Hackers, fraudsters step up their game

Hackers and fraudsters have stepped up their game. A combination of weak internal control systems, abuse of technological loopholes and outright forgeries make many Nigerians, foreigners and banks lose cash running into billions to fraudsters annually.

Lagos lawyer Bamidele Aturu had unusually heavy incoming calls on January 11. Before he finished answering one call, another was waiting.
Earlier that day, his friends and colleagues had received a mail, telling them he was in distress.
The mail said the lawyer was out of the country, in desperate financial situation and needed N120, 000.
Not a few crosschecked with Aturu and it turned out his email account had been compromised by fraudsters.
The fraudsters, in their e-mail messages, asked that the money be paid into a First Bank and a Diamond Bank accounts. To beat them to the game, Aturu and the Economic and Financial Crimes Commission (EFCC) hatched a plot. The banks were asked to flag the accounts.
The operation led to the arrest of two suspects, Onuabuike Chukuebuka and Izuchukwu Emewulu. They appeared last Tuesday before Justice Olasumbo Olarenwaju Goodluck of the High Court of the Federal Capital Territory, Abuja on a five-count charge bordering on intent to defraud and obtain money by false pretence. The case will resume April 30.
Like Aturu, two editors, Gbenga Omotoso of The Nation and Ikechukwu Amaechi of Daily Independent, have had their e-mails hacked into.
The fraudsters told contacts on Omotoso’s mail that he was out of the country and needed money to solve his cousin’s medical issue. His phone kept ringing and he had to send bulk sms to friends and colleagues dissociating himself from the mail.
They also used the health joker in Amaechi’s case. They said he was away for dialysis and that an agent clearing the car he shipped needed N144,000, which he could not raise because he was in the hospital.
Public relations consultant Cdon Adinuba also fell victim on February 1. The scam mail was entitled: ‘Important matters,’ in which they requested N200,000 to be paid to his client in Nigeria. They said he was outside the country and could not do online transfer because his “token device” had been misplaced.
A former governorship candidate and publisher, Chief Ikechi Emenike, also had his e-mail hacked into by fraudster, who said he was stranded outside the country and needed money urgently.
Also caught in the web of the scammers is a chieftain of Aka Ikenga, Chief Goddy Uwazurike, who the fraudsters said needed N105,000 for a cousin’s lower uterine fibroid surgery.
There are several others, who have had their mails hacked into by these desperados who seem to have found in hacking an escape route from the fading scam letters to foreigners.
The EFCC believes there are rising cases of e-mail spoofing and account takeover by suspected fraudsters.
The trend, according to the commission, targets influential personalities in government and professionals.
The commission said it has assumed a frightening dimension in recent times, with many losing their e-mails to the fraudsters who deploy the accounts to various nefarious ends, including soliciting funds from friends and acquaintances of the owners of the accounts.
Acting Head, Media & Publicity, EFCC, Wilson Uwujaren said: “The commission observed that Yahoo account owners are the most vulnerable to this scam, which has brought much agony to the victims. So far, efforts to engage Yahoo to rein in the perpetrators of this heinous crime has not yielded any fruit. Yet their activities continue to pose grave threats to the image and integrity of the nation.
“In view of this, the possibility of a class action suit against Yahoo by victims, who have suffered severe emotional and financial losses arising from the actions of the hackers, may not be ruled out.
“Nevertheless, local banks that have cooperated with the commission in the investigation of cases of spoofing deserve commendation for their diligence and sense of responsibility.”
The latest Symantec Internet Security Threat Report, which ranks countries with the greatest internet security threat, also confirms the EFCC’s position that cybercrime seems to be at its peak.
Four days ago, the commission arrested five suspected internet fraudsters in Enugu, Enugu State. They were picked up from their hide out at No. 26 and 42, Chimaobi Uba Street, GRA, Enugu.
The suspects are Uche Nwakor, 27; Ejikeme Oluchukwu, 30; Ifeanyi Ejikeme, 28;Nnamani Ikechukwu,30, and Ibe Kodili.
They are alleged to be serial scammers who have defrauded several victims through hacking and forgeries.
Some of the items recovered from the suspects include $8,227, eight exotic cars, nine laptops, 21 mobile phones, two internet routers and one currency counter.
Other items found with the suspects include various bank cheques, ATM cards, a black traveling bag with 12 identity cards, a company metal seal and two international passports belonging to the same person, among other items.
It is not only hackers that are on the prowl.
An aide of a governor in the Southwest is yet to unravel how his stolen Automated Teller Machine (ATM) card was used for online purchases when the thieves were ignorant of his password.
He was in Cape Town, South Africa when he discovered that his wallet was missing. In it were his ATM cards. He contacted his bank through the electronic mail, asking that his account be blocked so that no fraudulent transaction could be carried out on it with the stolen card. The aide to a governor, who prefers anonymity, also contacted a friend who was to take a letter to his branch for the same purpose. But before the friend could take the letter to the branch of the bank on Allen Avenue, Lagos, there was a mail from the bank to the effect that the account had been blocked and no transaction could be carried out on it. The embargo on the account would only be lifted after he must have presented a letter to his branch, the e-mail explained.
But to his shock, the day after he got the mail, his card was used to pay for an online purchase. As if that was not enough, the thief also used the card to make another online payment the day after. They circumvented his password.
It took his wife’s visit to the Operations Manager of his branch before the account was restricted.
Fraudulent bankers are also catching in on weak internal controls put in place by their employers. A source at the Special Fraud Unit (SFU), Ikoyi, Lagos confirmed that bankers top the list of most wanted persons in the country.
Hadiza Abdullahi, a customer of the defunct Oceanic Bank Plc (now Ecobank Plc), had fixed N40 million in the bank in 2010 and was rest assured her money was intact. But she was soon shocked when her signature was forged and her money developed wings.
She shares similar fate with Yusuf Saleh Dunari, whose signature was forged and his N245million in a fixed deposit account in Oceanic Bank was withdrawn without his consent. He also lost another N30 million deposited in another fixed deposit account in the bank.
The then branch manager, Usman Salifu, is accused of having a hand in both cases. Justice Dije Aboki of the Kano State High Court is trying to resolve the matter.
Mrs. Olubukola Nwoke lost N6 million deposited in a Diamond Bank account. The business manager of her branch is accused of being behind the theft.
Cases of fraud by “smart alecs”, who either hide under the anonymity of the cyber space or outright forgeries, seem to be on the increase. Though the statistics for last year are still being compiled, snippets from insiders indicate that they are not going to be cheering— no thanks to the inability of banks to tame internet banking cheats and shady officials who suppress customer deposits.
ATM fraud and fraudulent transfers/withdrawals contribute a chunk of what fraudsters squeeze out of the economy regularly.
The fraud statistics for the last four years are scary: In 2011, there were 2,352 fraud cases involving N28.40 billion in banks. This figure represents “an increase of 53.5 per cent over the number of reported fraud cases of 1,532 in 2010.” Not all the attempts were successful, but in the long run, about N4.071 billion was lost to fraudsters.
According to the latest report of the Nigerian Deposit Insurance Corporation (NDIC), there were 738 ATM frauds; 331 fraudulent transfers/withdrawals, 280 cases of presentation of forged cheques, 240 cases of outright theft, 219 incidents of suppression of customer deposit, 123 cases of fraudulent conversion of cheques, 112 non-dispensing of money but registered by the Electronic Journal and 108 cases of internet fraud.
More bankers in the year chose to be dubious. Of the 2,352 fraud cases recorded, 498 were attributed to staff collusion, which showed an increase of 141 from 357 cases in 2010. This represents 39 per cent increase from the previous year.
In 2009, N7.5 billion was lost to reported cases of fraud. In 2008, N17.5 billion was siphoned by fraudsters and in 2007, N2.9 billion was lost to reported cases of fraud.
Significantly, a source told The Nation that the NDIC reports do not contain all cases of frauds in the banks. The source said many banks, for fear of attracting negative publicity, hide cases of frauds, either by outsiders or members of staff.
 
ATM fraud
 
A Lagos lawyer, Mr Mike
Dugeri, was at home not long
ago when he received an alert that he had just withdrawn N20,000 from his account.
Dugeri said: “These criminals now go as far as hacking pin numbers of Automated Teller Machine (ATM) cards of individuals. The situation bothers me personally, especially as I have been a victim of ATM fraud. While I was in my house, I received an alert on my phone that N20, 000 was being withdrawn from my account. I never made any withdrawal with my ATM and I was more shocked when on reporting to the bank, I was told that I actually made the withdrawal with my ATM card.
“Although the withdrawal was fraudulent, the bank could do nothing to help me since the records showed that my ATM made the withdrawal; but how this was done, I could not explain.
“These Internet hackers are smart and fast and I think it is time for the authorities to treat Internet fraud as a major issue.”
A student, Ogechi Onyemem, also fell victim of fraudsters, who stole her ATM card and withdrew N101, 000 from her account.
The latest report of the NDIC shows that there were 738 ATM frauds. Going by the country’s lack of respect for record keeping, many obviously were left unreported by victims.
Johnson Olabode Adeoti of the Business Administration Department, University of Ilorin, Ilorin, said: “card jamming, shoulder surfing and stolen ATM cards constitute 65.2 per cent of ATM frauds in Nigeria.”
Adeoti, who did a research on ATM fraud, explained the various means through which people are defrauded, using the ATM. He said: “Shoulder Surfing is a fraud method in which the ATM fraudster uses a giraffe method to monitor the information the customer keys in into the ATM machine, unknown to the customers; using stolen cards is a situation in which the ATM card of a customer is stolen and presented by a fake presenter; card jamming is once the ATM card is jammed, a fraudster pretending to be a genuine sympathiser will suggest that the victim re-enter his or her security code. When the card holder ultimately leaves in despair, the fraudster retrieves the card and enters the code that he has doctored clandestinely; and use of fake cards is when fraudsters use data collected from tiny cameras and devices called ‘skimmers’ that capture and record bank account information.”
Adeoti added: “Duplicate ATMs is when the fraudsters use a software which records the passwords typed on those machines. Thereafter, duplicate cards are manufactured and money is withdrawn with the use of stolen passwords. Sometimes, such frauds are insiders’ job, with the collusion of the employees of the company issuing the ATM cards; and card swapping is a card theft trick whereby a fraudster poses as a “Good Samaritan” after forcing the ATM to malfunction and then uses a sleight of hand to substitute the customer’s card with an old bank card. As the customers is endlessly trying to push the card through, the fraudster offers assistance by pretending to help the customer push through the card.”
But nemesis sometimes catches up with these fraudsters.
The long arm of the law caught up with an ATM fraudster, Auwalu Ibrahim, on January 31. He was sentenced to three years imprisonment with the option of N250,000 fine by Justice Farouq Lawan of the Federal High Court, Kano, for stealing N4,524,000 between May 30, 2010 and February 25, 2011 via a debit card fraud.
He pleaded guilty to the one count charge preferred against him by the EFCC.
A Zenith Bank security guard, who allegedly stole a customer’s ATM card and withdrew N140,000, was on February 6 charged before an Abule-Egba Senior Magistrates’ Court, Lagos.
The accused, Prestly Akathor, 36, who lives at No. 22, Ajeigbe Street, Abule-Egba, is standing trial on two counts of felony and theft.
Police prosecutor Rachael Williams said Akathor committed the offences on January 27 at Zenith Bank, Abule-Egba, Lagos at 3.40 p.m.
He said: “Akathor had assisted one Mrs Gloria Ebije, a Zenith Bank customer, in using the ATM machine but was later told off by the customer when his actions were suspicious. The customer’s ATM card later got stuck in the machine and she was told by the accused to go home and come back the following day. But before she got home, a debit alert of N140, 000 was sent to her,” the prosecutor said.
Akathor pleaded not guilty when the charges were read to him.
 
How they hack
 
Nigeria occupies the 59th
position in the latest
Symantec Internet Security Threat Report. It has moved six positions up the ladder globally among countries with the greatest internet security threat.
By the admission of stakeholders in the industry, hacking into e-mail accounts and systems of big organisations play a big role in fraud. Regularly, many get e-mails supposedly from a friend or colleague saying he is in distress and needs financial assistance. But, they find out later that hackers are at work.
An information technology expert explained how hacking is done. He said technology can be used to predict people’s passwords and hack into email accounts and send out messages to contacts in their directory.
The hackers, said the expert, randomly shoot Trojan viruses to individuals and companies’ emails, asking the recipients if they needed “expert’s help” to update their systems. The viruses are such that when the recipients click on the mail, the hacker gets an alert on his computer and then gains access to the potential victim’s system.
This way, said the expert, the hacker can keep a watch on the recipient’s online activities and note down his or her banking details once he or she accesses internet banking.
An Indian fraudster, Fajroor Khan, 26, who said he was trained by Nigerians, on January 31, used the Trojan mail to get the username and password of a company executive and transfer money to 12 accounts of his accomplices within 45 minutes.
Computer systems with pirated software are easily susceptible to Trojan viruses and the like. Country Manager, Microsoft Nigeria, Emmanuel Onyeje, told The Nation that there is a link between hacking and pirated software.
According to him, pirated soft-wares often have secret codes which are embedded on them. So, when an unsuspecting buyer buys and installs them onto his/her PC and logs to the internet, the person unwittingly exposes himself/herself to malware, phishing and viral attacks. They also ignorantly open their flanks to hackers.
He said: “To hack big organisations, which spend millions and millions of dollars to protect their system, they have very big computers to fortify their system and the only way you can beat their system is that you must have big computing power behind you but most individuals, most hackers do not have access to the millions of dollars big organisations do. What do they do? There are more than 1.2 billion PCs (personal computers) on the planet and what they do is to get a way to get a section of that, ten thousand, one million Pcs, take those Pcs as a single unit to be able to hack into an organisation. That is where piracy comes in. They are the ones giving you the software free, they download it into your Pc, they take over your Pcs and now use that Pc to do an attack on other people’s site.”
 
Nigeria not prepared
to fight hackers
 
Despite the dubious activities
of hackers, stakeholders be
lieve the country has not shown readiness to tackle the menace.
The Nigerian Communication Commission (NCC) said the framework needed to curb hackers is lacking.
Its Director, New Media and Information Security, Sylvanus Ehikioya, said the government cannot prosecute computer hackers yet, because of non-existent laws.
He said: “We, as a nation, are not very ready to fight cyber crime. The necessary infrastructure, in terms of legal and technical infrastructure, has not been put in place yet. For the technical infrastructure, the NCC is doing its best to ensure things are in order.
“But for the legal infrastructure, the government is still wobbling because since 2011, the Harmonised Cyber Security Bill has not been passed.
“Until we pass the Cyber Security Bill, there is nothing that the Nigerian government can really do. Because, as of now, if you hack into any computer system, you cannot be prosecuted because there is no enabling act.”
Ehikioya said it is the passage of the Cyber Security Bill that can empower government agencies to punish hackers, and deter those intending to commit such crimes.
He said Nigeria must collaborate with other countries to check internet crimes.
His words: “Since it cuts across boundaries, that means that there are different governments having jurisdiction in cyber governance. This implies that collaborative efforts must be put in place because of the cross jurisdictional issues involved.”
The director said the model cyber crime law being produced by the International Telecommunications Union has a section entitled “International Collaboration Co-operations”.
“This means that countries must make provisions in their laws to collaborate with other countries,” he said.
In Ehikioya’s view, when the frameworks are completed, Nigerians who commit cybercrimes against citizens in other countries, such as the United States, could be extradited to America to face trial.
 
The most wanted fraudsters
 
While hackers seem to enjoy
some form of immunity for
now, fraudulent bankers do not. Statistics from the police show that bankers top the list of wanted persons for fraud. The police say the once revered sector has been infested by “hardened criminals” whose stock in trade is to employ scientific methods of defrauding their employers and fleecing billions of naira from customers’ accounts.
The police attributed the hi-tech stealing in the industry to greedy drive to sustain a lifestyle of extravagant spending.
According to the statistics from the Police Special Fraud Unit (SFU), Milliverton Road, Ikoyi, Lagos, there are more bankers on the list of the most wanted criminals. Sources at the SFU told The Nation that no fewer than 50 bank officials had been declared wanted by the police for various fraudulent dealings.
The wanted bankers worked with established fraud syndicates outside their industry to steal depositors’ funds.
In Okene, Kogi State, seven officials of a branch of a second generation bank were declared wanted by the SFU for allegedly collaborating to defraud the bank of over N100 million.
Akinwumi Omoniyi is wanted by the SFU for alleged fraudulent conversion of over N23 million belonging to customers of the bank where he worked. He allegedly stole the money as the bank’s relationship officer.
The deposits made through him, said SFU sources, were not reflected in the customer’s statement of account. He was also involved in fraudulent booking of overdraft facilities in two different accounts and fraudulent withdrawals from another.
The 33-year-old wanted banker, who hails from Ilesa, Osun State, gave his employers addresses where police have been unable to get him. The addresses are 115, Opebi Road, Lagos and 16, Paul Ikediashi Street, Asaba, Delta State.
 
Taming the monsters
 
The NDIC said many banks
bend the rules and, as such, re
cruit employees who end up stealing depositors’ fund. It urged them to “thoroughly screen prospective employees by obtaining status report from previous employers and relevant agencies while employees should be made to be aware of the risks in defrauding or attempting to defraud the bank and the action expected, if caught. Insured banks should also endeavour to educate their customers on the use of ATM and other electronic banking services.”
The NDIC is also soliciting the assistance of judges to convict corrupt bankers. At a seminar organised for judges in Abuja last week, NDIC sought judges’ understanding.
SFU spokesperson Mrs. Ngozi Isintume, an Assistant Superintendent of Police (ASP), traced the successes recorded in bank frauds to the failure of bank chiefs to apply stringent measures while screening applicants.
Mrs. Isintume, who confirmed that more bankers had been arrested for fraud-related offences, said: “Most of the people we declare wanted are bankers and they plan the operation over a long period of time.
“Within the period, they would have relocated their families from the residential addresses they supplied the banks when they were employed. Most of them, who already have mindset to defraud the bank even before they are employed, gave the banks fake home addresses.
“Somebody, who is from Ekiti, would say he/she is from Ondo State. So, it is always difficult to find them. The moment a matter is reported and investigation commences, we send invitations to the suspects.
“After two months, if we do not see them, we send a reminder, after which the person would be declared wanted if he/she refuses to show up.
“It is with the address that the person gave to the complainant which in most times are the banks that we will go to and most times when investigators get there, they discover that the address is non-existent.
“We declare anybody who is reported to have committed fraud and refuse to come and answer for it wanted. There is no time lapse. If the person is seen 10 years after he/she was declared wanted, he/she would be arrested.”
The SFU spokesperson said it has not been easy tracking the bank officials declared wanted for defrauding their employer because the banks never go the extra mile to cross-check the addresses supplied by the suspects.
She advised employers, especially banks, to scrutinise their employees. Mrs. Isintume suggested that a verification team should be raised to visit then home addresses as claimed in the application forms.
A financial analyst, Abiola Idowu, said the temptation to commit fraud must be reduced. He said: “One is to reduce the temptation to commit fraud and the second is to increase the chances of detection. A good salary structure and excellent working conditions, which can help to a great extent to reduce the temptation to commit fraud, needs to be put in place. In addition, management should not hesitate to come to the aid of employees any time there is a genuine financial request, particularly in emergency situations.
“Such assistance not only eliminates the tendency to defraud the organisations, it helps to cultivate a group of dedicated and highly productive workforce.
“Another issue to be considered in reducing the incidence of fraud in Nigerian banking sector is the issue of fraudsters. Banks should have a good hiring and training policy as a first step in the battle to prevent fraud. This is because it has been established that the integrity of an individual is the essential deterrent to crime. A prospective employee’s background should, therefore, be thoroughly checked to ascertain if that prospective employee has previous criminal record or has dubious background or connections. Also, an employee’s lifestyle should be closely monitored to determine whether such staff is living beyond his or her legitimate income. Where an employee is considered living beyond the means known to the bank, further investigation should be carried out to determine the source of extra income.”
On hacking, experts say steps can be taken to prevent a person’s identity being stolen by using a secure email password that is updated on regularly. It is advised that email passwords are a minimum of 10 characters and should be a combination of numbers, letters and symbols to reduce the chances of them being predicted. They also advise against the use of pirated soft-wares and urged the government to ensure there is a legal framework to deter hacking.
IT expert and the Chief Executive Officer, Teledom Group, Dr Emmanuel Ekuwem, cautioned internet users against unprotected online security.
He said internet users need to protect their online transactions against security loopholes that could expose their transactions to cyber vulnerabilities.
Ekuwem, the former President, Association of Telecoms Companies (ATCON), urged governments and private bodies using web services to ensure they installed security solutions on their computers.
He said: “The greatest security threat facing governments and private bodies using the web service is lack of preparation for the increasing cyber threats.”
Ekuwem urged the National Assembly to be hasty with the passage of the security bill before them.
According to him, this is more important with Nigeria gradually transiting from cash to an electronic based economy by virtue of the implementation of the CBN’s cash-less policy.
“Cyber criminals, who attack businesses and individuals across the globe, can re-direct their energies to exploit vulnerabilities in the electronic payment system in order to perpetuate fraud,” he said.
Mr Peter Ejiofor, a Lagos Internet security expert, in a NAN report, said there was need to increase internet security solution to mitigate cyber crimes.
Ejifor expressed concern about Nigeria’s rising cyber crime profile, especially with the delay in passing into law, pending bills aimed at criminalising the acts.
He said the days of depending on only anti-virus software to keep computers safe were over, noting that internet was constantly changing and hackers were also changing techniques.
“When you use multiple security measures throughout your network, the overall security is much stronger,” Ejiofor said.
He advised computer users to implement stronger security measures to protect their cherished online data.

Posted: at 18-03-2013 08:59 AM (12 years ago) | Hero

Guy u no well o see as this thing long

Posted: at 18-03-2013 12:52 PM (12 years ago) | Hero