HQ/EMEAFind out how we can help your business
Due to a phishing scam, the Passenger Rail Agency of South Africa (PRASA) has lost a whopping 30.6 million rand, equivalent to about US$1.6 million. The incident, disclosed in this South African railway agency’s annual report, showed the growing threat that cybercriminals pose to critical infrastructure and public services.
Based on the advisory, the agency had only retrieved a little over half of the money, approximately R15.7 million, despite their efforts to recover the stolen funds. The remaining balance remains missing as PRASA continues to address the attack’s aftermath.
PRASA has refused to give additional details about the phishing scam.
Researchers said PRASA declined to provide further information or comment on the incident. However, experts suggest that there is a high possibility of insider involvement. In addition, they theorised that an employee might have orchestrated the attack by setting up fraudulent accounts within the system, allowing the siphoning of funds.
This African railway incident highlights a broader trend of cybercrime in South Africa, particularly concerning email interception fraud and digital banking scams.
A recent study showed that approximately 22% of companies reported falling victim to email interception fraud within the past five years. Similarly, data from the South African Banking Risk Information Centre (SABRIC) indicates a 30% increase in digital banking fraud cases compared to previous years.
Furthermore, separate research emphasises the prevalence of social engineering tactics like phishing in orchestrating such attacks. A significant portion of African employees, around 32.8%, are prone to phishing attempts due to a lack of security awareness training.
Businesses should adopt comprehensive strategies focused on detection, assessment, and management to mitigate the risk of insider threats and phishing attacks. Organisations can better protect themselves from similar cyber incidents by proactively identifying concerning behaviours and implementing competent risk mitigation solutions.
The PRASA phishing scam is another example of the pervasive threat cybercriminals pose and the critical importance of improving cybersecurity measures to protect critical infrastructure and sensitive information.
Therefore, businesses and institutions should be more vigilant and proactive with security measures to prevent or mitigate various malicious actors from executing their campaigns.
