By Cosmas Omegoh
Internet banking fraudsters are on the prowl. They are everywhere, roving and roaring like wounded lions looking for money to steal. And they are punishing those who let their bank accounts loose.
The activities of this tribe of Internet banking thieves, according to Saheed Olawuyi, Associate Director and Head, Forensic Services, KPMG in Nigeria, constitute cyber crime.
Olawuyi said: “Cybercrime and e-fraud refer to any criminal activity performed, using computers, computer networks and the Internet.
“It may also be referred to as any fraudulent behaviour connected with the use of computers and/or electronic platforms. The complexity and reliance on technology by modern enterprises as well as the increasing ease of access to the Internet by all and sundry, have created more opportunities for fraud and other forms of exploitation, especially on the Internet and other electronic platforms, hence, the increase in cybercrime/ e-fraud.”
Olawuyi added: “As the channels available to customers and consumers are becoming more portable, so are the fraudsters.
“Analysis of sample cases and investigations carried out by KPMG Forensic Services, Nigeria, between 2013 and 2015 shows a rapid increase in cases of cybercrime/e-fraud, which can be attributed to the increasing adoption of technology and alternate electronic delivery channels.”
According to Daily Sun investigations, targets and victims of Internet marauders are individuals, groups and organisations who negligently allow access to their bank account details.
These thieves begin their forays by sending spurious messages to their targets’ e-mail accounts or cell phone numbers, making them look like they are coming from various banks. The messages simply alert the receivers of an impending deduction of some significant amount of money from their accounts, a development that can raise anybody’s bile to high levels. Sometimes, the fraudsters put it that the money had already been deducted because the account holders subscribed to a phony bank digest or service. They urge their targets to follow a certain link to cancel or reverse the transaction if they did not authorise it.
On the other hand, they send sms messages, alerting their targets that their Automatic Teller Machines (ATMs) cards have been deactivated by the Central Bank of Nigeria (CBN). They ask them to call a given number so as to reactivate the Bank Verification Numbers (BVNs). They can also vary the strategy or the message. But it is all intended to put the unsuspecting bank customer in a panic mode.
In these lean times, who will not let a whimper at realising that their account had been compromised? At receiving such messages, expectedly, many would spring up to respond to them. They are the ones instantly caught napping. At the point they fall for this gambit is where they begin to lose everything. The Internet link eventually becomes a channel through which they will give away their entire account details. Such details soon appear on the fraudsters’ computer. Armed with the rare gift, they proceed to wreck their targets. Every kobo they have laboured to save is taken away in one fell swoop.
Daily Sun further found out that sometimes the road to the victim’s ruin begins at the point they hand out their cell phone numbers or e-mail accounts via their complimentary cards to individuals they never knew would turn around to mean harm. Friends, relatives or associates, working in association with fraudsters can equally give away a target. This can only be realised when phony messages begin to pour in.
Daily Sun learnt that the fraudsters simply carefully clone the web pages of various banks and make them look real to the undiscerning and unsuspecting target. In fact, only hard-to-identify difference exists between the banks’ real web pages and the fakes. But when fraudsters tip off their targets that a deduction had been made from their account, they hardly give him an alert because they don’t know how much the account holds.
Investigations also revealed that when the fraudsters are unsure of their targets’ real banks, they desperately send them messages purportedly from various banks. This is the point where the wise ones suspect that such messages are fraudulent. Only the unsuspecting ones fail to realise this and end up becoming preys.
A man, Tony, is one person who has been assailed lately with such fraudulent messages. He told Daily Sun that he had been a customer of a certain new-generation bank for eight years. That at some point, he started seeing e-mail messages from the bank, telling him to follow a link to either cancel a subscription or to prevent his ATM service from being deactivated.
“Of late, I have been bombarded with a series of messages I was made to believe was coming from my bank. When it is not through my e-mail box, it is via sms.
“For instance, the one sent to me on July 12 reads: ‘Please ,be informed that a debit transaction occurred on your bank account. Kindly find details of the transaction below.’
The message said it was in respect of a monthly customer digest subscription reference no 81596777 and the amount deducted was N10,098. But did I subscribe to anything? No!
“The message goes thus: ‘As a result of this transaction, the balance on this account would be deducted within two hours. To maintain this subscription, do not take any action as this would be a constant deduction from your account every month.
‘If you wish to unsubscribe for this monthly bulletin, kindly do so here. CANCEL SUBSCRIPTION. Kindly update the mobile code sent to your phone to be unsubscribed from the monthly debit immediately. A customer representative will call you after you update the mobile code.’
“I knew that this was coming from fraudsters. I receive such messages even from banks I have no account with; it’s all fraud. So, the moment I see such I’m always careful.”
He also showed the reporter a text message on his phone, which was sent from 07030991623, warning him that the Central Bank of Nigeria (CBN) had blocked his account and ATM card. The messages reads: “Dear customer, Central Bank of Nigeria has blocked your account and ATM card due to incomplete BVN registration. Call our customer care on 07030991623 to reactivate.”
When the reporter placed a call to 07030991623, a male voice rang out. The owner sounded barely educated. Then the following conversation ensued: “Hello sir, is this the CBN?
“Yes, this is CBN!
“Please, who am I speaking with, sir?
“You are speaking with Mr. Ben.
“Mr. Ben, why do you want to block my ATM card and bank account?
“…Because we are the head of all banks.
“But don’t you think you are a fraudster…?”At that point he quit the conversation.
A staff of a blue-chip company on Victoria Island, who spoke on condition of anonymity also recalled she had been receiving fraudulent messages, asking her to follow a link to unsubscribe from a service which she never asked for, lest her bank account would be blocked.
“All that might be coming from someone who knows me or someone I probably gave my complimentary card in the course of my job.
“Every now and then, I get even messages from banks I have no business with. It is funny.
“I always delete such messages. I quickly do so because I don’t want to mistakenly fall for the fraudsters. That would be disastrous.”
Mr. Chizoba Ikenwa, an Internet Communication Technology (ICT) expert, told the reporter that he used to receive an average of ten fraudulent messages a month.
“Last month, I received more than enough of them. Each one was asking me to do one thing or another; they followed the same pattern.
“This one, for instance, says: ‘Dear customer, due to our BVN system upgrade, your ATM card has been deactivated; to activate call 07068557020 for help.’ I received the same message again from the number three days after.”
He showed the reporter another message from 08108382906, asking him to do the same thing. It urged him to call a certain John on 08109756520. He showed the reporter yet another message from 08163361007, saying the same thing. There were, in fact, two of such messages sent to him on two different occasions from the same number.
While warning that those messages were all fake, he said those of them asking the recipient to follow a certain link were usually Internet-based.
“When you are asked to follow such link and you do, a cloned CBN website quickly pops up. The fake CBN website will then request the recipient to fill in their bank details in the pretence that once that is done, every BVN challenge they have would be resolved at source.
“But as soon as you enter your details, you simply give the fraudsters your account, pin, password – everything. After that, it will not be long before the fraudsters strike and clear all the money they can find there. That is how they operate,” he said.
According to the Nigerian Inter-Bank Settlements Systems (NIBSS) Plc, Nigerian banks lost a total of N159 billion to electronic fraud between 2000 and the first quarter of 2013.
The organisation disclosed that due to the successful switch from magnetic stripe for automated teller machine (ATM) cards in 2009 to a more secured chip and PIN cards, there was some reduction in e-fraud amounting to N21.72 billion which further declined to N14.96 billion in 2010.
At the recent inauguration of Cybercrime Advisory Council, by the Office of National Security Adviser (ONSA) in Abuja, it was observed that the annual cost of cybercrime to Nigeria stood at N127 billion. It was further observed that, that was equivalent to 0.08 per cent of the country’s Gross Domestic Products (GDP). This disclosure was made by Maj-Gen. Babagana Munguno, the Chairman of the council.
He said: “The 2014 Annual report of the Nigeria Deposit Insurance Corporation (NDIC) shows that between year 2013 and 2014, fraud on e-payment platform of the Nigerian banking sector increased by 183 per cent. Also, a report published in 2014 by the Centre for Strategic and International Studies, UK, estimated the annual cost of cybercrime to Nigeria at 0.08 per cent of our GDP, representing about N127billion.”
Meanwhile, a corporate communications manager of a commercial banks, speaking on condition of anonymity, told Daily Sun: “All those messages asking bank customers to reveal information about their bank details are fake. They certainly do not emanate from any bank.
“On our part, we have been sending sms to our numerous customers asking them to neglect such messages whenever they receive them. We insist that if they are in doubt they should call us.”
Reinforcing this admonition, the CBN recently issued a release, Beware of Fraudulent SMS on ATM cards, warning bank customers to be cautious of messages from unscrupulous sources.
Acting Director, Corporate Communications of the apex bank, Isaac Okorafor said: “The Central Bank of Nigeria (CBN) again wishes to caution bank customers against falling prey to the activities of unscrupulous individuals who demand for the details of their debit (ATM) cards as well as their Personal Identification Numbers (PIN), under the pretext of being customer-care representatives of the CBN.
“Those messages and calls are intended to lure bank account holders to reveal their personal details which the fraudsters could use to defraud them.
“The public is therefore warned, yet again, that neither the Central Bank of Nigeria and deposit money banks nor their employees or agents would ever call bank customers or send e-mail/text messages requesting for passwords, card details or personal identification numbers (PIN).
“Bank customers are, therefore, advised to personally visit their banks for any issue, requiring disclosure of personal bank details.”