South Africa’s $300 million phishing bill

 ·4 May 2014
network padlock security

South Africa is the second most targeted country in the world when it comes to phishing attacks, says Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca.

With the cost of phishing in South Africa amounting to approximately $320 million (R3.3 billion) in 2013 alone and with South Africa accounting for 5% of the total volume of all phishing attacks globally, it’s not a matter of “if” you or your company are going to be a target, but “when”.

If you are not worried about phishing attacks, you should be.

Phishing is a form of e-mail deception where cyber-criminal attempts to obtain sensitive information or cause disruption to an organisation’s business operations.

Phishing can be defined as an act of sending an email to the user in order to steal his personal information such as bank account details, credit card information etc.

The most common form of phishing is, “spear phishing”, a more targeted version of phishing where an e-mail is sent that appears to be of significant interest to the targeted individual. Spear phishing often has a high success rate as it bypasses traditional security defences and exploits vulnerable software.

Most companies choose to downplay the inevitable threat that phishing attacks pose, despite the many publicised cases that have resulted in personal, corporate, financial and reputational damage.

Most, if not all businesses, spend money on external safeguards and security. They may invest in security personnel, closed circuit television cameras, alarms and perhaps on a more rudimentary level, a visitor sign-in book.  What they neglect to consider, is that threats also lurk online. Such risks can be dangerous and often devastating.

The targeted nature of spear phishing can unleash a major attack on corporate well-being and an attacker may gain access to e-mail systems, social media, banking details and corporate log-in details.

Another impact of successful phishing attacks is reputational, with the impact of the attack being almost immeasurable.  Additionally, high profile individual victims can also take hits to their reputation, which in turn harms the company’s brand.

The most effective defence against phishing attacks is prevention. To prevent, or at least cut down, on phishing attacks, businesses need to start a continual education program that implements security awareness amongst its staff.  Ignoring the pitfalls of phishing can put a company at risk.

Organisations should be educated on behavioural practices that prevent successful phishing.

By Drew van Vuuren, CEO of 4Di Privaca, a specialist Information Security and Privacy practice.

More on internet security

Banking cyber crime on the rise

Email scams: a neat trick to sniff them out

Online banking, mobile hardest hit by cyber criminals

Show comments
Subscribe to our daily newsletter