One in 10 South Africans fell victim to fraud in the second quarter of 2024, with phishing attacks accounting for 28% of these incidents. Phishing entails scammers impersonating reputable businesses or individuals to steal sensitive information, financial data, and passwords. While often associated with the clichéd “Nigerian prince” email scam, phishing tactics have evolved significantly, making them increasingly sophisticated and dangerous.
Jonathan Spencer, Brand and Campaign Manager at OneDayOnly.co.za, warns of a concerning rise in fraudulent activities whereby criminals create fake social media profiles that lure consumers with enticing offers of massive discounts and deals. “These profiles then direct victims to meticulously cloned websites. Unsuspecting individuals, believing they’re interacting with legitimate businesses, place orders and provide their personal information, including credit card details. These websites are so expertly crafted that they fool 53% of people into believing they are real.”
He notes that the e-commerce sector is unfortunately plagued by criminals exploiting the surge in online shopping to target consumers. “In fact, 68.4% of financial phishing attempts in South Africa occur through fake online stores. Not only do these ploys harm consumers, but also damage the reputation of trusted brands and ultimately impact the broader economy.”
Ripple effects of rip-offs
“The consequences of falling prey to these schemes can be devastating,” shares Spencer. “Stolen personal information can be exploited to open bank and retail accounts, or to commit insurance, medical aid, and unemployment insurance fraud. In some cases, criminals impersonate victims to gain unauthorised access to bank accounts and drain funds.”
Referring to the latest Online Scams in Africa Report by KnowB4, he points out that, financially, the impact is severe with 40% of people reporting that they lost approximately R1 833, while 30% were defrauded of between R1 833 and R18 329. “Sadly, nearly 9% suffered losses exceeding R18 329.”
Additionally, the report highlights that the emotional impact on victims is more profound than the financial loss. Twenty-two percent shared that it took months to recover emotionally, and for 11%, the process extended beyond a year.
“Unsurprisingly, these scams can significantly affect how consumers perceive and interact with businesses inadvertently linked to them,” explains Spencer. “The resulting damage to reputation, erosion of customer trust, and accusations of inadequate security can lead to substantial financial losses and harm a company’s bottom line. This can hinder these businesses’ ability to contribute to the economy and potentially lead to employee turnover.”
Staying safe
Outlining how consumers can protect themselves from spoofing (the creation of fake websites), and angler phishing (the impersonation of trusted sources on social media), he suggests using free online tools like WHOIS to check the age of a website and Google’s safe browsing function to assess a website’s trustworthiness.
Should businesses discover their website has been cloned, Spencer says that they can implement several countermeasures. “One immediate step is to block the clone from accessing the original site. Additionally, identifying the fake website’s hosting service, domain provider, and/or content delivery network (CDN) allows businesses to submit a domain takedown request, accompanied by evidence such as screenshots detailing the cloning attack. Proactive measures are, however, essential. E-tailers can utilise tools like Google Analytics to monitor website traffic for anomalies indicative of malicious bot activity or domain names resembling their own.”
He urges businesses and individuals who have fallen victim to website cloning to file a report with their local police station. “Under the Cybercrimes Act, offenders can face up to 15 years imprisonment and/or a hefty fine. Additionally, consumers should immediately report fraudulent transactions to their bank and the Southern African Fraud Prevention Service (SAFPS). “
“Collaboration between businesses, consumers, and law enforcement is crucial in the fight against phishing. Education, vigilance and proactivity can create a safer online environment for everyone,” he concludes.