You’ve probably seen them countless times before; the emails telling you that there has been a problem with your bank account or your tax return or your postal delivery. You’ve probably ignored them, which is a good thing. These emails are called phishing scams, which is a great name for a thorny problem. Phishing scams are basically fishing expeditions by unsavoury characters intent on getting your banking details or other details that leave you open to electronic theft. The aim is to panic you into giving your details so you can fix the problem presented. After all, who wants to their bank accounts to be frozen or, ironically, placed at risk from fraud?
In a recent article, Memeburn cited a report by Symantec, a company which specialises in online security. One component of the report has to do with phishing and, apparently, South Africa is the most phished country in the world.
Symantec puts the global phishing figures at one phishing email per 447.9 emails. South African figures are one phishing email per 133.1 emails.
As the article states that the world is currently experiencing a decline in phishing attacks, the obvious question is why is South Africa such a prominent target?
The answer is not very clear cut.
One could suppose that web users in South Africa are perhaps more naïve than users in other countries and more likely to fall for phishing scams – which, let’s be honest, are getting very sophisticated.
From the very basic emails of a few lines and link from a few years ago, phishers now create very legitimate looking emails complete with company logos and genuine looking contact details. They’re easy to ignore if they’re not from your bank but if phishers strike it lucky and match you to your bank, the emails can make you think twice.
One could also suppose that South Africans don’t update their online security as often as they should or go without online security altogether.
This is unlikely, however, as most computers come with anti-virus, anti-spam and anti-phishing software. If they don’t then computers conduct internal scans and warn users of their lack of protection. Continually ignoring these is just careless and stupid.
Then there is the fact that most browsers also come with anti-virus and anti-phishing features. Even search engines alert you to dodgy sites.
So, why is South Africa such a prominent target?
It’ll take some investigating to find out.
In the meantime, let’s look at some ways to avoid becoming the victim of a phishing attack.
1) Do not open attachments or click on links in emails from people you don’t know or from sources that you don’t trust. I get a lot of emails from the IRS and UPS, as I don’t live in the US, I can safely assume that these are not genuine.
2) Install security software and keep it up to date. Phishers continually change tactics and up their game. Online security companies continually update their software to thwart the new methods. When you don’t update your software you expose yourself to unnecessary risk.
3) Don’t assume that email is the only avenue. Social media networks are also vulnerable to phishing attacks. Phishers manage to send you genuine looking messages from your friends, you click a link because you trust the sender and suddenly your account has been hacked. Fortunately, Facebook (and probably other sites as well) notifies you when a link is dodgy (sometimes only after you’ve clicked it) and advises you to change your account login details and privacy settings.
4) One of the suggested means of outsmarting phishers is to call your bank to verify whether an email is genuine or not. According to Wikipedia, this might be such a good idea after all, as some phishers use a specially modified VoIP service to capture information. So make sure you know exactly what number to dial for help and don’t trust the numbers you see on any old email.
If you don’t want to be caught in a phishing net, your best weapon is common sense.
(Image by Tabor at en.wikipedia (Transferred from en.wikipedia) [Public domain], from Wikimedia Commons)