Beware: Electronic Fraudsters on Rampage
Despite the efforts of security agencies at eradicating cyber crimes, fraudsters still penetrates the pause of Nigerians as SECURITY MONITOR’S Wunmi Ogunsanwo traces how Internet scam, ATM fraud and many other types of e-transactions left bitter tale in mouth of the victims.
“Kindly link your ATM card and register it to our BVN platform below.” This was the message sent to Cbibuzor Godwin, a 40 year old media practitioner via email, with username, Zenith Card Department. Chibuzor ignored the message for a few days and later attempted the link provided on it.
Upon clicking on the link, he realized that the message was a complete scam as the website was said to have “been blocked over security preferences”. Chibuzor told SECURITY MONITOR that “I opened the link and discovered that it was a forged website. The message on the link read, “Reported web forgery! This website at www.tamarisa.com has been reported as a web forgery and has been blocked based on security preferences”. According to Chibuzor, web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust. He warned that entering any information on the web might result in identity theft or other fraud.
Though Chibuzor was very lucky to have escaped being swindled, Tijani Sanni experience was not pleasant. Tijani, 43, is a businessman at Idumota market. While in his shop attending to a customer recently, he received an small and medium service, SMS notification of a debit transaction to his account in from Kano. He had been defrauded of N50, 000. He approached his banker and was informed of e=transaction from his account to another account. Although, efforts are at top gear to apprehend the perpetrator but till now the whereabouts of the suspect seems to be a Herculean task.
A horrible trending development happened last week. Though, no more news as both the video and information about a mild drama that was orchestrated in a branch of Guaranteed Trust Bank, GTB has gone viral. A young man claimed a sum of N150, 000 vanished from his account and all his efforts to get it back proved abortive. After a month and few days, he resorted into pulling off his clothes in the banking hall so his money can be given back to him. It takes the effort of security agents to restore normalcy into the banking hall as the man remained adamant claiming that the bank must refund him. How the money got missing from his bank account remained mysterious as neither the bank officials nor the man has clear picture of what transpired.
In another but related development, Mathias Bodunde 38, had a desperate need for money and had to dispose of his private car. He entered into negotiations with a prospective buyer, Tosin Kuku. Mathias demanded that payment be made into his bank account before transfer of possession and ownership. Indeed, the following day, he received a credit alert apparently confirming payment. Unfortunately, Mathias did not take the pain to verify the authenticity of the message and confirm his account balance before relinquishing ownership of his car. Several days later, at the point of withdrawal, it dawned on him that no deposit transaction had occurred on his account. What had then happened? He asked rhetorically. Mathias rushed into the banking hall showing them the alert message but was shocked to hear that the message intimating him of debit did not emanate from the bank. It became an argument until security agent was invited to take him away.
Ladi Adewumi, a Lagos based Information Technologist and Chief Executive Officer, C.E.O of Trinity Digitals, attributes this possibility to the bulk short messaging service (sms) application, which allows users a good deal of customization. With this application, the sender’s name can be customized, and the message content designed to follow any format of choice, and, in this case, the format of a bank’s credit notification. It is therefore imaginable that the car buyer customized the sender’s name to imitate the bank, and styled the content to match. And that may be exactly what happened. As the sms goes thus:
XYZBank
Acct: xxxxxx0012
Amt: NGN1, 500, 000. 00 Cr
Desc: NIBSS Instant Payment-058964451268134505
555676438345 USSD
NIP Transfer from:
08063124365 TO Mathias Bodunde from Tosin Kuku
Avail Bal: 1, 500, 259. 64
The message appears faultless at a cursory look, and could deceive even the smartest individual.
Adewumi, a website design specialist further noted that there are specialized fraudsters for card cloning, phishing emails and identity theft.
According to him “In card cloning, the fraudster fits an electronic skimming device over the card slot of an Automated Teller Machine (ATM), while a miniature camera, typically a mobile phone camera, is mounted above the keypad of the ATM, concealed from sight. As the card is swiped through the slot, the skimming device captures the information stored on the card, and the camera records the Personal Identification Number (PIN) as it is entered on the keypad. The information on a typical ATM card includes full name, account Number and Card Functions”.
“The information obtained is then transferred, of course by electronic means, to a brand new card. While you may then be in your bedroom lying comfortably in bed, the spitting image of your “plastic” is somewhere else doing business for someone else, you never get to know until the debit message gets to your phone. It is, however, believed that the chip and PIN card is less vulnerable to cloning than the magnetic strip. So, as card technology improves and moves from magnetic strip to electronic chip, the incidence of card cloning is also expected to be on the decline” Adewumi opines.
SECURITY MONITOR also discovered that some fraudsters employ the use Phishing email. This is the fraudulent practice of sending emails, purportedly from reliable sources, requesting confidential information, such as passwords or ATM card details. In a nutshell, the sole aim of phishing is towards identity theft. Once obtained, the information is then used to make transactions or to make purchases online. This would have been the fate of Chibuzor Godwin, had he responded to the emails, t to him requesting for his BVN.
In an era of telecoms and internet revolution, many unimaginable trends are possible. Technology and computer applications are known to have been manipulated to suit various purposes never imagined by the inventors. The first step in to avoid a possible fraud is to be able to identify it when you see one. Passwords and PINs are the key that unlocks the door peoples’ treasure. It may then be necessary to proactive and be conscious while raveling confidential financial details.
Adewumi however advises Nigerians not to respond to emails requesting passwords or PINs online, however genuine they may look. “Not even your financial institution has the right to request such information”. “Do not feel ashamed to ask people to step back when entering your PIN on an ATM keypad. Even if you request help, ask to be excused when entering your PIN.
Cover the keypad with your free hand when entering the PIN to avoid spy cameras.
Do not write your PIN or password down;try to memorize them. If you suspect they may have been compromised, change them.
As quickly as possible, report loss or theft of card to the issuer. That way, you will not be held responsible for any card transaction that occurs afterwards.
Note that ATMs in crowded places are less vulnerable to attack and cloning than those in deserted places.
Those are some of the steps that may help in achieving a measure of money security”, The I. T guru warned.
About Author
