Cyber Threats in South Africa - Tax Environment


Published on

Broad definition and description of cyber crime and threats facing the tax environment within South Africa.

Published in: Technology, Travel, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyber Threats in South Africa - Tax Environment

  1. 1. Threats in SouthAfrica Adv Jacqueline Fick PwC 22 July 2011
  2. 2. Contents1.Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories.2.Phishing.3.Cyber crime and tax refunds.4.What to do?5.ConclusionPwC 2
  3. 3. Understanding the origins and characteristics of SouthAfrica’s most prevalent cyber crime categoriesCyber crime defined• “…computer crime encompasses the use of a computer as a tool in the perpetration of a crime, as well as situations in which there has been unauthorised access to the victim’s computer, or data. Computer crime also extends to physical attacks on the computer and/or related equipment as well as illegal use of credit cards and violations of automated teller machines, including electronic fund transfer thefts and the counterfeit of hardware and software.” (Credo and Michels)• Watney uses the term cyber crime and defined it as all illegal activities pertaining to a computer system, irrespective of whether the computer is the object of the crime or the instrument with which the crime is committed.• Move in South African law to the use of the term cyber crime which is wide enough to encompass all illegal activities in respect of computers, information networks and cyberspace.PwC 3
  4. 4. Understanding the origins and characteristics of SouthAfrica’s most prevalent cyber crime categoriesTypes of cyber crime in South Africa• Unauthorised access (s86(1))• Unauthorised modification of data and various forms of malicious code (s86(2))• Denial of service attacks (S86(5))• Devices used to gain unauthorised access to data (s86(4))• Computer-related extortion, fraud and forgery (s87)• Child pornography, cyber obscenity and cyber stalking• Copyright infringement• Industrial espionage• Piracy• Online gamblingPwC 4
  5. 5. Understanding the origins and characteristics of SouthAfrica’s most prevalent cyber crime categoriesThe world of cyber crime• An underground cybercrime economy and cyber black market exists where the cybercriminal can buy, sell, barter or trade criminal skills, tools and your private information, you can buy IDs, credit cards botnet kits.• Cybercriminals are now less hackers and more like offline crime syndicates, such as the Mafia or urban gangs.• One can buy a keystroke logger for about $23 or pay $10 to have someone host a phishing scam, pick up a botnet for just $225, or get a tool that exploits a vulnerability on a banking site for $740 to $3 000. (Cybercrime Exposed Marian Merritt)• What happened in South Africa…• “It’s grown to become a flourishing industry with international syndicates, just like the Mafia” (Pres Jacob Zuma)PwC 5
  6. 6. Phishing• In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.• An online scam that uses e-mail to “fish” for users’ information by imitating legitimate companies. People are lured into sharing user names, passwords, account information or credit-card numbers. The phishing e-mail usually contains a link to a illegitimate site.PwC 6
  7. 7. Phishing (cont.)What statistics showRSA Online Fraud Reports show that South Africa does not fall withinthe top ten countries hosting phishing attacks, but features high on thelist of top ten countries by attack volume.The U.S., UK, and South Africa continue to be the countries that haveendured the highest volume of phishing attacks – for 15 consecutivemonths. Over the past year, the U.S. and UK have absorbed a combinedaverage portion of 65 percent of the attacks. (May 2010 - April 2011).PwC 7
  8. 8. Cyber Crime and Tax RefundsPwC 8
  9. 9. Cyber Crime and Tax Refunds• Warnings from SARS – diligence in tax season• Promise of tax refund, click on link!• Close resemblance to e-filing page• SARS will never ask for your personal details• Do not click on any links – malware, trojans, viruses• Threat of keyloggers and spy software• Criminals steal information to become “you”PwC 9
  10. 10. Cyber Crime and Tax RefundsPwC 10
  11. 11. Cyber Crime and Tax refunds• CIRPRO : • Changing names of directors – electronic lodgement of CM29 • Registering false companies (the PwC example)• Mostly aimed at diverting VAT refunds• Company details should be checked routinely.• Warning signs such as delay in payment of tax refund, odd queries from clients or credit bureaus.PwC 11
  12. 12. What to do?• Regularly check your company details.• – panel on the left. Search for company name or similar name.• Never respond to unsolicited emails or click on links in the mails. If you haven’t bought a lotto ticket, chances are you did not win anything!!!• If you think that your company has been hijacked keep record of everything you do – disputes with SARS, banks.• Notify your own bank and other banks of information to assist in tracing fraudulent accounts.• Notify CIPRO, SARS and SAPS and your own employees.• Contact your clients to say your details have not changed.PwC 12
  13. 13. Closing remarks• Effectively and efficiently addressing cyber crime requires a shift in paradigm.• Protect information as a valuable asset.• Pro-active vs re-active approach: prevention is better than prosecution.• Always keep abreast of scams and ensure your systems are up to date.• Understand your organisation, your data and the value of IT.• Have appropriate policies and enforcement monitoring in place.• Share experiencesPwC 13
  14. 14. It is widely accepted that in today’s technology-driven environment, information is worth a king’s ransom; successful businesses know how to protect and capitalise on it. Information is fast becoming the biggest contributor to the bottom-line and an asset that should be jealously guarded with the same vigour as financial assets. The best of the best employ information technology (IT) and information resources to create competitive advantage and ensure the good governance thereof. Thank youThis publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act uponthe information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as tothe accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Inc, itsmembers, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, orrefraining to act, in reliance on the information contained in this publication or for any decision based on it.© 2010 PricewaterhouseCoopers (“PwC”), a South African firm, PwC is part of the PricewaterhouseCoopers International Limited (“PwCIL”) network thatconsists of separate and independent legal entities that do not act as agents of PwCIL or any other member firm, nor is PwCIL or the separate firmsresponsible or liable for the acts or omissions of each other in any way. No portion of this document may be reproduced by any process without the writtenpermission of PwC.