By Jacob Mutisi
Zimbabwe is a cashless society with 96% of all transactions done through internet banking, mobile banking and “swipe”.
Cyber criminals and fraudsters have devised ways of stealing or getting access to some of these services through phishing, with the most recent report being of a supermarket that lost ZWL$22 million to hackers.
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in an email or other forms of communication.
Fraudsters or cyber attackers commonly use phishing emails to distribute malicious links or attachments that can perform a variety of functions.
Some will extract login credentials or account information from victims.
In Zimbabwe an average fraudster contacts you pretending to be from a legitimate business such as a bank, mobile service provider, insurance, police, telephone company or internet service provider. You may be contacted by email, social media, phone call, SMS or text message.
In Zimbabwe phishing is a crime of choice, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than it is to break through a banking or a mobile network defence systemPhishing attack applies to an email or other electronic communication methods.
Local fraudsters have also devised methods that include direct messages sent over social media platforms and SMS text messages.
Like the majority of cybercrimes, fraudsters use public sources of information to gather background information about their victims collecting personal and work history, interests and activities.
This is mostly done through social media platforms like LinkedIn, Facebook and Twitter.
These social media platforms are normally used to uncover information such as names, job titles and email addresses of targeted victims.
This information is then used to craft believable emails.
Targeted victims receive a message either by an email message or an SMS that appears to have been sent by a known contact or organisation.
The email or the SMS carries either a malicious file attachment, or a link connecting to malicious websites.
The objective is for the target victim to install malware on the victim’s device or direct the victim to a fake website.
These fake websites are designed in such a way that they look identical to a genuine website and are set up to trick victims into divulging personal and financial information, such as mobile banking passwords, bank account IDs or just your banking details.
The reason why phishing has a greater success rate is that phishing messages are difficult to distinguish real from fake messages. They are crafted in such a way that you will believe that it is coming from a well-known company, they even include corporate logos and other collected identifying data that is included on the message signature.
Phishing attacks are on the rise and fraudsters are becoming more sophisticated in how they try to steal your personal or account information. To protect yourself from phishing emails you need basic internet and email etiquette:
- Do not click on links or attachments within the message
- Does the email use a generic greeting like “Hello Customer”?
- Is the email asking you to provide personal or sensitive information, login or account information, passwords or a PIN (Personal Identification Number)?
- Does the message try to convey a sense of urgency and/or pressure you into taking immediate action, and/or click on a link or attachment?
- Is the email from an organisation you trust but is unexpected and/or from someone you do not know?
- Is the message coming from a genuine organisation’s email address?
Zimbabwe’s cyber attacks or frauds are each man for himself.
There is now a need to have an effective mechanism and institutional structures at the national level that can necessarily deal with cyber threats and incidents of a phishing nature.
The absence of such institutions and lack of national capacities poses a genuine problem in adequately and effectively responding to cybercrimes or cyber fraud. Zimbabwe urgently needs National Computer Incident Response Teams (CIRT) which will play an important role in fighting electronic, mobile money and financial cybercrimes which are now so common in Zimbabwe’s cash less society.
Mutisi is the CEO of Hansole Investments (Pvt) Ltd and the current chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution for Engineers.