Financial Crime World

Title: Social Engineering Techniques Fuels Digital Banking Fraud Surge in South Africa, Costing R740.8 Million in 2022

By John Doe, ITWeb Senior Journalist

Social Engineering Techniques Drive Digital Banking Fraud in South Africa

Johannesburg, 04 Oct 2023

In 2022, social engineering techniques proved to be the preferred choice among cybercriminals for executing digital banking fraud in South Africa, resulting in over R740.8 million in losses, according to the South African Banking Risk Information Centre (Sabric).

Digital Banking Fraud Statistics

Sabric reported a 24% increase in digital banking fraud incidents, making it a total of 23,000 cases. Here’s a breakdown of the incidents based on the type of digital banking:

  • Banking applications and internet banking accounted for 64% of the fraud incidents.
  • App attacks resulted in a 46% share of digital banking crimes, causing the highest proportion of financial losses (49%).
  • Online banking fraud accounted for 26% of the incidents and resulted in the second-highest proportion of gross losses (47%).
  • Mobile banking fraud accounted for 28% of the incidents with the lowest proportion of gross losses (only 4%).

Embracing Digital Banking: User Growth and Consequences

As more and more South Africans embraced the convenience of digital banking platforms, the number of active digital customers increased significantly for banks such as FNB, Nedbank, Absa, and Standard Bank. However, this trend was unfortunate for some, as cybercriminals capitalized on the uptake in digital banking and upped their game with social engineering techniques.

Social Engineering Techniques: The Most Common Forms of Digital Banking Fraud

The following social engineering techniques were used by cybercriminals to steal banking details and manipulate transactions:

  1. Spear phishing
  2. Whaling
  3. SMS phishing
  4. Business email compromise
  5. Vishing
  6. Pretexting
  7. Angler phishing

Financial Losses from Digital Banking Fraud

The financial implications of digital banking fraud escalated dramatically in 2022, increasing from R440 million in 2021 to R740.8 million, representing a 68% increase.

Money Laundering Through Digital Banking Fraud

Cybercriminals often recruited unsuspecting individuals, known as ‘mules,’ to launder ill-gotten funds. These individuals are lured with promises of easy money or employment offers, often through online advertisements or phishing emails. Once recruited, mules are instructed to open bank accounts in their names and carry out transactions on behalf of the criminals.

The Impact of App Attacks and Vishing

App attacks and vishing were two significant concerns in 2022, with reported incidents increasing by 36% and 33% respectively, and associated gross losses skyrocketing by 68% and 57% compared to 2021. Criminals intercepted transactional verification tokens, such as one-time PINs (OTPs), and transaction approval requests, by manipulating victims into approving transactions or providing OTPs during phone calls.

Rising Concerns: Kidnapping and Online Banking Fraud

There was a concerning rise in incidents involving kidnapping or hijacking individuals to gain unauthorized access to their banking applications under duress. Sabric stressed that no confirmed compromise of banking applications has been reported to date.

Mobile Banking Fraud: A Shift From SIM Swaps

In a positive development, there was a 9% decrease in reported incidents of mobile banking fraud, which previously accounted for the highest proportion of gross losses. However, fraudsters continued to use smishing (SMS phishing) to acquire mobile banking login details. In 76% of the reported mobile banking fraud incidents in 2022, SIM swaps were no longer part of the fraudsters’ MO.