/ 15 September 2022

Online scams risk undermining trust in South African government services

Cyber
Protecting citizens when they interact with digital government services is fast becoming a top priority for governments around the world. (Woohae Cho/Bloomberg via Getty Images)

Protecting citizens when they interact with digital government services is fast becoming a top priority for governments around the world.

The astonishing growth of the global cybercrime industry and the perceived ease at which threat actors imitate trusted brands and government departments online is challenging governments to implement new measures to protect citizens.

As one of the continent’s most developed and heavily industrialised economies, South Africa is an attractive target for the global cybercrime industry. Interpol’s 2021 African cyberthreat assessment report found that South Africa led the way in all categories of cyberattacks, from digital extortion and online scams to business email compromise attacks.

The Interpol report found that weak networks and poor security made countries in Africa particularly vulnerable to cybercrime. 

And while the South African government has taken great strides with new legislation such as the Cybercrimes Bill, additional investigative capabilities, and a renewed focus on protecting citizens and critical infrastructure from cyberattacks, threat actors have not been sitting idly while we strengthen our defences.

A growing volume of brand impersonation attacks is posing a risk to the trust between the government and its citizens. Increasingly, citizens require additional protection from threat actors striving to subvert the trust citizens have in the state and its broad spectrum of essential services.

Subverting trust in brands

Mimecast’s threat-hunting team recently detected a resurgence in post office-themed email scams in South Africa. Between May and June, our team found more than 100 000 emails imitating the South African Post Office. 

In one version, an official-looking email claims to have the recipient’s package but requires a small payment to conclude delivery. Once users click on the link, they are taken to a payment site where they are asked to enter their credit card or online payment details, which the threat actor could then use to defraud the victim.

One version of this scam is so convincing it even requests the victim’s mobile number and sends a confirmation SMS to their device, presumably to ensure the person entered legitimate details.

In another example of cybercriminals weaponising state-owned assets against South Africa’s citizens, many taxpayers are receiving a seemingly legitimate email that urges them to click on a link to download and respond to a letter or risk a court summons. 

The link invariably contains some form of malware that can infect their devices and open the door to threat actors accessing sensitive personal information.

Impersonation attacks wreak havoc on trust

Public sector institutions and state-owned enterprises, therefore, need additional measures to protect against threat actors hijacking their brands or domains and putting citizens at risk. 

Mimecast’s 2022 state of email security report found that 98% of South African companies either use or plan to use a brand protection service this year, while 86% use or intend to use DMARC (domain-based message authentication, reporting and conformance) to protect their email domains from impersonation.

The reasons are clear: 87% of South African organisations were made aware of a spoofing attack using a lookalike domain or website clone, with 17% seeing more than 10 such attacks in the past year. 

When such attacks are successful, they do untold damage to the trust between the organisation and its customers. Research conducted in 2021 found that 83% of South Africans would lose trust in their favourite brand if they disclosed information to a spoofed website imitating that brand, while three-quarters would stop buying from a brand if they fall victim to cybercrime while interacting with that brand online.

Public sector cyberthreats raise the stakes

When a private sector organisation suffers an impersonation attack, its customers may suffer financial losses or other inconveniences that could see them abandon that organisation for a competitor. This can affect revenue and, in the case of listed entities, cause a drop in share price and loss of company value.

In the public sector, citizens may not always have the option to seek alternatives for essential services. For example, the most vulnerable citizens have little alternative than to interact with the South African Social Security Agency’s systems and processes to receive their social grants. 

Any subversion of the relationship between grant recipients and the state holds the potential to severely affect the most vulnerable and cause a loss of trust in state institutions.

Ensuring citizens have a safe exchange with public sector organisations is essential to creating and maintaining trust. Considering the vital developmental and social support roles the South African state plays, maintaining trust with citizens is of the utmost importance.

Similarly, the importance of state-owned enterprises to the South African government’s revenue and the importance they play in the broader economy means any disruption to services or undermining of trust can have severe negative ripple effects. 

When citizens feel unsafe using government services or engaging with the state via digital channels, a growing disconnect is formed that may undermine the government’s ability to support the most vulnerable and provide services to citizens.

It is vital that the state invests in appropriate, multi-layered defensive capabilities to help detect threat actors aiming to imitate state-owned organisations or government departments. Without appropriate security measures, citizens will be at the mercy of ruthless criminals going to great lengths to subvert the hard-won trust between them and the state.

Moss Gondwe is the public sector director at Mimecast