“The bottom line is that cyber risks sit right alongside rising systemic risks, and is the biggest emerging, and constantly evolving risk facing businesses today.” (SHA Specialist Risk Review 2022) In Africa, Interpol has identified phishing – particularly Business Email Compromise (BEC) – as well as online scams, as both the biggest current crime threats, and the crimes most likely to increase in the next three to five years. This is Interpol’s list of the prominent cyberthreats identified in the African region: Business Email Compromise Phishing Cyber extortion including ransomware attacks Online scams Banking trojans and stealers Below, find out how these cybercrimes are perpetrated and how to protect yourself, your company and your employees with tips from SABRIC and CISA. Business Email Compromise (BEC) For 7 consecutive years, BEC attacks have been the most financially devastating cyber threat worldwide, and continue to be the most prevalent cybercrime, says Interpol. A type of phishing attack, it causes significant financial losses and often reputational damage. It includes cybercriminals using an organisation’s email account to send out fraudulent messages with malicious links or attachments that install malware or steal confidential information. Most commonly, however, BEC involves cybercriminals manipulating emails, especially payment requests containing bank account details. This is because it’s common business practice to send confirmation of or changes to bank details, or invoices containing bank details, via email. In BEC attacks, these emails are intercepted - or fraudulent emails or invoices are created - changing the account details to the cybercriminal’s account. Any payments subsequently made are lost to cybercrime. A recent High Court ruling in this regard, set a precedent applicable to all businesses, as the judge noted: "… the plaintiff’s case established clearly that sending bank details by email is inherently dangerous, and so must either be avoided in favour of, for example, a secure portal or it must be accompanied by other precautionary measures like telephonic confirmation or appropriate warnings which are securely communicated." Specific BEC preventative measures include: Inform clients that your company will never change banking details via letter, SMS or email. Consider not putting banking details on your invoices - rather ask customers to phone you to check the details they have. Use bank-defined beneficiaries for online banking where possible. Before making payment to a supplier’s bank account after receiving an emailed invoice, check that the bank account details on the invoice are genuine. If you receive any instructions to change banking details from a supplier, call them to verify. Check with your insurers if you can get cover for this risk. Phishing One of the oldest, most pervasive cyberthreats and a major source of stolen credentials and information, phishing is a cyber-attack aimed at stealing sensitive information like usernames, passwords and credit card details, typically using deceptive emails or websites, apparently from trusted sources, that contain malicious attachments or links to viruses or malware. Phishing is linked to an estimated 90% of data breaches and causes not only direct financial losses but enables other forms of cybercrime. Cyber…