July 2020 Cybercrime and Information Security Report

July 2020 Cybercrime and Information Security Report

 

In today’s world, you can buy food, clothes, travel tickets, cars, virtually any and everything online. Business meetings and deals are conducted via social networking platforms like Zoom, WhatsApp, Facebook etc. We can even get most of our education online.

Then comes Cybercrime which is the newest field of play in the world of crime and there are many individuals who have dedicated their lives and resources to perpetuating such crimes. In a 20th Century world where progressive digitalization in all industries is the watchword, digital information can be likened to Gold and it is surprising what can be achieved when seemingly innocent and trivial information gets into the wrong hands.

We will briefly highlight some recent incidents that show just how vulnerable we are when no measures are taken to secure our digital information.

 

Twitter Hack

On July 16 the social media giant’s security firewalls were breached and the accounts of many prominent verified users were hacked, with misleading content requesting for bitcoins to be sent to a certain account with a promise to double the value to the senders. Accounts affected include Bill gates, Warren Buffet, Barrack Obama, amongst others.

Twitter was able to fend off the attack but only after several hours. They later released statements apologizing and promising a detailed investigation. They suspect that sophisticated phone phishing apps and software were targeted at their staff, and a successful hit provided a back end through which the hackers were able to perpetrate their mischief.

This was a sophisticated backdoor attack and no measures taken on the part of the account holders could have prevented it, the onus of responsibility lies solely with Twitter and points to the need for them to tighten their security protocols.

 

Hushpuppi Arrested

Mr Ramon Olorunwa Abbas aka Ray Hushpuppi who was already famous on social media (IG Handle_ @Hushpuppi) as an influencer, flaunting a lavish lifestyle of the most expensive clothes, food, cars and destinations. The Nigerian born 37 year old was arrested in UAE in a joint operation of FBI and Dubai Police. He was shortly thereafter extradited to USA to face charges of grand larceny and internet fraud to the tune of over 140 million dollars in various scams.

The FBI’s investigation has revealed that Abbas finances this opulent lifestyle through crime, and that he is one of the leaders of a transnational network that facilitates computer intrusions, fraudulent schemes (including Business Email Compromise – BEC schemes), and money laundering, targeting victims around the world in schemes designed to steal hundreds of millions of dollars.

 

WhatsApp hackers and OTP

More commonly many people have experienced suspicious posts on WhatsApp groups vouching that they invested money in businesses that yield instantaneous profit. On closer scrutiny, claims of 100% returns in 24hrs can obviously be nothing but scams and with little experience one can see that these are also phishing strategies to get information and defraud unsuspecting victims.

They get into these groups by hacking into WhatsApp accounts, this requires a victim to provide an OTP (one time password) that is sent as a text message to the registered WhatsApp number. The target is called and usually told some fictitious story of a free invitation to a seminar on health/business etc, the only requirement being that they provide the digits in the just sent OTP to complete their registration. This grants unfettered access to all WhatsApp chats, groups and messages of the victim. However, once WhatsApp is contacted the account will be blocked temporarily until the issue is resolved. A 2-step verification protects from this kind of attack.

 

Bank Customer Care callers

In this COVID-19 era and even prior to it, many have received calls from individuals claiming to be bank representatives. They would often make suspicious claims, that your account or ATM card has issues that are being resolved, however you need to provide personal details such as full name, account number, BVN, Date of Birth etc. Their most recent tactic is to claim that you have qualified for palliative but you need to provide bank details.

 

The above mentioned cases are a few examples of strategies currently being utilized by criminals in committing cybercrime. Their aim is often to perpetuate financial fraud, however they have been known to act against business and national interests by crippling certain key internet based infrastructures, like airport traffic control, online banking etc The key is to trick intended targets into divulging specific information which is then utilized in accessing sensitive data. This is called PHISHING.

 

What is phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

 

Recommendations

  • Knowledge is key, be aware that your personal information is vital and can be used against you, maintain a high index of suspicion at all times when giving out sensitive information.
  • Be wary of public internet networks, free wifi could be a backdoor for esy access into your devices by criminals
  • No bank will request for your card details, BVN or personal details via telephone. If you have any doubts, go to the bank instead
  • Do not reveal your login details or passwords to anyone. When filling out forms online ensure to check that the site is secure (secure website links start with https:// )
  • Setup a 2 step verification for your whatsapp and emails. (https://www.theverge.com/2017/6/17/15772142/how-to-set-up-two-factor-authentication). It is an uncomplicated process taking less than 2 minutes.
  • Secure your devices and networks using antivirus software and IT security platforms.