By Prince Osuagwu, Hi-Tech Editor
The story of the 80 Nigerians recently indicted for internet-related crimes by the US Federal Bureau of Investigations, FBI, has raised a new security consciousness for people doing online transactions to adopt protective measures.
Although, this has worsened the country’s international image, high level financial fraud by Nigerians isn’t new, nor is it in its complexity or intensity.
In December 2013, Tobechi Enyinna Onwuhara, after a financial fraud history of over $38million was sentenced to 70 months imprisonment in the United States. He was a fugitive for four years and was featured on America’s Most Wanted List.
The case was investigated by the FBI, United States Secret Service, the Alexandria Police Department, the U.S. Marshals Service and Australian Federal Police.
Onwuhara was eventually found in Sydney, Australia and helped to coordinate the recovery of evidence and extradited to the United States.
In 1995, a former Union Bank Director and advanced fee-fraud artist, Emmanuel Nwude, defrauded Nelson Sakaguchi, a Director at Brazil’s Banco Noroeste based in São Paulo, of $242 million.
Nwude was said to have posed as then-Nigerian Central Bank Governor Paul Ogwuma.
He allegedly sold a non-existent airport to Banco Noroeste, an incident that has been listed as the third-largest crime in banking history.
There was also an intriguing example of the case of Onyeka Opara, a Nigerian apprehended and extradited from South Africa to New York.
Between 2014 and 2016, Opara participated in business email compromise scams targeting thousands of victims around the world, including the United States.
As part of the scams, emails were sent to employees of various companies directing that funds be transferred to specified bank accounts.
The emails purported to be from supervisors at those companies or third party vendors that did business with those companies.
The emails, however, were not legitimate.
Rather, they were either from email accounts with a domain name that was very similar to a legitimate domain name, or the metadata in the emails had been modified so that the emails appeared as if they were from legitimate email addresses.
After victims complied with the fraudulent wiring instructions, the transferred funds were quickly withdrawn or moved into different bank accounts.
There are two noticeable common factors in all financial fraud cases or cybercrime generally. One is greed and the other carelessness or poor attention to details.
A security expert, Mr Chidi Adim, said, “Many people may not fall victim of cyber fraud if they are contented and pay attention to details. You can notice that most of the high profile financial frauds were transaction-based. Why would people want to buy what they did not see, from people they don’t know and places they are not familiar with?
“If you are cautious before parting with money on a transaction you cannot certify full proof, you will never fall victim.
“Again, in all the scam mails, just a little check will unravel the unrealistic nature of them and the senders; but carelessness will not allow victims to be vigorous.
“For me, I don’t have a Facebook or any social media account in my real name or picture. I don’t post information about me or my family online and my transactions are targeted and done under very careful and strict conditions. That is the way to put a firewall around yourself just like you also need to do to your mobile or computer systems. Otherwise, everybody is vulnerable”.
Although Adim stated that cyber or financial crimes are not peculiar to Nigeria or Nigerians and argued that the country was not even in the first 12 countries with high rate of cybercrime, he, however, admitted that the effect on the country’s economy is telling.
The Nigeria Inter-Bank Settlement System (NIBSS) Fraud Landscape in Nigeria reports that the Nigerian financial services providers lost over two billion naira to financial crime in 2018 alone.
According to the report, the 2018 fraud volume is the highest seen in the last four years. The volume of mobile financial crime committed in the financial sector in 2018 was 38, 852 which resulted in the loss of over N2 billion (2,081,090,699.56) as against 2017 when the fraud volume was 25,043 and a loss of over N1 billion (1,631,680,256.85)
Also in 2018, about 89% of all financial services fraud in Nigeria happened through electronic channels while only 11% were non-electronic.
The industry has noted that there is an alarming rate of fraud perpetuated using mobile channels in the country
How mobile fraud happens
Despite efforts of mobile operators to protect their networks from attack, there is still the feeling in the Information and Communications Technology (ICT) circle that more could be done to also protect users SIM cards from being hacked or compromised.
According to industry experts, most of the mobile frauds happen through SIM swap. This is mainly when fraudsters exploit the operators’ inability to seamlessly port a phone number to a new SIM or when the mobile banking application is being mapped to an incorrect mobile number.
Phishing – When users are tricked into revealing personal information such as PINs, passwords over the phone
Network downtime – When issues arise on the operator’s network and certain services are delayed, it usually creates opportunities for fraudsters to attack users.
Agent-related fraud – Deliberately, some licensed agents may decide to take advantage of users’ ignorance to perpetrate frauds like split transactions, overcharging, fake accounts and even impersonation, among others
Insider threat: Frauds committed either as a result of information from the organisation’s staff or their carelessness
Data & identity theft – When financial data is not sufficiently secured and access not properly protected, it creates the opportunity for hackers
However, security experts say that no matter how deadly the attacks and attackers may be, their effects are preventable.
Principal research scientist to network and endpoint security company, Sophos, Mr Chester Wisniewski, said: “Cybercriminals are evolving their attack methods and often use multiple payloads to maximise profits”.
According to him, software exploits were the initial point of entry in 23 percent of incidents and also used in different forms in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain.
“Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. Therefore, IT managers should prioritize supply chain as a security risk”, Wisniewski said.
He advised mobile financial service providers to have a strong foundation and take cognizance of all possible fraud scenarios while developing the products or applications.
The scientist also tasked organisations to develop a Fraud Indicator Dashboard for robust monitoring leveraging data analytics, because learnings from analytics in the mobile payment industry can help in early detection of red flags.
There is also the Effective Consequence Management which, he explained, to mean when MFS providers set the right tone at the top and exercise strong disciplinary action against identified suspects.