analysisBy Eric Tamarkin
With the World Cup kicking off in Brazil tomorrow, 12 June, interest in the matches is reaching a fever pitch in Africa and around the globe. Savvy cybercriminals are capitalising on the attention on the matches and are adapting their tactics accordingly. Cybersecurity experts anticipate that during the World Cup, cybercriminals will use phishing scams, malware, hoaxes and spoofs to infiltrate devices and steal sensitive data of unsuspecting football fans.
According to a recent study by McAfee entitled 'The Red Card Club,' Internet searches for several football stars poses an increased risk that users would be redirected to fake and malicious websites.
As a part of the study, McAfee found that users searching for information about Cristiano Ronaldo, Iker Casillas, Gerard Pique, Eden Hazard, Fernando Torres, Paulinho, Karim Ziani and Edison Cavani increased their chance of landing on a website that could infect their computer or mobile device with malware. Cybercriminals use malware to steal data such as passwords and banking details.
Cybercrime has increased rapidly across the continent in the first quarter of 2014
Additionally, Prague-based antivirus company Avast found that dubious World Cup-related applications (apps) are popping up in the Google Play app store. For example, when a user downloads an app called 'Fifa 2014 Free - World Cup,' it collects location and call log data, as well as information about other accounts on your mobile device. Other apps such as 'Corner Kick World Cup 2014' claim to provide football content, but only deliver adverts and may also collect personal information.
The phenomenon of cyber scams seeking to capitalise on significant current events is by no means new. With the passing of former president Nelson Mandela in December last year, South Africans and people around the world wanted to learn more about his extraordinary life and memorial events. In one particularly egregious example, cybercriminals spoofed the email address of Mandela's grandson, Ndaba, and requested money from email recipients to support the Africa Rising Foundation. The cybercriminals instructed recipients to deposit funds at specific South African supermarkets and provide a deposit code via email.
In another example, cybercriminals posing as aid organisations and charities used fake donation emails claiming to assist those affected by the typhoon in the Philippines in November 2013.
The potential increase in cybercrime related to the World Cup adds another dimension to the already heightened cybercrime landscape in Africa. Given the rapid growth of high-speed Internet access, the expanded use of mobile technologies and the lack of cybercrime laws in most African countries, Internet security firm Trend Micro concluded that Africa is poised to become a new cybercrime safe harbour.
According to Internet security firm Kaspersky Labs, cybercrime has increased rapidly across the continent in the first quarter of 2014, with Algeria, Egypt, South Africa and Kenya tallying the highest number of cybercrime threats. Other recent studies have listed Nigeria, Ghana and Cameroon as the top cybercrime hotspots on the continent.
To stem the tide of cybercrime in Africa, policymakers should develop a cogent and multi-layered response. A key aspect of that approach is funding and supporting robust public awareness campaigns. Since cybercriminals primarily target individual Internet users, African governments must design effective public awareness strategies that reach as many people as possible.
A successful public awareness campaign must include certain components. First, it must use non-technical terminology to clearly communicate current cybercrime threats.
Next, it should provide essential recommendations and tools for individuals to protect themselves online, such as creating strong passwords that are not used for multiple websites, and only downloading official apps from trusted developers. Furthermore, it must include contact details for law enforcement and other government entities that are able to assist victims of cybercrime.
Public awareness campaign materials must be delivered to citizens in various ways. For example, printed cybercrime awareness guides should be available at government agencies that interface with the public, schools, places of worship and local businesses.
Additionally, awareness information should be communicated in multimedia campaigns via television, radio, newspapers and digital media. To facilitate the broad distribution of this information, governments should partner with various stakeholders, including the private sector. African governments should also consider sponsoring official cybercrime awareness days or months to draw maximum public attention to this issue.
Article III of the Draft African Union Convention on the Establishment of a Credible Legal Framework for Cyber Security rightly calls on member states to promote a culture of cybersecurity by launching comprehensive and detailed national awareness-raising programmes for home users, small businesses, schools and children. While ratification of this convention has languished for years, African nations must not delay implementing this important provision.
Several African states have started to design and implement public awareness programmes to help protect their citizens from cybercrime. In Mauritius, the government promotes Computer Security Day, which is an annual worldwide event on 30 November that aims to raise awareness and provide best practices to keep data safe.
The Mauritian government also endorses Safer Internet Day on 13 February, which aims to educate and raise awareness among children about the safe and responsible use of online technologies.
In South Africa, the public sector is collaborating with the private sector in several initiatives. For example, the South African Police Service (SAPS) recently joined the South African Banking Risk Information Centre (SABRIC) in a cybercrime awareness campaign, which engaged a diverse range of communities across the country.
Similarly, the Tunisian government has developed a sophisticated cybercrime national awareness plan that uses a mix of public activities, educational programmes, events and initiatives to instil a culture of cybersecurity.
The World Cup is an exciting time for football fans around the world. However, fans who fail to navigate online resources carefully risk a loss far greater than if their favourite team were to be eliminated from the competition.
African governments must do their part to raise awareness about evolving cybercrime threats, including those related to the World Cup. And citizens must do their part to stay safe online. Only then can we avoid a cybercrime own goal.
Eric Tamarkin, Consultant, Transnational Threats and International Crime Division, ISS Pretoria