“Cybersecurity is center stage for organisations in South Africa and sub-Saharan Africa,” says Jonathan Tullett, Associate Research Director, IT Services, sub-Saharan Africa at IDC. “We see growing rates of breaches and increasing severity and damaged experienced by victims. Despite economic headwinds, CIOs are increasing security investment with key outcomes including improved visibility, faster and more automated response to security incidents, reducing the attack surface area of vulnerable systems, identity management and cloud security.”
Recent Kaspersky research has highlighted that phishing remains the top initial access vector for security incidents. According to the Spam and Phishing in 2022 report, Kaspersky's anti-phishing system thwarted over 500 million attempts to access fraudulent Web sites globally in 2022. In Africa, we see that this type of threat is growing over time: Q2 2023 saw 2.5 times more (153% increase in South Africa and similarly 145% in Kenya and 125% in Nigeria) phishing detections in comparison with Q1.
Galov will highlight the adaptability of cybercriminals using examples of local scams such as those tied to the tax season in South Africa. One such prevalent scam is an email masquerading as a notification from SARS, urging recipients to view an 'account in arrears'. The tax authority has since warned taxpayers about this scam, and Galov echoes this advisory for extreme caution this tax season.
Example of a phishing email targeting unsuspecting South African taxpayers
"Phishing is one of the most prevalent and pernicious threats in the cybersecurity landscape. Being the gateway to many of the worst cyber threats, phishing pages are the first step in a long chain of events that can result in identity theft, financial loss, and reputational damage for both individual consumers and businesses,” says Galov.
Beyond the tax-related scams, Kaspersky experts have also identified phishing attempts leveraging local banking names, including FirstRand in South Africa and Zenith Bank Nigeria.
Example of a phishing email mimicking correspondence from FirstRand bank
“Phishing remains a dominant and evolving threat, exploiting human vulnerabilities. It’s imperative for individuals and businesses alike to remain vigilant, especially in this digital age where the line between legitimate and fraudulent can blur rapidly,” urges Galov.
To safeguard oneself, Kaspersky experts recommend:
For the full list of scam and phishing examples affecting SARS, click here.