Cybercrime: NeFF warns banking public against social engineering threats

‘Nigeria could lose N33 bn to e-fraud in 2016’

THE Nigeria electronic Fraud Forum (NeFF) has warned bankers and the banking public against responding to messages that fly into their phones and e-mails on daily basis claiming to originate from Deposit Money Banks, whereas such messages were sent by criminals.

The forum, also said it  is looking critically at measures that will protect the industry as a whole from the menace of social engineering attacks and will not relent in achieving major activities that it has set out to do.

This is just as it is estimated that Nigeria could lose over N33 billion to e-fraud in 2016 and beyond.

Speaking at the general meeting of NeFF in Lagos, over the weekend, Director, Payment System Stability at the Central Bank of Nigeria, Mr Dipo Fatokun said the meeting is taking place after the world has been flooded with various news on Distributed Denial of Service (DDoS) attacks targeting various internet destinations, such as Twitter, PayPal, CNN, The New York Times to mention a few.

“Particularly worrisome is the fact that devices used to spread the malware were operated with default passwords which made it easy for the hackers to guess. This goes to show, that, increasingly attacks of this nature are becoming common-place and tactics used, more damaging to individuals and institutions alike.

“Social engineering has become rife in cybercrime attacks in Nigeria. Almost on a daily basis, a plethora of messages are sent by these criminals with the express intent to con the unsuspecting recipient using techniques that appeal to vanity, greed or authority. It is therefore important that we look critically at measures that will protect the industry as a whole from the menace of social engineering attacks, “Fatokun said.

That is why the Nigeria Electronic Fraud Forum  said it will not relent in achieving major activities that we have set out to do, which include the operationalisation of a dedicated e-payment and Card Crime Unit  in the Nigeria Police, which will enable a greater effort in quest to successfully investigate and bring to book through effective and efficient prosecution of cyber-criminals; A workshop on the Cybercrime Prohibition and Prevention Act, which will expand understanding of the impact, implications and responsibilities of all stakeholders, particularly those operating within the financial services sector; consistent publishing of literature that will benefit the entire payments industry and customers alike, through annual reports, the latest, which of course was officially presented among others .

He commend Sterling and Zenith Banks, for their act of support through the provision of their resources, material, thereby demonstrating in no uncertain terms their commitment to the cause of NeFF as an industry platform for collaborating on payments security and “to this we say thank you very much.”

In addition, several conferences that are focused on Cybersecurity have been scheduled to hold in the month of November. The first being the CyberXchange conference 2016, with the theme, “Security and Technology: Protecting the Nation’s Cyber Assets” which will hold on the 2nd to 3rd of November, 2016 at The Landmark Center in Lagos. Also the Electronic Payment Providers Association of Nigeria (E-PPAN), will be having the 7th in the series of Payment Systems and Fraud Conferences, which is scheduled to hold on the 8th of November, 2016 by 8 am at the Civic Centre Victoria Island also in Lagos. Members are strongly encouraged to attend these conferences.

In his keynote address, Group Managing Director/CEO, Zenith Bank Plc Peter Amangbo revealed that actual loss arising from banks’ fraud fell by 63 percent, from N6.2 billion recorded in 2014 to about N2.3 billion in 2015 and that “It is estimated that Nigeria could lose over N33 billion to e-fraud in 2016 and beyond.

He also said payment diversion fraud involves compromise of supplier’s email and the sending of fake messages to the buyer with an instruction for payment into a fake bank account.

Represented by an executive director from the bank, Amangbo said also describes a CEO fraud as one in which the email account of a high-profile executive is compromised, and a fake request for a wire transfer is sent to another employee who is responsible for handling transfer requests, adding that  both scenarios involve financial institutions.

Describing Social engineering  as the use of tricks and psychological manipulations by a fraudster to collect sensitive security information from unsuspecting users, he listed some of the emerging information security threats in Nigerian banking  to include: Stealing  of important documents, Social Media, Phishing, Physical access (such as tailgating),Shoulder surfing, Dumpster diving, Trojans among others.