SASSA Grant Fraud – Cyber Hacking

R175 Million Grant Fraud Exposed at SASSA as Threats Continue

More than 26 million South Africans rely on some form of social grant to cover their basic expenses, and with the recent increases in the cost of living, this financial lifeline from the state has become a matter of survival for many families.

Unfortunately, cybercriminals may be planning to target the South African Social Security Agency (SASSA), which has recently been shown to have significant cybersecurity vulnerabilities.

In this article, we take a look at the recent R175 million cyber fraud incident reported by the agency, in light of media reports suggesting its online application system may be an open invitation for fraudsters.

Here’s what every citizen needs to know with yet another government department buckling under the pressure of the country’s growing cybercrime wave.

R175 Million Stolen in Grant Fraud

The NaughtySecGroup has reared its ugly head again, claiming responsibility for stealing R175 million from social security grants by allegedly opening a staggering 100 000 fraudulent bank accounts across the country.

The hacking group, which made headlines last year by nearly stealing TransUnion’s entire data set for South African clients, says the recent move was in retaliation for not receiving the $60 million (close to R1 billion) ransom they demanded.

If the hackers are to be believed, the safety of South Africans’ financial information and the security protocols used by banks for account opening procedures are now in question. SASSA has revealed very little information in the wake of these claims, failing to reassure the public that the situation is under control.

Researchers Spotlight SASSA’s Cybersecurity Vulnerabilities

As the social welfare agency reels from its recent brush with fraudsters, a recent article reveals that the agency may be extremely vulnerable to follow-up attacks by cybercriminals.

Two students from Stellenbosch University conducted independent research into the agency’s vulnerability status by using a random sample of ID numbers to test the agency’s online application security. The results are alarming, to say the least.

  • When testing the system with ID numbers issued to people born in 2005 – representing a relatively young cohort of citizens – the researchers found that 91% percent of these numbers were associated with grant applications.
  • Given the young age and presumed good health of the applicants, it seems highly implausible that they would all be genuine grant applicants.
  • The researchers also applied for grants through the system at a rate of 700 per minute, an action that should have triggered a security alert and prevented further applications. However, the application process continued without interruption.

In conjunction with the claim of the R175 million fraud, these findings cast serious doubt on the security protocols in place at government departments, as well as in the financial sector.

Make Secure Cloud Storage Your First Line of Defence

At a time when the institutions we typically trust to protect our personal information – such as the banks or government – are under fire for failing to prevent cyberattacks, businesses and individuals should be thinking about beefing up their data protection.

Secure cloud backup is a proven method of keeping your personal, business, and financial information out of the hands of hackers.

To raise your security level, we invite you to browse our range of secure cloud storage packages and total data protection solutions. Powered by Acronis, for businesses and households of any size, you can trust Soteria Cloud to protect your most valuable asset – your data.

 SA’s new Cybercrimes act | Cyber Threat

Navigate the cyber threat landscape with SA’s new Cybercrimes Act

A rising wave of cybercrimes has prompted the government to pass sweeping new legislation that’s designed to protect individuals and businesses from the illegal acts of cybercriminals.

SA’s Cybercrimes Act, which was recently passed by parliament, gives law enforcement authorities greater powers to investigate online crimes and punish those responsible for them.

Let’s take a look at some of the highlights from this new law and find out how you can stay compliant while protecting yourself and your business from cybercriminals.

SA’s new cybercrimes act explained

The overall intention of the new Act is to define what digital crimes are, make them illegal in law, and give the authorities the power to prosecute cybercriminals.

In terms of the Act, the following actions are now illegal in South Africa:

  • Cyber fraud
  • Cyber forgery and uttering
  • Cyber extortion
  • The theft of incorporate property including patents
  • and other aggravated offences
  • Unlawful access to computer networks
  • Unlawful interceptions of data including acquisition, capturing and copying
  • Unlawful acts in respect of software and hardware tools
  • Unlawful interferences with data or a computer program

Looking at the list above, it’s clear that any actions that are carried out online with the intention of defrauding a person or business, obtaining data illegally, or using unlicensed software are now totally illegal in South Africa.

The new law also extends to online behaviour, with a special focus on messages sent electronically to other users.

be careful what you type – the law is watching

We’ve all been annoyed or maybe even upset by abusive social media messages and other types of electronic communication, but from now on perpetrating online abuse could land individuals and businesses in legal trouble.

The Cybercrimes Act make the following punishable by law:

  • Electronic messages that incite damage to property or violence
  • Data messages that threaten persons with damage to property or violence
  • Messages containing  X-rated images

Jealous ex-partners posting revenge pics, political leaders distributing the contact details of rivals and  journalists they dislike, and angry citizens encouraging others to carry out crimes like looting could all face the wrath of the law in terms of the Act.

avoid legal trouble with a strict communications policy

The days when ordinary citizens, businesses, and political figures could tweet or post what they liked without fear of prosecution are officially over. Anyone convicted of contravening the Cybercrimes Act could face a fine and / or a prison sentence of up to 15 years.

A company communication policy that emphasises politeness, diplomacy, and avoiding the dissemination of sensitive information is essential for every business, and individuals should follow the same guidelines when they interact on social media.

To add an extra layer of privacy and data protection to your business or personal information, take a look at our range of secure cloud storage packages today.

Personal financial scams: how to respond 

Being a victim of fraud is something we all want to avoid. Here’s how to avoid scammers and what to do when they strike.

Fraud is one of the sneakiest types of crime, and if you’ve had the bad luck to be a victim of financial scammers, you’ll know just how upsetting and inconvenient it can be.

Losing your hard-earned income to the criminal acts of fraudsters is something that nobody wants to experience, but it’s important to remember that there’s no shame in being a victim of cybercrime – it can happen to anyone.

Being the target of any type of fraud can be deeply personal. Fortunately, there are things you can do to avoid becoming a victim of cyber fraud and steps you can take to mitigate the damage.

Let’s look at some anti-fraud measures you can take to protect yourself.

fraud: a growing threat in south Africa

The number of South Africans falling victim to fraudsters has increased significantly over the past decade. In 2020, banking fraud victims lost over R1.5 billion to scammers.

Here are some basic anti-fraud measures you can take to secure your financial data.

  • Change your passwords regularly
  • Never reply to suspicious bank emails
  • Consider using a banking app instead of cell phone banking
  • Opt for two factor authentication if your bank provides it
  • Never lend any of your bank or credit cards to anyone – even a friend – and be careful where you use your credit card to avoid cloning
  • Always backup your data

what to do if you’re a victim of fraud

Sometimes even the best prevention measures fail to keep you safe from fraudsters. If you realise that you’ve been scammed or notice suspicious activity in your bank account, it’s important to stay calm and take immediate action. How you react and respond to any type of cybercrime can be critical in whether or not you are able to recover any or all of your losses.

Here are some things you can do to limit your financial losses.

  • Contact your bank. Speak with the fraud department, tell them exactly what happened, and forward them any relevant details or supporting documentation to ask for without delay.
  • Contact the police. Even if you don’t know the identity of the fraudsters involved in your case, you’ll need to report the incident to the police as soon as possible. A SAPS case number may be needed before you can claim from fraud insurance or request a reversal of suspicious transactions
  • Contact the SA Fraud Prevention Service. This is a dedicated organisation that helps victims of fraud and identity theft. If you feel that your bank was not helpful enough in dealing with your fraud case, you can also contact the SA Banking Ombudsman for further assistance.

keep your financial data safe with secure cloud storage

With hackers and financial cybercriminals becoming smarter by the year, keeping your sensitive financial information safe and encrypted in the cloud is a powerful weapon against fraudsters.

Browse our range of cloud storage services to find the package that suits your needs the best.