Despite increased vigilance, cybercrime continues to grow
In a recent webinar on cybercrime, an audience poll revealed that over 50% of participants had experienced a financial scam of some sort. This does not mean all fell victim and lost money. We are all much more aware of scamming techniques and much more alert to suspicious online activity. Most of the scammers in this poll were foiled. But cybercriminals are always one step ahead. Just as we learn to recognise typical cybercrime tactics, the hackers develop new ways to part us from our money. With South Africa’s growing internet user base and accelerated digital transformation, individuals and businesses are increasingly likely to be cybercrime victims. Cybercrime in South Africa manifests in many ways, including financial fraud, identity theft, data breaches, and ransomware attacks. Cell phones are often targeted via the various apps we use, with the SIM swap scam becoming more and more frequent. According to Forbes Magazine, between January 2018 and December 2020, the FBI’s Internet Crime Complaint Centre received 320 SIM swapping complaints, resulting in losses of c. $12 million. In 2021, there was a significant rise in cases, with 1,611 complaints and losses exceeding $68 million. Since 2022 this type of fraud has taken hold in South Africa. The SIM swap is usually used to gain access to sensitive information held on the cell phone, such as banking app login and authentication.
The nature of cybercrime in South Africa
Cybercrime refers to criminal activities conducted through the internet or other digital platforms. In South African law, fraud, classified as a common law offence, is defined as the intentional deception of a person resulting in actual or potential prejudice to the victim. According to Section 34 of the Prevention and Combating of Corrupt Activities Act, fraud involves unlawful and intentional misrepresentation that causes or could cause harm to another party. When fraud occurs in an online setting, it’s termed “cyber fraud” and is covered by the Cybercrimes Act 19 of 2020.
According to the Cybercrimes Act, cyber fraud occurs when someone “unlawfully and with the intention to defraud makes a misrepresentation by means of data or a computer program.” This misrepresentation can happen on various digital platforms, from social media to messaging apps. Cybercrimes can take multiple forms, including:
- Identity theft: unauthorised use of personal information, such as identification numbers or banking details, to impersonate someone and commit fraud
- Phishing and online fraud: fraudulent messages or emails that trick recipients into providing sensitive information or transferring money
- Ransomware attacks: malicious software that locks a user’s data or system until a ransom is paid
- Cyberbullying and harassment: use of digital platforms to harass, intimidate, or threaten others
- Hacking and data breaches: unauthorised access to confidential or sensitive information, often resulting in the theft or exposure of data
The Electronic Communications and Transactions Act (ECTA) of 2002 also addresses cybercrime. According to Section 86(1), any person who accesses data without permission is guilty of an offence. Section 87(1) further stipulates that unauthorised access to data for an unlawful advantage, such as creating and acting upon fake data, is a punishable offence.
Legal protection
South African law offers several protective measures against cybercrime. Key laws include:
1. Cybercrimes Act (2020)
This is South Africa’s main legislative measure addressing cybercrime. The Act criminalises numerous activities, such as hacking, data interception, and cyber extortion. It includes:
- Penalties for harmful data messages, including revenge pornography, threats, and unlawful image distribution
- Clear definitions and penalties for offences like ransomware, hacking, and identity theft
- Obligations for businesses to report cybercrimes and preserve evidence if an incident affects their digital infrastructure
2. Protection of Personal Information Act (POPIA)
POPIA safeguards individuals’ privacy by regulating the collection, storage and processing of personal information. Organisations must ensure stringent security measures to protect personal data from unauthorised access. Non-compliance can result in penalties and legal action from affected individuals.
3. Electronic Communications and Transactions Act (ECTA) (2002)
ECTA, one of South Africa’s earliest pieces of cybersecurity legislation, governs electronic transactions and includes cybersecurity requirements and penalties for offences such as unauthorised data access.
4. Financial Sector Conduct Authority (FSCA) guidelines
The FSCA provides cybersecurity guidelines for financial institutions, emphasising consumer data protection and robust cyber resilience strategies to protect against cyber incidents.
Remedies for cybercrime victims
Unfortunately, legislation is only as good as its enforcement, and the nature of cybercrime makes it very difficult to identify and apprehend the criminals. Often they are not even within the borders of South Africa. For this reason, vigilance and prevention must be the priority. For those impacted by cybercrime, several legal avenues offer recourse:
- Report cybercrime to the South African Police Service (SAPS) and, when appropriate, the Hawks (Directorate for Priority Crime Investigation). This reporting process is essential for initiating investigations and securing evidence.
- Seek financial compensation. Victims of financial cybercrime such as unauthorised bank transactions may seek assistance from their bank. Additionally, the Financial Services Ombudsman can help resolve disputes with financial institutions over cyber-related issues.
- Consider civil litigation. Victims may file civil claims for damages as a result of financial loss or emotional distress due to cybercrime. For example, if a business fails to protect customer data as required by POPIA, affected individuals may seek compensation.
- Seek a protection order for cyber harassment. South African law permits victims of cyberbullying, harassment, or stalking to obtain protection orders through local magistrates’ courts. These orders can prevent perpetrators from contacting or harassing victims.
Let SD Law help
If you have questions about cybercrime, the Cybercrimes Act, or any other legal matter, give Cape Town attorney Simon Dippenaar a call on 086 099 5146 or email sdippenaar@sdlaw.co.za.
Further reading:
- Cybercrime – how to avoid being scammed
- Cybercrime – Court Reaffirms Who Bears Responsibility For Payment Where Email System Is Spoofed!!
- Cyber extortion
SD Law
The information on this website is provided to assist the reader with a general understanding of the law. While we believe the information to be factually accurate, and have taken care in our preparation of these pages, these articles cannot and do not take individual circumstances into account and are not a substitute for personal legal advice. If you have a legal matter that concerns you, please consult a qualified attorney. Simon Dippenaar & Associates takes no responsibility for any action you may take as a result of reading the information contained herein (or the consequences thereof), in the absence of professional legal advice.