Domain Name Scams – Cybercrime

How to Avoid Domain Name Scams

Millions of consumers visit their favourite retail websites or online banking portals regularly to enjoy the convenience of instant shopping or financial transactions.

Unfortunately, the very sites that we visit and trust with our private information, including banking details, could very easily be fake.

Domain name scams are becoming increasingly popular around the world as cybercriminals take impersonation to the next level, building virtual replicas of well-known websites.

As this phenomenon spreads in South Africa, local internet users will need to be extra vigilant when shopping and banking online.

How cybercriminals impersonate entire websites

The modus operandi that cybercriminals tend to follow when carrying out these scams is both simple and deceptive.

First, fraudsters register a domain that closely resembles the real domain, making it sound plausible. Some hypothetical examples of these sites could be absabankingsite.co.za or amazononlineshop.co.za.

For someone who isn’t familiar with the company’s real URL, these websites seem legitimate enough because they have been designed to look identical to the real thing.

  • Once unsuspecting customers land on these websites—which can be promoted through fraudulent social media, email or WhatsApp spam—they are typically prompted to log in using the actual credentials they use for online banking or shopping.
  • Once this is done, the cybercriminals have access to their login details, which can then be used to gain access to their accounts and carry out various fraudulent acts.

Domain name scams can be very convincing, but there are ways to avoid them when banking and shopping online.

How to stay safe in the age of fake websites

As an internet user, you have reason to be concerned about these advanced impersonation scams, which now include entire website replicas.

  • The only way to be certain that the website you’re using is authentic is to confirm that it is, in fact, the official website of the company you’re dealing with. This can be verified with a Google search.
  • It’s also important to note that most companies will never ask you to supply your login credentials by email or any other form of communication. Any correspondence you receive asking for this is likely to be suspicious.

When logging into internet banking or retail shopping websites, we recommend that internet users always opt for multi-factor authentication.

For banking, downloading your bank’s official online banking app is much safer than relying on the website, which may or may not be genuine.

Protect your vital data with secure cloud storage

With online activity at an all-time high, businesses and households alike can never be too careful when it comes to protecting private data.

Soteria’s range of secure cloud storage packages for households and businesses is the ideal way to keep your sensitive files safe in the cloud and out of the wrong hands. Visit our product page today to learn more.

Identity Theft – Financial Cybercrime

The Legal and Financial Dangers Of Synthetic Identity Theft

Identity fraud is one of the most common types of financial crimes affecting South Africans, and now cybercriminals have raised their game with a new wave of crime known as synthetic identity theft.

Fraudsters are going a step further and combining stolen information from multiple people to create new fictitious identities that may not be real – but the consequences of your personal data being used to make one certainly are.

Here’s an overview of this new crime, what its modus operandi looks like, and how you can keep yourself safe from it while protecting your business and customer information too.

How synthetic identity fraud works

Identity theft always begins with criminals obtaining sensitive information like your ID number full name, employment information and physical address. But lately, crimes in which this information has been merged across multiple victims is becoming more common. These crimes fall into two broad categories.

  • Identity compilation: This is referred to by industry experts as “Frankenstein identity fraud”. Criminals will often combine the identification numbers, addresses, and other details of multiple victims to create a new false persona. 
  • Identity manipulation: this criminal approach sticks to one identity, but alters key information about the person in order to carry out illicit activities. Changing someone’s place of employment or credit score artificially or applying for credit in their name are some examples of identity manipulation.

Synthetic identity makes law enforcement’s job even harder

Keeping tabs on all the fake identities used by fraudsters is hard enough but synthetic identity fraud is adding a new layer of difficulty to the task before law enforcement officials. 

Since fake identities, compiled using information pertaining to multiple people, are becoming more commonplace, it’s becoming increasingly difficult to track down the various victims of this crime so that justice can be done. 

Given the large number of data leaks and breaches that are taking place across the country, many law abiding citizens are finding themselves in the crosshairs of identity theft. The fact that their identity has been compromised becomes apparent once they receive a letter of demand or even a summons pertaining to debt that they have no memory of owing. This is a tell-tale sign that identity fraud has taken place.

Keep your identity and personal information safe with secure storage

There’s no need to become a victim of identity theft before you start to secure your sensitive documents.

Soteria’s range of encrypted automated backup packages will help ensure that your business and personal documents remain safe in the cloud, beyond the reach of cybercriminals. Browse our packages today to get started.

Online Crime Surge Q1 – Cybercrime

South Africa Cybercrime Surges in Q1 2024

South Africa continues to buckle under the weight of rising cybercrimes, with the latest reports indicating that the country’s victim count increased by 107% between Q2 2023 and Q1 2024.

These revelations come on the back of similar worries across the African continent, which is seeing a rapid rise in cyberattacks as online attacks in other regions start to stabilise. 

Let’s take a closer look at the data and find out why Africa has found itself in the crosshairs of cybercriminals once again this year.

Hackers play catch-up in Africa this year

According to a report by cybersecurity group Check Point which documents incidence of cybercrime in regions around the world, the African continent is experiencing a huge increase in online criminal events.

The rise in incidents is alarming even though the total number of attacks in regions like Europe and North America are far higher in absolute terms. 

  • Africa saw a 20% rise in cybercrime incidents in Q1 2024. On the other hand, Latin America saw a 20% drop over the same period. 
  • Government and military targets remain hugely popular among cybercriminals, increasing the prospect of service disruption and the destabilising potential of these attacks. 

This seemingly contradictory trend makes more sense in the context of pure numbers versus percentages. 

Considering that Africa has traditionally lagged behind other countries in terms of internet penetration and online business, the continent’s recent digitisation has probably made it a prime target for cybercriminals.  

Hackers who are finding it more difficult to increase their rate of attacks in developed regions which have invested heavily in cyber security may have discovered easy pickings in Africa this year. 

Now is the time to invest in cybersecurity 

Overall, it would appear that Africa is facing a surge in cybercrimes similar to the one experienced by its more developed peers 5 to 10 years ago. 

The continent may be struggling to respond due to its traditionally lower emphasis on cybersecurity. However, companies in South Africa and across the continent can reverse this situation by investing in the latest cyber defences to bring their security levels in line with those of European and North American businesses.

Some of the key components of a comprehensive cybersecurity strategy include:

  • The basics. Reliable firewalls and updated antivirus software will set the stage for improved data security.
  • User and permission management using the latest multifactor authentication and identity verification will help ensure that unauthorised users can’t gain access to your network.
  • Secure data storage. Encrypted backup and storage cloud storage for sensitive documents and files is one of the surest ways to have a working copy of every essential document in the worst-case scenario. 

At Soteria we pride ourselves on making secure cloud storage available to households and businesses of all sizes. Protect your valuable data today with our range of encrypted cloud data storage packages.

Cyber Defence and Cyber Insurance – Cybersecurity

A Holistic Approach to Cyber Defence and Cyber Insurance

Cybercrime in South Africa continues to soar and companies of all sizes are realising the essential need to have comprehensive cyber insurance. While cover of this type is an essential precaution it needs to be implemented as part of a holistic cybersecurity strategy in order to be cost-effective and ultimately useful to the business.

In this article, we take a look at the symbiotic relationship between cybersecurity cover and the various cybercrime prevention methods that businesses can implement to lower their risk profile when dealing with insurers. 

Read on to find out how you can protect your business from online criminals and potentially end up with a lower monthly insurance premium.

Cybercrime insurance: what the latest data tells us

Cyber attacks in South Africa are rising by the year and companies are increasingly opting for cybercrime insurance. However, given the dramatic increase in these attacks, some insurers have left the market while others are raising premiums significantly and increasing their qualifying criteria for policy holders.

Businesses seeking comprehensive cybersecurity insurance should bear in mind that covering their losses in the event of a cyberattack is not the only necessary measure that should be taken. 

The reason for this is simple: a business that is vulnerable to cyber attacks due to poor security is more likely to be targeted by cybercriminals, and therefore will end up claiming on its cyber security insurance more frequently – or at least that’s what the insurer may assume.

This high risk profile may drive premiums up to the level of unaffordability. 

At the same time, insurance companies are starting to demand that comprehensive cybersecurity planning and response protocols are in place before even ensuring a customer.

  • 53% of businesses surveyed by Sophos indicated that they are seeking cybercrime insurance this fiscal year.
  • Of these respondents, 98% have implemented some form of cybersecurity upgrade to improve their chances of approval and favourable premiums.
  • An overwhelming majority of respondents said that their enhanced security measures had resulted in successful insurance outcomes, underpinning the effectiveness of this approach.

The main take away from the current developments in the cybersecurity sector is that it’s no longer a case of either insuring your business against the eventuality of a cyberattack or preventing one with advanced security measures, but rather that it’s necessary to do both.

Why a holistic approach is needed to combat cybercrime

Before obtaining cybercrime insurance cover for your business, an excellent strategy is to have all the necessary cybersecurity protections like firewalls, antivirus software, and multi factor authentication in place. 

Among these, obtaining secure cloud storage is one of the most crucial steps that any business can take to increase its chances of recovery in the wake of a cyberattack.

Our range of secure cloud storage solutions for businesses of all sizes are built on a powerful backbone of immutable storage, which is almost impossible to corrupt. Browse our range of packages today to enjoy the peace of mind that comes with having your data fully secured.


Browser File Upload Threats – Cybercrime

Are your file uploads opening the door to hackers?

One of the most basic rules of cybersecurity is “be careful what you download”, but now there’s a new risk for computer users: dangerous uploads.

As browsers become more sophisticated, encrypted uploads are taking place in applications like Chrome – and true to form, cybercriminals are finding ways to exploit this movement of data to put critical company and personal files at risk.

Let’s explore the technical aspects making it possible for criminals to intercept uploads and go over some safety protocols that businesses can implement to protect their files.

Hackers exploit sophisticated browsers like Chrome

If you’ve been using the Internet longer than 10 years, you probably remember how primitive the first web browsers were. We’ve come a long way since Netscape Navigator – with the latest version of Chrome featuring automatic translation, productivity tools, and upload functionalities.

But it’s this last feature that’s presenting a problem to cybersecurity experts now as hackers exploit File System Access Application Programming Interface technology – or API – to steal data.

  • File system API is a type of code that allows web browsers like Chrome and Microsoft Edge to access the internal files on your computer.
  • This allows you to upload files more easily but is also resulting in interception by cyber criminals.

Unknowingly, internet users could find themselves becoming victims of ransomware as hackers intercept their uploads and gain access to important company files. A simple photo upload for editing using a friendly looking online editing tool can enable access for a hacker to your files and subfolders.

Given that more than 60% of the internet uses Chrome, that equates to several billion potential victims across the world.

Apple Safari users may not need to worry about this specific threat – or not yet anyway – but the popularity of Windows computers in many workplaces around South Africa means that a fair chunk of local businesses may be susceptible to this type of attack.

As with many cybersecurity issues, companies that aren’t aware of the threat and continue to use Chrome for uploads on a “business as usual basis” may be the worst affected.

Is it time to call a ban on uploads?

The best approach that companies can take is to prohibit uploads as a matter of policy while educating employees about the risks of uploading files online.

This is an essential first step which will help to increase compliance and boost data security overall.

Encrypted backup applications and file storage systems like Google Drive may be exceptions to the rule, with tightly controlled access privileges being standard practice.

Secure cloud storage has never been more important

The ongoing risk of cyberattacks highlights the need for secure cloud storage in every organisation.

Our range of encrypted backup solutions for companies of all sizes provide a turnkey solution that can help to ensure reliable data protection for your business.

Employee Monitoring – Cybercrime

The legalities of employee monitoring against cybercrime

The era of online work has brought new challenges for employers, especially when it comes to monitoring worker productivity and protecting company information from cyberattacks. 

Remote workers may need to be monitored by management to ensure that the quality of their work is up to scratch and that they don’t visit any websites or perform online actions that jeopardise the company’s cybersecurity – but how far can managers go before they fall foul of the privacy laws?

Let’s take a look at the important issue of employee monitoring in the context of productivity and digital crime and find out exactly what actions companies can take to monitor staff activity.

Can companies monitor workers in SA?

Privacy concerns are one of the top ranked issues among internet users and company employees are no exception. While managers feel the need to monitor their employees’ online actions, there’s always the threat of legal trouble for violating their right to privacy.

But does this really stand up before the law?

South Africa’s Constitution does grant citizens the right to privacy, but this right is not absolute. In other words, there are situations where companies can monitor their employees within the bounds of the RICA Act which protects the privacy rights of all internet users.

  • According to the Act, an employee’s internet usage can certainly be monitored as long as the company obtains consent from the employee in advance. 
  • If data monitoring is essential for the operation of the business, this is also allowable in terms of RICA.

The best approach for companies is to combine these two conditions by inserting a data monitoring clause in every employment contract, and making it one of the terms and conditions of the job. 

Part of the clause can explain that this monitoring is necessary to ensure the proper functioning of the business, thereby covering both conditions above.

What specific activities should companies monitor?

Obtaining employee consent to monitor their online usage, especially when they work remotely, is a good first step toward productivity and cybersecurity improvement. Here are some types of internet activities that companies should be on the lookout for. 

  • Specific websites. Monitoring the websites that employees visit during working hours and maintaining a list of banned sites or dangerous URLs is the first step to securing your company’s network.
  • File uploads and downloads. Monitoring the number of files that your employees upload and download (and the source and destination of these files) can give your IT department a clue as to whether employees are carrying out legitimate tasks or performing suspicious actions that should be followed up.

Data monitoring can help reduce the risk of cyberattacks but encrypted backup is still essential

Complying with the RICA Act while monitoring your employees data usage can help you pinpoint suspicious activity, but there’s still no substitute for having a full backup of your most important files in encrypted format.

Our range of secure backup solutions will give you peace of mind as all your files are stored in the cloud using immutable storage on a regular basis. Browse our range of storage solutions and secure your data today.


Today’s Cyber Threats – Real Time Cloud Backup

What you don’t know about cybersecurity, and what that means for your business

Cybersecurity has become a buzz word in the business community affecting business from small SMEs to government groups. Five or ten years ago very few entrepreneurs had it on their radar, and still – ask many small business owners if they are worried about the cybersecurity of their operation today and most will respond by telling you they are too small for anyone to want their data! Wrong.

The massive escalation of online threats affecting South African businesses and highly publicised ransomware cases involving millions of Rands should have any size of business worried – but what’s the best way to defend your enterprise?

As with many things, the unknowns about cybersecurity can be the most dangerous. To bring business owners up to speed quickly, we’ve put together a list of the essential online threats facing every company and how to reduce them with innovative products like secure cloud storage.

Cyber Threat #1:unsecured credentials

There’s an image out there – probably created by Hollywood – that hackers are super advanced evil geniuses tapping away at their keyboards until they finally gain access to government secrets or billion dollar bank accounts.

In reality though, many cyberattacks take place because someone forgot to change their password.

The recent leaking of 70 million login credentials worldwide means that every business, no matter the size of it, should update its passwords without delay.

  • The single best (and easiest) thing you can do to enhance your cybersecurity is make sure that all your passwords are up-to-date and any devices associated with your business have multiple factor encryption enabled.
  • Changing passwords manually or by using password management software is the first line of defence against cybercriminals while having more than one factor to identify users will protect your data in the event that one of your devices is stolen.

Cyber Threat #2: lack of employee training

Many cyberattacks are carried out by criminals who are easily able to fool company employees into downloading a piece of software or clicking a link.

With the rise of AI applications like ChatGPT, which can write a convincing email, the dead giveaways of badly worded text and ridiculous offers which were typical of old online scams are a thing of the past.

  • To stay ahead of online criminals today, your staff will need to be trained to identify the signs of a social engineering or impersonation attack delivered by email.
  • It’s also essential to verify the authenticity and credentials of anyone who contacts your business with a potential order or service offering because hackers may use real names as a Trojan horse to carry out fraud and online attacks.

Cyber Threat #3: inadequate data protection

Relying on the office USB stick to keep your files safe simply isn’t good enough in 2024. If your business still hasn’t invested in a firewall and encrypted online backup, now could be the best time to secure your data – before you fall victim to a cyberattack.

No matter what size your business is, Soteria’s range of secure cloud storage packages gives you the flexibility of being able to scale up your storage as your business grows. Our backup system features the latest encryption technology with immutable storage for added peace of mind.

To learn more about how we can help secure your company’s crucial information, visit our website today.

Financial Data Security | Hackers

Hackers Claim Massive Financial Data Compromise

Millions of South Africans rely on the credit bureaus TransUnion and Experian to calculate their credit scores and give them access to financing from banks and other lenders. In a shock announcement, a Brazilian hacking group known as N4ughtySecTU declared that it had compromised the entire database of both credit bureaus and taken control of every South African financial services customer’s details as a result.

Let’s take a look at the validity of this claim, find out how Experian and TransUnion are responding to it, and discuss what this means for financial data security in the sector.

SA’s confidential credit information hacked – again

The financial industry, which has a responsibility to keep the data of millions of credit customers safe, is constantly on the alert for a nightmare scenario in which the entire system and its data falls into the hands of cybercriminals. In late November, hackers, allegedly affiliated with N4ughtySecTU, claimed that they had done exactly that

The group reached out to local journalists and made several online posts to the effect that it had captured the cumulative information of all South African credit users. They then demanded an eye-watering ransom of $60 million, failing which the data would be released on the dark web.

The claim made headlines and sent shockwaves through an industry which had just been recovering from an attack by the same group in which TransUnion’s database was compromised. The privacy of millions of South African customers was compromised in the attack, with hackers going so far as to steal President Cyril Ramaphosa’s private details.

Credit bureaus fail to confirm a cyberattack, ransom amount may be unpayable

Neither Experian nor TransUnion have confirmed that a large-scale cyberattack took place at all.

As many experts have pointed out, the enormous ransom amount being demanded – which exceeds R1 billion at the current dollar exchange rate – would be nearly impossible to pay, even if the story turned out to be true.

This has led to speculation that the ransom demand is simply an online scam designed to scare the bureaus into paying “hush money” to the hacker group.

Spotlight remains focused on cybersecurity in the financial sector

While this story evolves, cybersecurity experts in the financial industry will be reviewing their security measures to ensure that a similar attack – be it real or fake – doesn’t affect the banking and insurance sector in the future.

  • As a bank and credit customer, you may not have full control over how your information is handled by credit bureaus – but you can take proactive steps to guard both your own sensitive data and that of your clients.
  • It’s essential to confirm all correspondence from the bank – including banking app sign in messages – to guarantee that they’re genuine. When in doubt, call your branch for assistance.
  • If you receive a message saying that your personal data has been compromised, treat it with suspicion too. Contact the sender by Googling their official phone number and don’t respond directly to the number or email address that the message was sent from.
  • Business owners should note that failure to protect client data can result in a major violation of the PPI Act, with potential fines running into millions of Rands.
  • Maintaining multiple copies of data and ensuring that at least one is backed up in the cloud using secure encrypted storage is essential for every business today.

Don’t let cybercrime concerns prevent you from doing business in 2024. Our range of secure cloud storage packages are the ideal way to level up your data security.

Proactive approach to cybercrime | Cybersecurity

Cybersecurity: Time to take a proactive approach to Cybercrime

Cybercrime is big business, costing its victims a total of $8.44 trillion worldwide in 2022 according to data from Statista.

The traditional IT-driven security solutions that have been used as a defence against online crimes no longer make sense at a time when they are so easily overcome – but a risk approach founded on business principles for data defence and recovery can help your organisation stay safe online.

Let’s take a look at a new angle that the IT department can use when assessing very real cyberthreats. Here’s why cyber defence needs to make business sense and not only data security sense.

Data security beyond the iron wall

The traditional IT security approach which employed firewalls and antivirus software as a method of keeping the hackers out has become less effective in recent years.

The evidence for this is clear to see when we consider the  huge spike in cyber-attacks across the world over the past decade, despite constant updates in these traditional technologies.

  • Instead of this rigid approach, a multi-layered security solution that emphasizes flexibility and rapid reconfiguration is key to addressing data vulnerabilities in 2023 and beyond.
  • Using AI and other smart technologies to monitor your network, analyse traffic and data access patterns, and spot cyber-attacks before they happen is the next level of cybersecurity. This is akin to marketing metrics and financial risk analysis, where constant monitoring and taking are keys to success.
  • A major  part of this approach involves spotting vulnerabilities in your network before the hackers do. This can help to uncover zero day attacks and other unseen threats using comprehensive network analysis.

Case study: are your backups safe from hackers?

A worrying recent trend has seen hackers target companies’ data backups.

The thinking  behind this makes perfect sense from the cybercriminals point of view: if companies have backups in place they’ll be less likely to pay the ransom.

  • Next-level attacks will compromise backups to render organisations helpless and force them to pay up.
  • 93% of organisations surveyed recently said that hackers had tried to compromise their backups, with 73% saying the attempts were partly successful.

Simple backups – especially using physical storage held on the premises – are not going to remain safe in the era of advanced cybercrime. Continuous backups using encrypted technology is the best way to keep a current copy of all critical company data safe and available at all times.

At Soteria we take the safety of your data seriously. That’s why we encrypt all the backups on our servers with the latest encryption technology to keep hackers at bay. Learn more about our secure cloud storage solutions on our website and stay one step ahead of the cybercrime wave.

The Cybercrime Ecosystem | Cybersecurity

Best Defence to Cybercrime is an Attitude

Cybersecurity is a high-tech industry, and many business owners assume that it’s the technology which makes or breaks a hacking attempt or cyberattack. In reality, keeping your business safe online has more to do with skills and HR than having the latest detection software.

There’s no doubt that keeping your tech up to date will help keep cybercriminals at bay, but it’s not enough in isolation. In the current cybercrime landscape, the best defence (in addition to secure online backup) is an attitude, not a specific security feature.

It’s a jungle out there – navigating the cybercrime ecosystem

The internet has come a long way since most of us first used it, and with the explosion of websites, ecommerce, and social media the online landscape has become a hunting ground for hackers and bad actors.

  • South African web users are among the most likely on earth to be victims of cybercrime.
  • The country’s skills shortage means that IT teams are hard pressed to hire the talent they need to keep cybercriminals away from valuable company data.

Staying safe online means being vigilant. You wouldn’t leave your home unlocked or the keys in your car ignition – so why expose your website and financial information to criminals through lax security?

Creating a culture of cyber safety

Businesses that anticipate when and how a cyberattack may happen are more likely to prevent it from occurring.

Every one of your team’s devices and passwords, and even their email and social media habits, could become a potential data security hazard. Here are some strategies to counter this.

  • Training all staff members to handle data just like money is the first step toward cyber safety. Your company information needs to be safe and only accessible by authorised users at all times.
  • Simply relying on the latest tech like data security apps and firewalls to keep company information safe is no longer effective. These tools must be matched by a set of online safety skills that the entire team is trained to use on a daily basis.
  • Creating a cybersecurity response plan (like pushing the panic button during a robbery) and backing up crucial data in the cloud can reduce the financial impact should a cyberattack take place.

Keep your data safe with us

Soteria Cloud offers a range of data backup options that use the latest encryption technology combined with cloud based storage for extra peace of mind. Find a competitively priced package that suits your business perfectly today to get started.