{"id":642063,"date":"2026-04-23T17:00:09","date_gmt":"2026-04-23T15:00:09","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=642063"},"modified":"2026-04-23T17:05:04","modified_gmt":"2026-04-23T15:05:04","slug":"company-insiders-help-hackers-in-south-africa","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/642063-company-insiders-help-hackers-in-south-africa.html","title":{"rendered":"Company insiders help hackers in South Africa"},"content":{"rendered":"\n<p>Insider threats were almost always a factor in breaches at major companies in South Africa, as disgruntled employees handed over critical system keys to unknown threat actors.<\/p>\n\n\n\n<p>This is according to Thalia Pillay, CEO of Orca Fraud, a South African software provider that helps fight fraud in emerging markets worldwide, which counts payment giant Ozow among its clients.<\/p>\n\n\n\n<p>Orca Fraud specialises in API-based real-time transaction-monitoring software that integrates directly into client systems, enabling the detection and blocking of incoming fraud activity.<\/p>\n\n\n\n<p>Pillay told MyBroadband that &#8220;there was almost always an insider involved&#8221; when asked about the rise of breaches of high-profile South African companies.<\/p>\n\n\n\n<p>Last week, <a href=\"https:\/\/mybroadband.co.za\/news\/security\/641250-1-2tb-of-standard-bank-data-including-credit-card-details-stolen-and-leaked-online.html\">we reported<\/a> that a threat actor named ROOTBOY breached Standard Bank and stole 1.2TB of data, including a hoard of private customer information.<\/p>\n\n\n\n<p>According to the attacker, he spent three weeks in the bank&#8217;s ICT systems, crawling through processes like Microsoft SharePoint, OneDrive, Power Apps, and the bank&#8217;s SQL databases.<\/p>\n\n\n\n<p>The hacker has threatened to leak all 1.2TB of information, which we have confirmed includes customer ID numbers, physical addresses, phone numbers, email addresses, and more.<\/p>\n\n\n\n<p>Standard Bank said a limited number of client credit card details were also affected, including card numbers and expiry dates, with card CVV numbers unaffected by the breach.<\/p>\n\n\n\n<p>Pillay said that disgruntled employees seeking revenge against employers was a common reason for the rise in breaches, according to recent examples seen by the company. <\/p>\n\n\n\n<p>&#8220;With most of these breaches, there is some form of internal collusion. Not just in South Africa but across Africa,&#8221; she said.<\/p>\n\n\n\n<p>She explained that threat actors use open-source intelligence, such as LinkedIn pages, to target specific people within organisations to gain access to critical company systems.<\/p>\n\n\n\n<p>&#8220;You&#8217;ll be so surprised at how many fraud analysts get offered bribes and things like that. So we&#8217;ve seen this historically that there is almost always an insider involved.&#8221;<\/p>\n\n\n\n<p>She said that there were &#8220;pure cyberattacks&#8221; too, but that these required too much time for an average cyber-extortion gang, and often a high level of technical sophistication.<\/p>\n\n\n\n<p>Pillay believes companies can fight insider threats by cushioning the blow for departing employees and by generally maintaining a positive work culture.<\/p>\n\n\n\n<p>&#8220;Just having better exit policies and procedures in place is always good around limiting access.&#8221;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fighting account takeover with real-time fraud detection<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"675\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/04\/Orca-Fraud-1200x675.jpg\" alt=\"\" class=\"wp-image-642086\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/04\/Orca-Fraud-1200x675.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/04\/Orca-Fraud-600x338.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/04\/Orca-Fraud-768x432.jpg 768w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/04\/Orca-Fraud-1536x864.jpg 1536w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/04\/Orca-Fraud.jpg 1600w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption class=\"wp-element-caption\">Thalia Pillay and Carla Wilby, co-founders of Orca Fraud<\/figcaption><\/figure>\n\n\n\n<p>She explained that the scale and type of client information leaked following the Standard Bank breach were particularly concerning, as they could lead to significant bursts of fraud activity.<\/p>\n\n\n\n<p>&#8220;The biggest type of fraud we see from leaked credentials is account takeovers because you&#8217;ve now equipped criminals to buy this data,&#8221; she said.<\/p>\n\n\n\n<p>Using hoards of stolen personal information, fraudsters begin creating fake accounts in bulk to steal as much money as possible, for example, on e-commerce sites and cryptocurrency platforms.<\/p>\n\n\n\n<p>Activities such as stolen card testing often occurred in large numbers after these breaches, as criminals tested the information to determine what was legitimate and what could be exploited.<\/p>\n\n\n\n<p>&#8220;We&#8217;re seeing things like card testing as a service. Entire businesses whose whole purpose is to test these leaked credentials and see which ones work.&#8221;<\/p>\n\n\n\n<p>Pillay believes that financial services companies, such as banks, can protect their clients by implementing behaviour-based transaction monitoring. This technology can detect fraud as it happens.<\/p>\n\n\n\n<p>&#8220;If you rely too much on customer complaints or reactive monitoring, the funds are already going to leave,&#8221; she said.<\/p>\n\n\n\n<p>&#8220;So having it in the real-time flow means we can block it as it happens and then make sure any potential funds don&#8217;t move.&#8221;<\/p>\n\n\n\n<p>Real-time software systems can detect when burst fraud attacks occur, as they understand who customers are and how they behave based on data collected by the company.<\/p>\n\n\n\n<p>&#8220;It&#8217;s all about risk scoring and identifying the different types of attack vectors,&#8221; she said.<\/p>\n\n\n\n<p>&#8220;Then it&#8217;s almost about being more proactive at detecting that, rather than reactive and waiting for people to notify the bank of the losses.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thalia Pillay, CEO of South African fraud prevention provider Orca Fraud said that there is almost always an insider threat in major company breach cases. <\/p>\n","protected":false},"author":341213,"featured_media":642163,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[104690,15227,104689,3666,104687,67844,104688,463,1851,104686],"class_list":["post-642063","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-breaches","tag-cybersecurity","tag-insider-threat","tag-linkedin","tag-orca-fraud","tag-ozow","tag-rootboy","tag-security-2","tag-standard-bank","tag-thalia-pillay"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/642063"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=642063"}],"version-history":[{"count":10,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/642063\/revisions"}],"predecessor-version":[{"id":643239,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/642063\/revisions\/643239"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/642163"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=642063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=642063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=642063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}