Forms of social engineering such as phishing, smishing, vishing and spoofing have become increasingly pervasive and represent some of the greatest threats to digital security. The latter of these – spoofing – poses an immense threat to individuals and businesses alike. Spoofing has facilitated devastating cases of business partner fraud in South Africa – understanding the threat it poses, as well as how to combat it, is key to protecting business perimeters. 

What is Spoofing – Social Engineering Techniques Explained 

Put simply, social engineering encompasses a range of techniques that are used by fraudsters to trick a victim into performing certain acts or willingly divulging sensitive information like passwords and credit card details. Social engineering scams use psychological manipulation by preying on human nature, vulnerabilities, and trust to trick innocent victims into handing over sensitive information that can then be used to commit fraud. 

As digital security chains become harder to crack, the human element has become the weakest link. Now, instead of breaking into digital systems, it has become easier for criminals to employ social engineering techniques to extract sensitive information, which can then be used to access secure digital systems with zero force. Reflecting these trends, a report by Mimecast shows that more than 90% of security breaches involve some degree of human error. 

Social engineering fraud has become such a pervasive category of economic crime that it has been broken down into smaller sub-categories: phishing, smishing, vishing, and spoofing are all variations of social engineering fraud. 

Of these four, spoofing is unique because it relies primarily on visual deception and trickery through impersonation. By preying on human nature, vulnerabilities, and trust, spoofing scams steal the identities of legitimate organizations or individuals and trick innocent victims into trusting impersonated emails, websites, mobile apps, and social media posts – tools that are used by the criminals to harvest sensitive information and conduct fraud. 

Social Engineering Statistics – The Fastest Growing Category of Fraud 

The FBI’s Internet Crime Report details the immense growth of social engineering fraud. In 2017, the FBI recorded 25,344 incidents of social engineering fraud. By 2021, this number had grown to 323,972 – a shocking 1,178% increase in only five years. Furthermore, of the 847,376 total complaints of cybercrimes made to the FBI in 2021, 32.8% of them referenced a form of social engineering. 

Mimecast’s report titled “The State of Email Security 2022” highlights the rapidly growing threat of spoofing. In this survey, 46% of respondents noted an increase in spoofing fraud during 2021. On average, companies reported experiencing 10 spoofing attacks per year – Germany had the highest incidence rate, with 16 attacks per year. These trends reflect the changing threat landscape facing businesses and the growing danger posed by external perpetrators of fraud. 

Spoofing scams can have immensely damaging consequences. On the one hand, the targets of spoofing scams put themselves and their businesses at risk by giving away sensitive information. On the other hand, those who get their identity stolen and exploited – whether they are companies or individuals – often suffer immense reputational damage during the scam’s fallout. The harm that spoofing scams can inflict is clearly demonstrated through the case studies of various South African companies that were scammed out of PPE supplies during the Covid-19 pandemic.

Spoofing Case Studies – Identity Theft and Vendor/Supplier Fraud 

In 2021, investigations revealed how criminals used forms of spoofing to defraud suppliers of medical equipment out of millions of Rands worth of stock. Criminals stole the identity of legitimate businesses by spoofing emails and websites, even going so far as to hire out entire office blocks to impersonate the identities of legitimate companies.

Having employed detailed spoofing techniques in order to fake a legitimate identity, the criminals then submitted applications to various suppliers of PPE for stock to be supplied on credit. Due to these spoofed identities and various failings of the credit check companies, the criminals were granted stock on credit that they subsequently stole the moment it was delivered, thereafter vanishing without a trace. 

Fraud committed by a business partner is a devastating event. Of all South African respondents to PwC’s survey, 1/3 cited distrust as the most significant emotional impact of such incidents.¹

Trust – understood as “our willingness to be vulnerable to the actions of others because we believe they have good intentions and will behave well towards us” – is the fabric that binds societies and economies together and ensures they can function well. However, scammers abuse this trust for personal gain through social engineering techniques like spoofing.

Social engineering scams are successful because they betray the trust we place in one another. Partly because of scams like these, we are more suspicious of businesses, government and each other than ever before.² The share of the global population that felt like most people could be trusted has fallen by 20% over the last 15 years.³  

Securing Business Relationships and Transactions – Due Diligence and Fraud Prevention 

The aforementioned case study demonstrates the risk inherent in business relationships. On the one hand, the relationship between a business and its customers is increasingly insecure and hazardous – customer fraud is now the second most common type of economic crime and is the most pervasive type of fraud experienced by companies with annual global revenues of more than $10 billion.⁴  

On the other hand, the relationship between a business and its suppliers, consultants, joint venture partners and other such business partners is increasingly fraught with risk – respondents to a PwC survey identified business partners as being responsible for 46% of the most disruptive economic crimes against the responding businesses. 

Shockingly, however, 24% of respondents to PwC’s survey had no third-party due diligence or risk monitoring program whatsoever, despite 20% of respondents citing vendors/suppliers as the perpetrator of their most disruptive incident of financial crime. This discrepancy must be addressed if businesses wish to operate in an environment free from crippling distrust.⁵  

Enhanced Due Diligence, KYC and Identity Verification Services South Africa 

As South Africa’s leading provider of world-class due diligence and remote-onboarding solutions, ThisIsMe is proud to be at the forefront of a trust-based and privacy-compliant digital world. To experience our full suite of advanced due diligence services, book a demonstration by contacting our team here.

Citations 

1. PwC’s 2020 Global Economic Crime and Fraud Survey.
   
2. Edelman Trust Barometer 2021.
   
3. Deloitte. The link between trust and economic prosperity.
   
4. PwC. Global Economic Crime and Fraud Survey 2022.
   
5. PwC. Global Economic Crime and Fraud Survey. 2020.