South African organisations are under increasing pressure to protect customers against cybercriminals that are exploiting their web and email domains for monetary gain.
Last week the South African Post Office warned customers not to be tricked by a new scam whereby cybercriminals send seemingly legitimate emails on behalf of the Post Office requesting payment of outstanding customs duties needed for the delivery of packages.
Duane Nicol, cybersecurity expert at Mimecast, says cybercriminals are finding it easy to impersonate the web and email domains of trusted brands.
“Kudos to the Post Office for communicating with the public to look out for this scam. But examples like this are a reminder that South African organisations need to protect their brand online, by tracking and determining how cybercriminals are impersonating their web and email domains.
“It is becoming common practice for crooks to impersonate well-known brands and trick customers into handing over money or sensitive information, which can be devastating to the customer as well as the reputation of the organisation.
“Domain spoofing, where an attacker essentially forges your email to make it look as though their communication has come from a trusted source, is a common tactic used in phishing campaigns and business email compromise.”
In Mimecast’s latest State of Email Security report, 78% of South African organisations said they were concerned about an attack that directly spoofs their email domain. Mimecast Threat Intel data also found that impersonation fraud in South Africa in the first 100 days of the coronavirus pandemic surged by 75%.