Continental cyber-security analysis shows an increase in phishing attacks in Rwanda that aim at tricking email users to reveal personal information.  

Statistics from Kaspersky, a global cyber-security firm show that phishing attacks are becoming increasingly more targeted at Rwandans with several new tricks such as human resource dismissal emails and bank services.

In the last three months, 5 countries in Africa including Rwanda were found to have a significant increase in the detected attacks. Others include South Africa, Kenya, Egypt and Nigeria.

Phishing is a popular cyber-attack method done at a large scale by sending massive waves of emails under the name of legitimate institutions or promoting fake pages, with the aim of gaining access to victims’ credentials.

The cybersecurity firm noted that in the second quarter of the year, phishers increasingly performed targeted attacks, with most of their focus on small companies.

 "To attract attention, fraudsters forged emails and websites from organisations whose products or services could be purchased by potential victims. In the process of making these fake assets, fraudsters often did not even try to make the site appear authentic. Such targeted phishing attacks can have serious consequences. Once a fraudster has gained access to an employee's mailbox, they can use it to carry out further attacks on the company the employee works for, the rest of its staff, or even its contractors,” the report noted.

It was further observed that following the COVID-19 outbreak, there are more easily believable "excuses” fraudsters use when asking for personal information. Among key vulnerabilities exploited include; delivery services, Postal services, financial services as well as Human resource services.

For instance, at the peak of the pandemic, organizations responsible for delivering parcels were in a hurry to notify recipients of possible delays. These are the types of emails that fraudsters began to fake, with victims asked to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination.

Financial services also fell prey to the attacks in the second quarter of the year with phishing attacks often carried out using emails offering various benefits and bonuses to customers of credit institutions due to the pandemic.

Emails received by users contained a file with instructions or links to get more details and attempt to gain access to users’ computers, personal data, or authentication data for various services.

With the weakening of the economy during the pandemic in a number of countries caused a wave of unemployment, fraudsters have jumped on the opportunity to attempt to reach employees of organizations.

Tatyana Sidorina, security expert at Kaspersky said that there is a trend of scammers adapting old schemes to the current news agenda.

"When summarising the results of the first quarter, we assumed that COVID-19 would be the main topic for spammers and phishers for the past few months. And it certainly happened. While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks,” she said.

Cybersecurity experts say that among ways to reduce vulnerability to such attempts include always checking online addresses in unknown or unexpected messages to make sure they are genuine and that the link in the message doesn’t hide another hyperlink.

The rate of cybercrimes escalated during the three months the country was in lockdown, with a 72 per cent increase in the amount of money involved, according to statistics of the Rwanda Investigation Bureau (RIB).

Between January and March 22 when the country went into total lockdown, Rwf25.9 million had been stolen by cybercriminals in 39 cases that RIB investigated.

For the next three months, the lost amount increased to Rwf44.6 million, representing a 72 per cent rise while the number of cases more than doubled to 89.