TECH: How Not To Get Phished-Out By Cybercriminals


By Ojo Maduekwe

In the last five years, there’s been an upsurge in cybercrime in the country. The
recorded fraud volume in Nigeria’s financial sector has peaked at over N25 billion,
according to the Chartered Institute of Forensic and Investigative Auditors of Nigeria
Stakeholders in the telecoms and financial services sectors from the Nigerian
Communications Commission (NCC), the Economic and Financial Crimes Commission
(EFCC), the Bank Directors Association of Nigeria (BDAN) and the telecommunications
companies are panicky and wondering how best to tackle the issue.
Some of their ideas to stem the menace are commendable. For example, the EFCC is
partnering Nigerian universities such as the University of Ibadan in its war against cyber
fraud, the NCC wants to establish a national Computer Emergency Response Team
(CERT), and BDAN wants financial institutions to share information on cyber attacks as
a way to mitigate the effect of hackers.
In addition to these solutions, the NCC recently read the Riot Act to internet fraudsters,
threatening them with jail terms if they insist on defrauding people, and is in the process
of establishing an Internet Industry Code of Practice to sanitise the whole industry.
Among the telcos, MTN has shown more dedication in the cyber war. After the NCC
identified the sale of pre-registered SIM cards as an enabler to the upsurge in
cybercrime, MTN began a dedicated campaign to dissuade telecoms subscribers
across all the telcos from patronising sellers of pre-registered SIM cards.
Though these solutions are commendable, the problem is that they can be applied
mostly on an institutional level. Nonetheless, as a subscriber, how do you protect
yourself from cyber attack, the most popular one being social media account phishing?
Have you ever seen what looked like the social media handle, weblink or email address
to a brand but felt something fishy about the spelling? Even the most careful but
unattentive of us have been misled into thinking a misrepresentation was from a trusted
brand. This act of misrepresentation is a cyber attack called phishing.
Broadly speaking, phishing is a cyber attack that happens when a cybercriminal poses
as a trusted company to solicit information from someone by sending out disguised
emails or cloning the website and or social media pages of the company.
Cybercriminals are known to take advantage of people’s trust in a brand’s reputation to
send out messages masked as if from a business whose services the recipient use, to
mislead an unsuspecting online public. Even tech giants such as eBay, Facebook,
Google, Amazon, Microsoft, etc are not immune.
For example, between 2013 and 2015, over $100 million were schemed off Facebook
and Google by cybercriminals posing as their merchants. The scheme involved them
setting up fake business and sending phishing emails to employees of both firms.
So you see, falling victim isn’t because you’re not “tech savvy” enough; it happens to
even the most techy amongst us, including Silicon Valley’s finest. However, there are
ways to spot phishing from a mile away and to stay safe from cybercriminals.

Before we run through the safety tips, note that phishing happens across borders. Like
what happened in the United States, in Nigeria, big firms with years of earned reputation
are also impersonated. There are several social media pages posing as units of some
Nigerian telcos, with seemingly unaware followers commenting on these pages as if
interacting with the real telcos.
Take MTN for example, there’s a Facebook page that claims to offer “cheap” MTN data.
A secret to never falling victim to social media phishing accounts like this, requires that
you always scrutinise every online proposition. For example, regarding this “cheap” data
offer, you should ask yourself, why would MTN undercut itself?
Remember the tagline “If it’s not panadol, it cannot be panadol”? Same way, “If it’s not
MTN data, it cannot be MTN data”. People who use “cheap” data agree it doesn’t last.
You cannot expect a product purchased far below the actual market price to have same
quality and serve the same purpose as the real deal.
Patronising fraudsters would burn you, and, should you get duped, there’s no remedy.
There might be transaction errors when dealing with a legitimate telco but, you cannot
be duped. If you encounter difficulty accessing their services, there are dedicated call
centers and customer service employees to resolve issues.
So far, over 200 agents involved in the fraudulent registration of SIM cards have been
arrested by the NCC, with most of the defaulters charged to court. However, for self
preservation, you should do all to still protect yourself. Remember, “There’s no free
lunch in Freetown” and “Awoof dey run belle”. Yes, nothing in life is free! People have
been defrauded into thinking they could get a product cheaper than the actual price.
Don’t be a victim! MA