While phishing attacks involving South African banks declined by a massive 47% in the first six months of this year, the start of the 2013 tax filing season in July heralded a significant reversal in the downward trend.
According to Yossi Hasson, MD of Johannesburg-based software as a service (SaaS) e-mail specialist, SYNAQ, phishing attacks involving SARS (South African Revenue Service) boosted the total number of phishing attacks by 14% in July, despite the fact that attacks involving banks continued to decline.
"Using our Securemail technology, SYNAQ constantly monitors phishing activity directed at our clients. While there was virtually no activity involving SARS earlier in the year, we detected a sudden spike in SARS activity in June. This coincided with growing awareness that tax season was almost upon us," Hasson says.
"In July, this activity accelerated. In fact, SARS was by far the most frequent phishing bait used by fraudsters in June and July. This far outstripped activity involving any of the major banks, including Absa, which, as the largest retail bank in the country, is usually the target for most attacks."
The SARS phishing e-mails have ranged from informing lucky taxpayers that they have received a rebate, to threatening recipients with dire consequences if they don't respond to "SARS'" request for their banking details.
Hasson explains that the term 'phishing' is a variation on 'fishing', the idea being that bait is thrown out as widely as possible in the hope that, while most will ignore it, some will be tempted into biting. To get the best results, scammers will pay most attention to areas they believe they have the highest chance of success.
"For the most part, this is more reliant on the number of potential victims – hence the upsurge in SARS-related attacks – than the institutions themselves," he adds.
SYNAQ's monitoring also shows that scammers often test the waters and will switch targets and methods periodically to get the best results. In June, for example, there was a massive upsurge in activity relating to Standard Bank. This declined somewhat in July, but attacks remained well above the bank's average for the year.
"In the next few months, we could well see scammers giving Standard Bank a break and focusing more on another bank. However, we anticipate high levels of activity around SARS continuing for the duration of the current tax filing season," Hasson says.
How phishing works
E-mail phishing occurs when fraudsters use official-looking e-mails to lure individuals to a spoof Web site in order to obtain their banking or credit card information for use in identity theft.
Phishing can take one of three avenues:
* URL – this is consistently the most frequent form of attack. The user is prompted to click on a URL link, which emulates a banking logon used for gathering login credentials.
* Forms – this is the second most popular vector for attack. The user is provided with an e-mail-embedded form to fill in, and the details are then mailed to the scammer.
* Malware – this is usually a Trojan download attached to the e-mail message, which the user is asked to install for better security.