Cybercriminals prey upon innocent citizens

0
345

…Experts warn of effects on economy

Uba Group

BY KENNETH EZE

Professionals, law enforcement and regulatory agencies have warned that technology and social media should be used cautiously, because cybercriminals are on the prowl, ready to pounce on unsuspecting and unguarded members of the public in the cyber space.

Former Inspector-General of Police, Abubakar Adamu, in a statement assured “Nigerians of the continued resolve of the Force to rid the country of all forms of crimes and criminality, including cybercrimes.”

“Some cybercriminals specialise in hacking the websites of established businesses including financial institutions

Cyber criminality has become so prevalent that it caught the attention of the Nigerian Communications Commission, which took to various platforms to broadcast a stern warning against taking online engagements lightly.

In a broadcast, titled ‘NCC Cyber Alert’ being circulated across media platforms including SMS, it warned “Do not respond to messages/calls asking for your personal identifiable information, bank verification number, card information, national identification number, one-time password, login information. #BeCyberAware.”

Addressing a particular area that cybercriminals can seek to profit from, the Force Public Relations Officer, Frank Mba, cautioned that people should guard their SIM cards jealously to prevent it from falling into the wrong hands, and being used to hurt the owners.

While the police were parading some suspected cybercriminals in Abuja, Mba pointed out that the phone SIM card might mean different things to different people.

While the legitimate owner or user might see it as a means of communications or transactions, undesirable elements might view it as a key to slice open the secrets and fortunes of the legitimate owner in order to help themselves, illegitimately.

Cyberspace is a jungle

A roving IT consultant, Ejiro Nketia told The Point that people should imagine the cyberspace as a jungle and exercise the same level of caution they would, if they found themselves in a thick jungle.

He said, “the problem with users of the cyberspace, particularly individuals, is that they easily get carried away by the little pleasures available at social media platforms.”
To him and his likes, enlightenment is very important so that people would not easily fall prey to marauding criminals on the Internet.

Nketia likened the cyberspace to the sea or thick forest both of which are inhabited by different types of creatures, who feed on each other, while survival of the fittest reigns.
In his opinion the peculiar nature of the cyberspace is such that it offers criminals some sense of invisibility.

“They use complex codes and passwords to protect themselves and cover their tracks. Someone next door can appear as if in another country, and vice versa, while using the net,” he said.

These are some of the things that embolden them to steal the identities of high standing individuals and hack into websites of reputable businesses, Nketia highlighted.
Little wonder, they impersonated very senior serving police officers on Facebook and used their fake accounts to defraud unsuspecting citizens.

They can also open and operate bank accounts with stolen identities.

A police statement at npf.gov.ng in this regard, disclosed that cybercriminals engage in all manner of shoddy-deals including “cases of romance and online dating scams, generating and deployment of fake bank alerts, hacking and fraudulent wire transfers, cyber stalking and impersonation of high profile personalities.”

The daredevil criminals have gone overboard, doing the unthinkable.

Three siblings were recently arrested “for running a fake Frank Mba Foundation bank account with FCMB,” the NPF said in a statement.

It revealed that “The trio used a fake Facebook account and they fraudulently operated bank account to defraud innocent Nigerians.”

Corporates can also fall prey

Some cybercriminals specialise in hacking the websites of established businesses including financial institutions.

The NPF pointed out their “generating and deployment of fake bank alerts,” but they go further.

They can empty individual and corporate bank accounts with the aid of stolen identities.
This has compelled the Central Bank of Nigeria to issue a framework to protect other financial institutions against cyberattack.

Director, Other Financial Institutions Supervision Department, at the CBN, Nkiru Asiegbu, in a memo to the OFIs said that the framework was necessitated by the number and sophistication of cybersecurity threats and attacks against the OFIs.

She said, “Due to the recent increase in the number and sophistication of cyber security threats and attacks on OFIs, it has become necessary and mandatory for the sub-sector to strengthen its cyber resilience, if it is to remain safe and sound.

“Consequently, the CBN is releasing the draft framework and guidelines stipulating minimum requirements for enhancing cyber security.’’

To guard against ignorance, the bank strongly recommended the appointment of a Chief Information Security Officer, who would be vested with the responsibility of day-to-day cybersecurity and mitigation of cyber-security risks in the OFIs.

Another modus operandi of cybercriminals in the financial services sector is to entice people with soft and cheap loan offers with the aid of fake social media accounts.
They wangle their way through the social media jungle and seduce unsuspecting members of the public by flaunting fake cheap and quick-fix financial solutions.

A cybercrime target, Muyiwa Oki, told The Point that he was contacted on Facebook messenger by what he believed was Guaranty Trust Bank with an offer for a soft loan.

“I called someone at GTbank, who gave me three email addresses to file my complaints, which I did, but nothing has come out of it. I have a feeling that these scammers are working with insiders in some Nigerian banks

They sought to lure him in with what they called ‘GT Bank Quick Credit.’

The cybercriminals crafted their messaging to appeal to a very wide audience. It read, “Whether you are a salary earner or self-employed, you can now get the cash you need instantly, and pay back over 6-12 months. Quick credit gives you funds up to N5m at an interest rate of 1.5 per cent monthly.”

Backed with this, they had a brief chat with Oki. And the moment he indicated interest, the operator of the fake Facebook account instructed “kindly provide your GTBank account number.”

Oki said that he smelt a rat and countered, “I’m making an enquiry about service. You are asking for my account number?”

The scammer remained adamant and pushed further. “Do you wish to apply for a loan? Kindly provide your GTBank account number to begin” with.

Oki, who said he already had an unresolved failed money transfer between GTB and First Bank of Nigeria, got cautious and in anger asked, “how many people have you scammed?”
That brought out the true colour of the criminal as the person countered, “your papa! I curse you.”

Tales of woe pervade the public space of innocent citizens preyed upon by cybercriminals using the logo and other brand identities of trusted financial service providers, other established businesses, institutions and government agencies, particularly for employment scams.

Unfortunately, it seems that the banks are taking sides with the criminals as complaints are mostly treated with levity.

Okezie Oginna (not real names) was not as lucky as Oki. He lost almost N100,000.00 to fake Facebook account operators.

He told The Point that he fell to the tricks of someone who brandished quick credit on Facebook by supplying his GTBank account number as instructed.

“The moment I supplied my account details, the next thing I got was debit alert on my account. I was angry but not moved, initially, because I felt I knew people at the bank and would easily resolve it.

I called someone at the bank, who gave me three email addresses to file my complaints, which I did, but nothing has come out of it. I have a feeling that these scammers are working with insiders in some Nigerian banks,” he lamented.

He is devastated for the money lost. But, he is more let down by the attitude of GTBank, who he pointed out “instead of taking sides with me, have decided to stand with the fraudsters. My account with the bank was siphoned into another account with the same bank, yet the bank has been moping helplessly.”

Individuals not spared, poor or wealthy

Cybercriminals are not content with corporates, high profile personalities or law enforcement agents. Ordinary citizens are also their soft targets.

For them, life is a jungle and they live by the saying ‘there is no paddy in the jungle.’
Apart from stealing, they clone SIM cards and social media accounts for nefarious activities.

A cybersecurity expert and SME enthusiast, Solomon Igie told The Point in a telephone chat that each person should watch out for himself or herself to avoid falling victim to what he called ‘cyber kidnappers.’

Igie said, “once they kidnap your social media accounts, the first thing would be to pack all your identity into their bag with the objective of helping themselves to the victim’s money, or getting his loved ones send money to them as if to rescue the victim or helping a good cause.”

Igie warned that each person should watch out. “Several people have their identities in the hands of cybercriminals without knowing. They can clone individual or corporate accounts, websites, apps or SIM cards. Such people are living-dead, unless they set themselves free from the captivity of cybercriminals,” he added.

Others, he explained, might be wolves in ship’s clothing – criminals who have stolen the identities of someone they know for the purpose of obtaining from mutual friends or acquaintances. “The person you are chatting with, can be bidding for the right moment to strike,” he pointed out.

He cautioned that once an online conversation has shifted to money, the best thing would be to take it offline or do a video call. It’s better to err on the side of caution.
One man who failed to err on the side of caution is Odion Agbe (not real names).
He was sent a friend request on Facebook by a former female colleague at work, Engie Ogie (not real names) and he accepted.

They chatted for some time. But the moment she felt she had taken him in, she offered a quick high-yielding deal.

Agbe, in the bid to play safe asked for a telephone contact. Ogie shared a phone number with a proviso that she was at a remote location, with poor phone network. However, with sights on the enticing deal, Agbe didn’t factor in that phone and data networks were intertwined.

Ogie assured Agbe that she would refund him if the deal didn’t work and urged him to make a quick decision to avoid losing the opportunity.

He only realised the truth, when his initial deposit was said to be for band of the deal already filled-up. He was required to make higher deposit and yet another. After the third deposit, it dawned on him that he was in bed with internet ghosts.

Solutions, possible recovery procedures

Many would be quick to seek the intervention of the NPF, but the experience Mba should show that the criminals are sleek and daring.

A legal practitioner with vast experience in corporate law, particularly banking, counselled that whoever has fallen a victim should focus on a court of competent jurisdiction for solution.

The lawyer, whose identity, The Point would want to protect, said that victims, “should approach a High Court and obtain an order for reversal of his money or post no debit the account. This will compel the culprit to surface.”

The court order can “include request for the BVN on the suspected account, which can be used to the banking footsteps of the suspect, should the money illegally transferred have been moved to another bank or account.”

The legal practitioner maintained that it is not a difficult thing to get a court order.
“We are too impatient and afraid of everything,” he added, pointing out that if the order required is to freeze the account, it has to be from the High Court.

For Oginna and Agbe, and their likes, what the bank needs is a valid court order and if the bank is in doubt they can do a due diligence by confirming from the court to be sure the order was made from that court.

The only other option would be for the bank to notify the account holder of the order to enable the customer challenge the order if he has reason to do so.
Anything contrary to these would amount to a contravention of a court order, which is contempt, which would land the managing director of the affected bank or whichever officer of the bank found culpable in jail.

modus operandi

They study systems and take advantage; obtain from the vulnerable; entice and capture the greedy; appropriate emotional and reputational bank accounts of individuals and corporates; no ICT system or app is tamperproof; personal discretion counts much in self-preservation.