexpected calls that solicit personal information or urge immediate action, such as downloading software or making transactions.

Lane-Sellers emphasises the importance of taking time to scrutinize every message and to consider the possibility of it being a scam.

For small and medium-sized businesses, understanding the dual nature of digital and online services is key. While these services can significantly expand customer reach, they also heighten the risk of fraud.

“Investing in appropriate technology as a preventive measure is a good start and, if properly deployed, should not disrupt the customer journey,” said Lane-Sellers.

Read: Standard Bank CEO’s R1.32 trillion problem with credit-ratings agencies