Skelms are finding more and more ways to steal our money.
We should not be making it so easy for them.
When we have increased robberies of houses in our neighbourhood, we safeguard our homes.
We put on burglar bars, gates and install alarm systems and cameras, in efforts to avert a physical break in, or to minimise the damage if it does happen.
We should be as pro-active and vigilant when it comes to our devices and online actions, because that is where billions of rands of theft is taking place.
Busy shopping malls in South Africa have become prime targets for criminals wanting to steal cellphones to access data and banking apps.
Don’t just put your phone in at the top of your bag, put it much deeper down, and then make sure you know exactly where your bag is at all times.
Also avoid putting your purse and phone in the outward facing pocket of a backpack. That is easy access for skelms.
The busy atmosphere of malls often leads to distractions, making it easier for thieves to pickpocket or snatch valuables without being immediately noticed.
Multiple exits, crowded areas and inadequate and delayed security response time, make it easy for criminals to get away.
Smartphones
Our smartphones are definitely targets. Criminals steal phones, not only to sell them but rather to gain access to our banking apps and sensitive data.
Organised crime syndicates dedicated to this form of crime, manage to gain access to bank accounts by using stolen smartphones and the associated banking apps.
Hacking
These syndicates use hacking technology originally developed to assist law enforcement in gaining access to locked phones. Once they have the physical phone, they can use hardware to unlock it.
Based on the latest Interpol report, South Africa ranks third worldwide in cyber threats. According to cybersecurity company Kaspersky, mobile threats detected in South Africa is experiencing a 104% increase.
Retail websites
Many South Africans are falling victim to websites in sponsored ads on Facebook. In order to avoid being spotted, the fake sites were only accessible on mobile devices or through the Facebook ad links - which included false endorsements in the comments to appear legitimate.
Once you click on the ad and go to the website, these sites look completely authentic.
However, if you look closely enough you will see that their prices are simply too good to be true. They will take payment for your order from your card, never ship your goods and then still fraudulently use your cards.
The ultimate goal of these sites is to get you to “buy’ at these greatly reduced prices and then to steal the credit or debit card details of unknowing victims, in order to use of the cards for their fraudulent payments, often in other countries – with your card.
When you are on a website to buy goods always check that the URL matches the business name/site.The URL encryption should also be checked. If it starts with https://, the site is encrypted, whereas http:// means it is not.
Local ladies fashion retailer Desray recently had their site cloned on a sponsored Facebook ad.
Bigger, national chain stores have also had their sites cloned.
Desray’s story is showed just how little Facebook appeared to care about scam profiles on its platform.
Desray managing director Michael Dixon said customers started notifying them on 21 January 2024 about a fake Desray group on Facebook running advertisements offering 70% discounts on their products.
The Facebook advertisement sent customers to an exact copy of the desray.co.za website, using the URL dripgym.shop.
Dixon said that when they learnt of the fake site, they immediately reported it via Google’s Safe Browsing page, Microsoft’s unsafe site reporting tool, and Netcraft’s suspicious site tool.
They also dug into the spoof domain and found it was registered through Namesilo.com and hosted behind Cloudflare.
Namesilo said Dixon had to prove it was a scam site before they would do anything, and Cloudflare sent an automated response and no further feedback.
Dixon supplied Namesilo with screenshots of the Facebook ads and the spoofed site. They eventually took the domain down on 27 January — almost a week later.
He also contacted the US company used to register the DNS, fixAPI.org, with no response.
Reporting the fake Desray Facebook group also proved futile. Dixon said they even tried having all staff, friends, and family report the group.
They received no feedback and Facebook did not take the group down, causing untold damage to customers scammed by the page.
Even after they managed to get the original dripgym.shop attack site shut down, the scammers would relaunch on a new domain and use the Facebook group to promote links to the new URL.
“Each time a phishing site is shut down, the link in the Facebook advertisement is changed to a new domain. Facebook is the biggest part of the problem, because no matter how many times the fraudulent phishing pages and ads are reported, they are not taken down,” Dixon said.
He also went on to say that the reason it is so difficult to stop this scam is because of the online payment portal being used, Acqra.
“Their contact numbers on their website do not work, they have not responded to emails or online form submission. Acqra could stop the scammers immediately if they would engage the victims but they appear not to be interested or are complicit.”
Mense, online theft is getting hectic out there – and sadly it seems like the skelms are winning. We must become more vigilant. Check that the URL is not different from the retail store name – and always remember, if a price looks too good to be true, it usually is.