Online scams up as more Africans use the Internet

Attackers are targeting the financial sector in particular, so banking officials urge customers to download security software

Online scams targeting the financial sector are on the rise in Africa as more people access online banking services and mobile banking.

Phishing attacks are mainly occurring in South Africa where online banking is common, while mobile money theft is common in other parts of Africa where Internet penetration is still low. As a result of the increase, South Africa's Absa bank, the largest in Sub Saharan Africa announced Tuesday that its Internet banking customers can download security software to curb cybersecurity attacks.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

A phishing attack aimed at Absa customers features a plain, yet clever unsolicited message instructing them to follow a link and confirm their account information as a way for criminals to obtain passwords and user IDs.

Absa's online customers can download Trend Micro's Internet Security Pro 2009 for free, said Christo Vrey, managing executive of Absa Digital Channels.

The software is expected to protect home or office computers against viruses, spyware and other malicious threats. The phishing attacks have risen since 2005 when Barclays Bank bought Absa.

South African consumers are exposed to more phishing attacks because it is the only Sub Saharan country with a developed online banking service. Other countries do not offer full-fledged online banking services and most of the population lacks bank accounts, but cybercriminals have not spared them either.

The Communications Commission of Kenya has set out on an exercise to educate consumers on cybercrime and other threats posed by the expected increase in Internet usage as a result of cheaper bandwidth. The East Africa Marine System and SEACOM cables are expected to start testing service in a month as the region prepares for cheaper connectivity. Expensive connectivity has limited the region's Internet penetration and electronic commerce is nonexistent, so cybercriminals have not targeted that area as much as South Africa.

However, cybercriminals in East Africa have used mobile phone-based tricks in which subscribers receive fake messages informing them that they have won money and are asked to transfer a certain amount via the phone as a "processing fee."

"The criminals normally they use Tanzanian or Ugandan telephone numbers, which work across the region. It's interesting how mobile phone operators and authorities have not arrested the criminals," said Tyrus Kamau, online security consultant based in Nairobi.

In Nigeria, the scams started with the infamous "419" e-mails that promised millions of dollars left behind by Africa's former dictators such as Sani Abacha and later evolved to promises of lucrative oil contracts. After officials cracked down, 419 e-mails slowed, but criminals shifted to mobile technology, which makes it hard to trace them.

"Nigeria is the most populous country in Africa and the crime has evolved just like other countries, but the problem is the inability of most GSM operators to create unique profiles for their customers. In many countries, the 98 percent of GSM users are prepaid and unidentifiable," said Fola Odufuwa, senior partner at Praxis Partners LLC

Greed and ignorance have been cited as the reasons many people in Africa fall prey to the scams as the criminals' Web sites are built to entice and make people fill out even the most intimate details.

Although Kenyan banks offering elementary online transactions have been keen on security, Kamau says that the banks have not done enough to protect consumers.