Keeping your bank accounts secure as cyber criminals stole N2.372bn in 2017
With increasing dependence on information and communication technology, banks and their customers have become constant objects of attack by cyber criminals operating independently and even as governments. Yayangida Umar, Director, Insurance & Surveillance Department, Nigeria Deposit Insurance Corporation (NDIC) at the recent seminar for business editors and financial journalists gave some tips on how to be safe. SANYA ADEJOKUN reports in detail.
Nigerian banks’ fraud and forgeries cases
IN its 2017 annual report, Nigeria Deposit Insurance Corporation (NDIC) disclosed that actual amount lost to fraud incidences in 2017 stood at N2.372 billion. This resulted from 22,182 total reported cases of attempted frauds and forgeries in the banking industry, which was an increase of 56 percent over the 16.751 cases reported in 2016. “The frauds and forgeries cases reported in 2017 also showed a 146.50 percent and 113.20 percent increase over reported cases in 2014 and 2015 respectively.
“In 2017, Q4 recorded 8,146 cases, which was the highest attempt so far that calls for regulatory concern especially as deposit money banks (DMB) continue to develop financial products in line with technological advancements and the prevailing harsh economic conditions. This is a development which could increase their spate of vulnerabilities if they fail to implement the necessary controls.”
The NDIC report further gave breakdown of the incidences of frauds and forgeries in the banking system, which showed that 10 DMBs accounted for 87.63 per cent of the cases while the balance of 12.37 percent represented cases reported cases by the remaining DMBs. “The top 10 DMBs with high fraud incidences and amount involved stood at N10.53 billion out of a total N12.01 in 2017, compared with N7.63 billion, out of a total N8.68 billion and N16.26 billion out of N18.02 billion in 2015 and 2016 respectively. Although the percentage share of the amount involved in frauds in these 10 DMBs declined, the total amount involved in these cases recorded an increase of 38.05 percent from N7.63 billion reported in 2016 to N10.53 billion in 2017.”
The Corporation observed that technology-based platforms are the most vulnerable points for the banking system and had the highest frequencies in 2017 as experienced in previous years. An analysis of the most used instruments by the fraudsters was mainly through cards, cash and cheques. “Fraud incidences perpetrated using automated teller machines (ATM) platform and other card-related channels had the highest frequency and actual loss sustained by insured DMIs in 2017.
“The frequency and actual loss recorded in ATM/Card-related channels was 16,397 and N0.789 billion. The card-related channels were closely followed by Web-based frauds (internet banking) and fraudulent transfers/withdrawal of deposit with 7,869 and 963 attempts respectively. The actual loses recorded through these channels stood at N0.709 billion and N0.318 billion in 2017 representing 30 percent and 13 percent of total losses during the period.”
Globally, North Korea was accused of the 2014 cyberattacks on Sony Pictures, the theft of $81 million from a bank and launching malware that crippled hundreds of thousands of computers. Park Jin Hyok, an alleged spy was recently charged in the United States of America with conducting the hacking operations on behalf of North Korea’s government. Hyok had been working as a computer programmer in China and had returned to North Korea in 2014 shortly before the attack on Sony.
The 2017 WannaCry attack crippled thousands of computers around the world with software that spread among Windows computers, particularly those using older operating systems. The malware infected machines, froze them and then demanded a $300 ransom to be paid in the cryptocurrency Bitcoin. The WannaCry attack hit more than 200,000 victims in 150 countries, most notably paralyzing more than 20 percent of hospitals in the United Kingdom. “The attack was widespread and cost billions, and North Korea is directly responsible,” Bossert wrote in a December 2017 Wall Street Journal op-ed.
Soon after the attack, experts at the global cybersecurity firm Symantec found that earlier versions of the WannaCry ransomware were discovered on computers that also bore evidence of the cybertools used against Sony Pictures Entertainment, banks in Poland and Bangladesh’s central bank. All of those attacks were linked to North Korea. The money was stolen from the Bangladesh Bank, officials said, by sending messages to the Federal Reserve Bank in New York that automatically transferred the money to accounts in the Philippines and Sri Lanka. Only a small portion of those funds have been recovered, officials said.
In the 2014 attack on Sony, the United States accused North Korea of hacking the company’s computers in retaliation for the creation of a comedy titled “The Interview” that was about a CIA plot to kill North Korean leader Kim Jong Un. Officials said the entertainment firm AMC was also targeted in an attempted attack. China, Russia and Iran are other countries internationally accused of cyberattacks.
According to Norton, the antivirus and anti-malware software company cybercrime is an ongoing threat in 2018. “When you hear and read about the range of cybercrimes out there, you might be tempted to stop using the internet entirely. That’s probably too drastic. Instead, it’s a good idea to know how to recognize cybercrime, which can be the first step to helping protect yourself and your data. Taking some basic precautions and knowing who to contact when you see others engaged in criminal activities online are also important steps.
Implication for banking/financial system
In a paper titled “Cyber-crime: It’s Implication for the Nigerian Banking/Financial System”, Director, Insurance & Surveillance Department, Nigeria Deposit Insurance Corporation (NDIC), Mr Yayangida Umar defined cyber-crime as the unlawful acts in which a computer or other allied computing devices (such as mobile phones) are used as a target or a tool or both to conduct any criminal activity and includes every unlawful electronic method. Computer crime or cybercrime is any crime that involves a computer and a network. The computer may be used in committing a crime, or it may be the target.
According to Umar, with the advent of ICT, Cyber –crime has come to stay since the modern business world relies on technology to operate since it is now difficult to successfully run major financial, medical, academic, transport, agriculture, manufacturing, mining or any other businesses without the use of computers along with related soft wares.
Types of cyber crimes
This can be defined as online scam that frequently use unsolicited messages purporting to originate from legitimate organizations, particularly financial and insurance services, to deceive victims into disclosing their financial and/or personal identity information (PII) to commit or facilitate other crimes (e.g fraud, identity theft and theft of sensitive information).
Is a non-technical method of breaking into a system or network. It’s the process of deceiving users of a system and convincing them to perform acts useful to the hacker, such as giving out information that can be used to defeat or bypass security mechanisms. Social engineering is important to understand because hackers use it to attack the human element of a system and circumvent technical security measures.
This happens by writing, creating or distributing malware for instance viruses and spyware.
Denial of Service Attack
Overloading a system with so many requests it cannot provide the normal expected services.
Manipulating data, e.g., changing banking records to transfer money to an account.
Gaining access to systems you have no permission to access.
It a way of connecting a device to a phone line to listen to conversations.
To record identity of persons can be used to commit crimes including blackmail.
Identification of cybercrime
The experienced bank examiner advised that once you notice that your computer or internet browser is suddenly running more slowly than normal, even after updating and restarting, may be a sign there is malware running on the computer. Or when malware, like a parasite, leeches processing power from the computer to do its job and the first clue is the slowdown effect.
Pop-ups, intrusive ads and website redirects. If that happens, even with ad blockers, you’re being inundated by annoying ads. It’s likely you’ve either being compromised already or someone’s trying really hard to get you to click on one of the links and download some malware.
In addition, when things are moved or changed on a system, if files or settings on a computer are moved, deleted or tampered with, or even if the computer is left on when you swore you turned it off, it’s time to look a little closer. Your company may have been breached internally.
Finally, “if you find you’re locked out even on the first try, that’s a cause for concern. It’s possible someone else is trying to (unsuccessfully) log into your profile, or they’re already in and have changed the password.
Protect yourself against cybercrime
Norton advised anyone using the internet should exercise some basic precautions. Here are 11 tips you can use to help protect yourself against the range of cybercrimes out there.
Use a full-service internet security suite
For instance, Norton Security provides real-time protection against existing and emerging malware including ransomware and viruses, and helps protect your private and financial information when you go online.
Use strong passwords
Don’t repeat your passwords on different sites, and change your passwords regularly. Make them complex. That means using a combination of at least 10 letters, numbers, and symbols. A password management application can help you to keep your passwords locked down.
Keep your software updated
This is especially important with your operating systems and internet security software. Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target.
Manage your social media settings
Keep your personal and private information locked down. Social engineering cybercriminals can often get your personal information with just a few data points, so the less you share publicly, the better. For instance, if you post your pet’s name or reveal your mother’s maiden name, you might expose the answers to two common security questions.
Strengthen your home network
It’s a good idea to start with a strong encryption password as well as a virtual private network. A VPN will encrypt all traffic leaving your devices until it arrives at its destination. If cybercriminals do manage to hack your communication line, they won’t intercept anything but encrypted data. It’s a good idea to use a VPN whenever you a public Wi-Fi network, whether it’s in a library, café, hotel, or airport.
Talk to your children about the internet
You can teach your kids about acceptable use of the internet without shutting down communication channels. Make sure they know that they can come to you if they’re experiencing any kind of online harassment, stalking, or bullying.
Keep up to date on major security breaches
If you do business with a merchant or have an account on a website that has been impacted by a security breach, find out what information the hackers accessed and change your password immediately.
People should take measures to help protect them against identity theft
Identity theft occurs when someone wrongfully obtains your personal data in a way that involves fraud or deception, typically for economic gain. How? You might be tricked into giving personal information over the internet, for instance, or a thief might steal your mail to access account information. That’s why it’s important to guard your personal data. A VPN, short for virtual private network can also help to protect the data you send and receive online, especially when accessing the internet on public Wi-Fi.
Know that identity theft can happen anywhere
It’s smart to know how to protect your identity even when traveling. There are a lot of things you can do to help keep criminals from getting your private information on the road. These include keeping your travel plans off social media and being using a VPN when accessing the internet over your hotel’s Wi-Fi network.
Keep an eye on the kids
Just like you’ll want to talk to your kids about the internet, you’ll also want to help protect them against identity theft. Identity thieves often target children because their Social Security number and credit histories frequently represent a clean slate. You can help guard against identity theft by being careful when sharing your child’s personal information. It’s also smart to know what to look for that might suggest your child’s identity has been compromised.
Know what to do if you become a victim
If you believe that you’ve become a victim of a cybercrime, you need to alert the local police and, in some cases, the FBI and the Federal Trade Commission. This is important even if the crime seems minor. Your report may assist authorities in their investigations or may help to thwart criminals from taking advantage of other people in the future. If you think cybercriminals have stolen your identity.
Umar then noted that for Nigeria to serve as a fertile ground for economic break through, it must be built on a crime free society. But an ideal economy is virtually not possible, because as technology increases so also crimes.
Cyber criminals are always in the such to overcome firewalls and securities in technologically driven environment with the social or political aim of obtaining information/data or funds as well as destruction of the efficacy of installed servers and related computer applications.
While noting that for Nigeria to serve as a fertile ground for economic break through, it must be built on a crime free society observed nonetheless that an ideal economy is virtually not possible, because as technology increases so also crimes.
He noted that viruses and worms can be used to infect a system and modify a system to allow a hacker to gain access, explaining “a virus and a worm are similar in that they’re both forms of malicious software (malware).”
He then recommended that banks and other financial institutions should embark on continuous capacity building for end users; cooperation between actors/players; establishment of institutional framework for coordinating cyber security issue/efforts; review of related legislations to further strengthen the cyber security and continuous public awareness campaign to educate the general public.
In addition, the NDIC director called for enforcement of the cyber-crime laws and the office of the National Security Adviser (ONSA) should play a more active and leading role in that campaign.
He warned “cyber criminals are always in the rush to overcome firewalls and securities in technologically driven environment with the social or political aim of obtaining information/data or funds as well as destruction of the efficacy of installed servers and related computer applications.”