Modern Information and Communications Technology ICT has gained notoriety for being hub of internet scams, with fraudsters using various tactics to deceive unsuspecting victims.
These scams have evolved over the years, but their impacts remain significant; in this article Business Editor, Onu Okorie delved into the world of ICT scammers and tips to uncovered their gimmicks.
Excerpts:
In the 1990s, Nigerian scammers gained infamy for defrauding foreigners of millions of dollars.
These scammers were often uneducated criminals who found ways to cover their tracks and establish legitimate businesses using fraudulent funds and some even managed to rise to positions of power and influence, becoming respected philanthropists or politicians.
Following efforts made by the government to curtail the menace of internet scams, a section of the Nigerian penal code known as “419” was created.
According to Nigeria Inter-Bank Settlement System Plc (NIBSS), Nigerians have long been perceived to have perpetrated some of the most cunning and inventive scams, so much so that the country’s reputation around the globe has been negatively impacted by the trend.
However, the activities of these unscrupulous elements in the society is not limited to Nigeria as evidence shows that it’s becoming a global trends.
For instance, in 2022, Report showed that about 236.1 million ransomware attacks were reported worldwide in the first half of that year.
While this reputation predates the advent of electronic payments, it has continuously evolved to the extent that financial institutions and service providers alike are constantly on the lookout for odd behaviours to ensure that any potentially fraudulent behaviour is nipped in the bud.
To truly understand the magnitude and far-reaching effects of this global menace of ICT or Internet fraud, various experts have estimated the cost impact to reach 7 trillion US Dollars by the end of this year.
Worse still, numerous studies have estimated a yearly 15 per cent increase in global internet fraud losses over the next five years, reaching 10.5 trillion US Dollars annually by 2025.
In Nigeria, enacting the Cybercrime Act by the National Assembly in 2015 has done little to stem the growing cases of frauds perpetrated by cybercriminals.
Realistically, this epidemic continues to thrive because the internet is fragile and flawed, while internet fraudsters or cybercriminals are invisible but lethal.
Experts say that one should be worried about this predicament for many reasons which include the fact that a single computer can bring down the entire system.
According to Information Security Analyst, Dr. Francis Akogwu Alu, the world wide web is an intricate connection of computers to one another through an internet protocol that allows them to communicate with each other.
“Now, the downside to the networked system of any organisation is that when attacked by cybercriminals, an impact on one computer device could bring down the entire system, portending huge losses to individuals, businesses, and organisations.
“This dependability and interconnectivity pose more threat to internet users because an attack on other devices on your network could inadvertently harm you. In simple terms, if your work colleague gets attacked by cyber criminals, then chances are that you have been equally affected.”
Dr Alu expressed even more worrying that this reality applies to almost all forms of cybercrimes, including identification theft, fraudulent online transfers, payment-card frauds, network assaults, denial-of-service attacks by malicious networks of computers (botnets), ransomware, and malware attacks, amongst others.
According to him, “Consequently, business owners must ensure no weak link is found within their network by upskilling every employee on cyberspace safety because you can move from profit-making to being non-existent in seconds”
Providing further insight on the gimmicks of internet scams, Dr Alu identified human error among other factors, as a key contributor to Cybersecurity breaches for several years.
Dr Alu also said that the recent cyber-attacks such as; Equifax breach, Uber, and the Capitol One Oil and Gas breach, which saw a ransom payment of 75 bitcoin $4.4 million worth, could have been avoided if the employees had been equipped with the required skills and knowledge to identify and mitigate an attack.
According to him, “19 out of 20 cyber breaches may not have occurred if human error had been eliminated”
He noted that Stanford University disclosed that employees error account for about 88% of data breaches. Even more unexpectedly, a study by IBM found that 95% of cybersecurity breaches were caused by human error.
The Information Security Analyst said that, although, firewalls and other technologies can be the foundation of a company’s cybersecurity program, they cannot guarantee complete protection, as numerous studies demonstrate that human error accounts for many reported breaches, and these typical human mistakes can harm cybersecurity.
He also made case for Skill-based error, saying, they are minor errors that occur while carrying out a daily task, often due to inattentiveness, tiredness, and distraction.
Dr Alu further stated that Lack of education and awareness of amount to such shortfalls, as employees may only know the risks or how to avoid them if they have received training in cybersecurity best practices.
Analysing other areas in the cyberspace, he noted that Phishing has more than 20% of breaches, which the expert said is the most common threat action type, as well as Password management, where weak passwords or storing them incorrectly can make it simple for hackers to access sensitive data.
He went further to explain that Poor network management Systems may become vulnerable to attack if network access and permissions are not correctly managed while Decision-based errors are mistakes brought on by making bad decisions, like downloading malicious software or previous software updates.
According to him, “Cybersecurity affects every sector worldwide, and companies must turn to their staff to augment traditional security solutions.
“In the past, the conventional firewall could stop hackers from coming in from the outside, but nowadays, hackers manipulate employees to circumvent traditional firewalls.
“The way to fight back is to arm employees with knowledge and training and to work with them to build a resilient and knowledgeable human firewall.
“A human firewall is the real-world equivalent of a traditional network firewall. To create human firewalls, human beings are given the tools to recognise and thwart cyber threats. The human firewall is built on continuous Security Awareness Training, giving everyone the knowledge to stop hackers.
He gave tips on the stoppage of hackers, which are; to develop security culture with a “Security-First” mindset, saying , security is the concern of every employee from the top to down of the organisation, and they should all be included in the security awareness training by developing robust security culture starts with the onboarding of employees.
Dr Alu went on to inform that Cybersecurity awareness training should be part of new employees’ hiring and onboarding processes, as organisations require employees, who are both business-savvy and capable of defending their company against cyberattacks.
“Employees are less likely to be motivated to learn about threats and how to avoid them if they aren’t aware of why it’s important. However, if they’re aware of a breach’s severe consequences, they’ll be more than willing to actively participate and adopt the security culture.
“Talking openly about vulnerabilities and cybersecurity is another way to develop a strong security culture. Regularly distribute security updates, run phishing tests, engage staff in training, and emphasize team culture. Your human firewall will function better the more people who care, value, and enjoy what they do,” he maintained.
He advised as following; “Cybersecurity awareness training would serve as robust tool that will provide adequate information to employees on how to recognise cyber-attack, such as a phishing email campaign, and take the right actions to mitigate a breach.
“Organisations and staff must stay current on the most recent risks and trends because threats and risks constantly change. Therefore, planning ongoing training sessions for your staff members is crucial rather than just a single event when organizing your security awareness training.
Security training should be engaging, scenario-based, and ongoing, covering a variety of subjects, including phishing attacks, ransomware attacks, malware, and social engineering.
Other areas he gave advice on how to stem frauds were the test of employees’ capability, providing incentives as reward to dedicated workers, who have delivered excellent performance and have been active during and after training. In addition to salary he suggested a reward for employees to encourage them stick trainings, as well as support critical mission, and adopt a security culture.
He therefore, called on employers in the field to introduce security terms to their employees and make the training exercise more enjoyable with the appropriate set of tools for your security awareness training such as; platform that can simulate phishing attacks, binge-worthy video content, and gaming-style activities, give your team security awareness training, and provide compliance tools will motivate your employees to participate more.
“Cybertalk.org claims that when you’re having fun, your brain is 68% busier. Designing a security awareness campaign that includes entertaining, engaging elements makes sense.
“Other essential security tips for an organisation include software, network security monitoring tools, encryption tools, antivirus data protection software, and vulnerability scanning tools.
The most effective way to deliver security awareness training that will stick to and encourage employee commitment to the program and become a part of the security-first culture is through an interactive, informative, and engaging training experience,” he added.
A very successful scammer, who claims to be a student of Imo State University, Michael Ahanna, (not real name) said that scams would continue to be successful in Nigeria and other climes, due to a combination of factors, including the allure of quick wealth, the manipulation of victims’ emotions, and the scammers’ ability to disguise their identities and cover their tracks.
According to Ahanna, Nigerian scammers employ various tactics to deceive their victims.
Some of the most common tactics, he said include Email Scams which, he said is one of the most well-known Nigerian scams in which scammers pose as wealthy individuals, often claiming to be royalty, and promise a share of a large sum of money in exchange for assistance with transferring funds.
“With email scam victims are often asked to provide their bank account details or make advance payments to cover transfer expenses.
“Phishing Scams: Phishing scams involve tricking individuals into revealing their personal information, such as passwords or credit card details, by posing as a trustworthy entity. Nigerian scammers may send emails or create fake websites that mimic legitimate organizations to deceive their victims.
“Romance Scams: In romance scams, scammers create fake profiles on dating websites or social media platforms to establish relationships with unsuspecting individuals.They gain their victims’ trust and then manipulate them into sending money or providing financial assistance.
“Advanced Fee Fraud: This type of scam involves requesting an upfront payment or fee from the victim in exchange for a promised reward or financial benefit. Scammers often claim that the payment is necessary to unlock a larger sum of money or to cover administrative costs” explained the student, who claimed he had made a lot of money through scam.
Nigerian scams continue to be a significant problem, with victims losing substantial amounts of money each year. Despite efforts by law enforcement agencies and financial institutions to crack down on these scams, fraudsters still manage to dupe individuals into parting with their hard-earned money.
However, a social commentator, Blessing Oleja, said people can avoid falling victims of internet scammers just by observing some safety tips while engaging in any transaction on the internet.
According to Oleja, in order to protect yourself from falling victim to Nigerian scams, it is essential to be vigilant and take preventive measures.
“Be skeptical: If an offer or request seems too good to be true, it probably is. Exercise caution when dealing with unsolicited emails or messages.
“Protect your personal information: Avoid sharing sensitive information, such as bank account details or passwords, with unknown individuals or on unsecured websites.
“Verify before trusting: Research the legitimacy of individuals or organizations before engaging in financial transactions or providing assistance.
“Educate yourself: Stay informed about the latest scam techniques and learn how to identify red flags. Regularly update your knowledge on online security practices.
“Report scams: If you encounter a scam or become a victim, report it to the appropriate authorities, such as local law enforcement or your country’s cybercrime unit” she advised.
Scams have become synonymous with online fraud, and scammers continue to find new ways to deceive unsuspecting individuals. It is crucial to raise awareness about the dangers of Nigerian scams and work together to combat online fraud.
