Coronavirus or COVID-19 has been declared a pandemic by the World Health Organisation. South Africa's President, Cyril Ramaphosa, declared a state of national disaster after 61 confirmed cases of coronavirus patients in the country.

A day after this declaration, we witnessed a lot of people panic buying grocery items in fear of the future.

As we speak, a lot of local supermarkets are running low on stock such as food items, toilet paper, and hand sanitizers. One cannot stop wondering about the vulnerabilities presented by the current crisis. We have already heard of reports in the Western Cape province where criminals impersonated personnel from the Department of Health and approached people’s homes claiming that they were conducting coronavirus screening. This turned out to be criminals who were trying to rob people.

In Canada, there have been reports of unscrupulous persons who are sending out unsolicited communication as medical advisory to unsuspecting people. With the food shortages and the lack of vaccines for coronavirus, it is inevitable that cybercriminals are going to exploit the situation and use all forms of phishing tricks to scam people.

Phishing is a social engineering scam devised by criminals with the intention of luring people into sharing personal information with a cybercriminal. What usually happens is that the cybercriminal would send out an email, SMS or any other unsolicited communication (spam) under the guise of being a reputable company or person. In the case of coronavirus pandemic, there are higher chances that criminals may pretend to be from reputable healthcare facilities, the department of health, medical professionals, medical aid representatives etc.

As with what other countries are already experiencing, the cybercriminals may pretend to be providing coronavirus screening and testing, providing coronavirus vaccines being imported from other countries, providing medical advice on coronavirus or providing healthcare products such as hand sanitizers. The cybercriminals are likely to request the unsuspecting victims to provide certain personal information and financial information. Alternatively, the cybercriminals may request the victims to click on a link provided in an email. By clicking on the link or downloading any attachments, the victim will unknowingly download malicious software on to their computer. The malicious software can subsequently be used by the cybercriminal to steal personal information of a victim. Once the victim’s personal data is disclosed or captured, it can then be used by the cybercriminal for a variety of illicit purposes, including fraud, identity theft and for gaining unauthorized access to a computer network.

Yusuf Abramjee has warned the public about the different tactics that are being used by criminals to rip people off. Since the sending out of a phishing email itself is not a criminal offense in South Africa, we urge our clients to remain vigilant and treat any communication on COVID-19 with caution.

Should anyone receive any communication from an unknown individual, company or organization regarding COVID-19, chances are that such persons are criminals or companies trying to direct market their products by taking advantage of the current chaotic situation. We hope that with the increase in cybercrimes in South Africa, the President will sign the Cybercrimes Bill into law. What this law does is that it criminalizes the acquisition, possession, and use of a password, access code or similar data or device.

With this law in place, we would see a lot of cybercriminals who phish out for confidential information and personal information being prosecuted. We also hope that the President signs the rest of the provision of the Protection of Personal Information Act (POPIA) into law as that law only permits direct marketing where the consent of the data subject has been obtained. POPIA is likely to see a decrease in a lot of spam messages and phishing messages.

Share this via: