An addition to the growing number of issues that banks will be forced to grapple with during this pandemic will be the issue of fraud.
Nigerian banks lost a cumulative of N15b to fraud and cybercrimes in 2018—a 537% increase on the N2.37b loss recorded in 2017 (figures from NDIC). In the same 2018 period, over 17,600 customers lost N1.9b to e-fraud, with fraud incidents rising by 55% from the previous year’s 25,043 according to NeFF (Nigeria Electronic Fraud Forum).
Although the above figures are expected to grow as more Nigerians adopt e-banking solutions, Nigerian lenders are making considerable investments to reduce these losses in the 2020 financial year.
They have earmarked more funds to sensitize their customers and ensure that their cybersecurity protocols remain updated to proactively ward off attacks on their stakeholders’ funds, even as IT teams face pressures in navigating the unprecedented challenges of COVID- 19.
Google claims to block more than 100 million phishing emails daily, and it saw about 18 million of those daily mails being related to COVID-19 in the past month. This, they say, is in addition to the more than 240 million daily COVID-19 related spamming messages—an unfortunate trend indeed for a world economy already in dire straits.
Banks’ customers and staff, however, continue to be at risk of being exposed to opportunistic schemes by fraudsters who have latched on to the uncertainty created by the pandemic to perpetrate new fraud schemes, albeit, with the same underlying principles that have been used over the years—impersonation, spamming, phishing, and malware.
How does it work?
Impersonation: Donor bodies, health regulators such as the NCDC and even international governmental organizations such as the WHO are increasingly impersonated in incoming emails, with embedded links for the necessary action of either a donation or a registration to be made.
Spamming: These messages are indiscriminately sent (spammed) to unsuspecting individuals who did not solicit or subscribe to such services. The messages almost always urge recipients to take immediate action.
Fraudsters are increasingly taking advantage of the information overload on the virus to slip in their emails to those who want to stay abreast of the situation in terms of figures, palliatives, treatment options, and inspiring stories. Many people are relieved to receive any information on COVID-19 and are increasingly not particular about the source of the information.
Phishing: The embedded links in these emails are a means of harvesting personal account details such as the PAN, PIN, and password of the target to be defrauded. This could also be got through phone calls or text messages.
Malware: Malicious software variants, which could either be downloaded to the target’s computer through a link in the mail or simply by opening the mail, could grant fraudsters access to the target’s system and by extension, the target’s network.
- Be extra vigilant. Do not open mails whose source you do not know or subscribe to.
- Pay attention to spellings of email addresses, and websites.
- Do not visit your bank’s site via links; always type in the address manually.
- Never give up your credentials to any “representative” of your bank. Not even for refunds.
- Do not make donations to unverified charities.
- When in doubt, ask a third party.
Fraud experts believe that fraudsters will capitalize on the heightened anxieties of the public during the current crisis, and have been working with banks and other financial partners to sensitize their customers on the need to safeguard their bank accounts during this period, hence this publication.
@Zolonye on Twitter.