Explainer: Why cyber threats and scams remain a challenge in South Sudan?

Misinformation and disinformation have been weaponised as tools to build trust and to create convincing narratives in phishing email messages or inbox alerts that influence users to accept or take action, whether by revealing their sensitive information.

Writer: Makur Majeng

As the digital space in South Sudan evolved, it has opened the door to cyber threats and scams from social media platforms and other online channels. The digital space continues to be the biggest driver of information dissemination among human populations, powered by both internet and mobile telecommunications penetration in the country.

Facebook and WhatsApp are widely used means of communication for a great majority. However, these platforms have become grounds for numerous cyber threats and scams—a real danger to users. 

Cyber threats are malicious acts that seek to damage data, steal data, or disrupt digital systems. It is normally perpetrated by individuals, criminal organisations, state actors, and terrorist organisations to achieve specific objectives.

Social media scams are suspicious activities by individuals who create fake profiles or pages and unexpectedly contact users on social media to gain their trust and manipulate them. A social media scammer pretends to be a friend, family member, or anybody with specific interests. 

On the other hand, they impersonate real business entities, employers, the government, and investment or online trading platforms.

This explainer provides an analysis to understand why such threats continue in South Sudan’s social media space.

Cyber Threats and Scams

According to a joint advisory issued by SafetyComm and 211 Check, in September this year, there are different categories of cyber scams rampant in South Sudan.

There have been false alarms where users receive notification messages directly in their inbox or email claiming to be sent from Meta or Facebook about page verification, violations of community standards, and copyright infringement

Some of these messages contain threats of account deletion or suspension and demand users to click malicious links within the next few hours. The intention is to entice the users to click malicious links that may lead to the compromise of their accounts.

In addition to that, a phishing attack has been used to acquire personal information such as usernames, passwords, and credit card details. The attack weaponised malicious links embedded into the false alarm notification messages by those masquerading as trustworthy individuals or entities.  

These cyber threats and scam operations involve social engineering techniques by cybercriminals seeking to manipulate victims into providing their confidential data. 

This method involves using lures to obtain clicks, masquerading as known entities or contacts to entice the victim into providing confidential data like passwords, and clicking on a malicious link embedded within job advertisements, promotions, fake giveaways, or investment schemes.

In the last five years, SafetyComm recorded a total of 854 compromised social media accounts between 2021 and 2024. Most of the cyber threats and scams take place on the Facebook platform, which amounts to 57.3%, with WhatsApp (22.8%) and Instagram (18.9%), as documented by the SafetyComm.

The dangers that come after being comprised is that confidential data not meant for the public will get its way into the hands of unauthorised persons, leading to identity theft, data loss, and, in the worst-case scenario, unauthorised access to private materials like nudes. 

Common Cyber Scams 

Scammers send messages with claims that a user’s profile has met the requirements for a verified badge from Meta, and then users are asked to click shady links within 24 hours before it expires. Users received false alerts that they had violated Meta’s Community Standards by allegedly using fake photos or distributing misleading content and directing users to request a review through a malicious link.

Also, scammers threaten users that their accounts have violated copyright infringement and will be deleted if users fail to repeal the incident through a dubious link. 

So why are cyber scams still rampant in South Sudan?

Many social media users do not have the necessary basic cyber security knowledge and tools to detect and prevent deceptive messages or fraudulent activities.  This makes them vulnerable to clicking on malicious email links without a second thought as to whom the link is coming from, as well as reacting to providing confidential personal data when asked by impersonators. 

There are no strong mechanisms now to enforce cyber laws due to a lack of legal basis and expertise by law enforcement agencies in prosecuting various cyber fraud schemes. The Cybercrime and Computer Misuse Bill is still in parliament for deliberations. This shortcoming has empowered cybercriminals to perpetrate deadly operations against online users in the country. 

The Role of Misinformation and Disinformation

Misinformation and disinformation have been weaponised as tools to build trust and to create convincing narratives in phishing email messages or inbox alerts that influence users to accept or take action, whether by revealing their sensitive information like passwords, credit card numbers, and personal details or by doing what the message has urged them to do.

In this context, by spreading false or misleading information, attackers and scammers exploit online users’ emotions in terms of fear and curiosity to lure them in by clicking on malicious links or providing confidential data.

Conclusion:

The digital landscape in South Sudan has significantly remained vulnerable to cyber threats and scams. This is due to a lack of strengthened information technology infrastructure and a lack of digital literacy skills among online users, which leaves them vulnerable to social engineering tactics employed by cybercriminals.

The absence of enforceable cyber laws has created an environment where perpetrators operate with relative impunity, exploiting loopholes and targeting unsuspecting users on platforms like Facebook and WhatsApp.

To overcome these threats, there is a need to improve cybersecurity infrastructure and enhance digital literacy to empower the public on how to detect and avoid cyber scams. Besides, the national parliament should fast-track the enactment of the Cybercrime and Computer Misuse law to set the stage for enforcement to protect online users.

To ensure accuracy and transparency, we at 211 Check welcome corrections from our readers. If you spot an error in this article, please request a correction using this form. Our team will review your request and make the necessary corrections immediately, if any.

It’s vital to fight misinformation and disinformation in the media by avoiding fake news. Don’t share content you’re uncertain about. False information can harm and mislead people, risking their lives—Fact-check before sharing.  For more details, visit https://211check.org/, or message us on WhatsApp at +211 921 350 435. #FactsMatter.