COVID-19 Pandemic; Fraudsters Cash In
Abdulla Sulemana is a forensic expert working in a reputable company in Accra. One Saturday morning, he received a mobile phone call from a man who identified himself as Kwame Adu Asare, calling from Accra.
According to the caller, he was doing some registration online and had mistakenly put Abdulla’s mobile number on what he was registering. He claims his mobile number is similar to Abdulla’s number and that the password of what he was registering has been sent to Abdulla’s phone.
Mr. Asare was appealing to Abdulla to give him the reset code that was sent to his phone so that he could complete his registration. At that point Abdulla checked his phone and discovered that a code number, 6310, had been sent to his phone.
Abdulla had wanted to send the number to the caller, but upon second thought, he called the said Mr. Asare to use his mobile phone number, which he claimed was similar to his number, to call him for the reset code.
Interestingly, the caller told Abdulla that he had no credit on that mobile number to make the call. Abdulla says he also declined to resend the code to the caller until midday when he went online to find out more; and that was when he discovered that the caller was a fraudster and an account hacker who was trying to reset his mobile banking app pin.
“You can imagine, if I had given him the code which was sent to my phone, he would have used it to reset my mobile bank app account and taken my money.”
Mr. Sulemana then urged all to be vigilant since fraudsters were constantly devising new strategies to get their targets swindled.
Background
The outbreak of Covid-19 has compelled millions of people across the world to work from home, shop online, study from home and use mobile device for various business activities.
Several persons have also shifted their banking and purchases activities to online channels since the outbreak of Covid-19 in order to stay at home and order for goods and services.
Majority of workers are now working from home instead of full time office during this pandemic. Schools are mostly done online, so are many other activities that would have required in person services had it not been because of the pandemic.
As a result a new wave of cyber threats has also emerged, targeting individuals, mobile money transactions, banks, e-commerce among others.
The drastic changes in e-commerce and mobile banking created an entirely new target set for malicious actors to exploit weaknesses in remote corporate networks, merchant e-commerce sites and financial institutions dealing with massive increases in mobile banking transactions.
Cyber Crime
Director in charge of the Cyber Crime Unit of the Criminal Investigation Department (CID) of the Ghana Police Service, ACP Dr. Gustav Herbert Yankson, has said publicly that cyber attacks on individuals and organizations including banks have increased within this period as a result of the pandemic.
“At an alarming rate, transnational organized crime groups are leveraging specialist providers of cybercrime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns, distributed denial of service attacks, business email compromise scams and access mining,” he stated.
He stressed the need for collaboration between the telecommunication networks and government agencies to help check and monitor the activities of the suspected fraudsters.
He pointed that the digital address system facilitated the tracking of cybercriminals, adding that it had helped the public to report the activities of mobile money and other fraudsters with ease.
Bank Targets
Lately several banks have been a target of internet scammers.
Bank in West Africa has been hit by multiple hacking waves, according to a report published by US cyber-security giant, Symantec. Banks and financial institutions in West Africa were hit by four different hacking campaigns last year.
Organizations in Cameroon, Congo (DR), Equatorial Guinea, Ghana and the Ivory Coast had been hit, Symantec said.
According to Symantec, the attacks, which have not yet been attributed to any hacking group in particular, have used low-end malware strains and applications natively found on Windows systems.
The malware used in these attacks is the kind you find shared for free online, or anyone can buy via dedicated websites or from hacking forums.
The list includes Cobalt Strike (a pen-testing framework repurposed as a modular backdoor), Mimikatz (a pen-testing tool repurposed as a password stealer), and the NanoCore, Imminent Monitor and Remote Manipulator System – all three being remote access trojans (RATs).
On top of these, Symantec said that hackers also used local tools such as PowerShell (a native Windows scripting utility), PsExec (a Microsoft Sysinternals tool used for executing processes on networked systems) and Windows RDP (a native Windows utility for connecting to remote Windows systems via a desktop-like interface).
Attackers also deployed UltraVNC, an open-source remote administration tool that some companies’ system administrators install so they can connect and manage remote systems, a-la TeamViewer, PsExec or RDP.
Other Victims
Outgoing Regional Minister for the newly created North East Region, Solomon Namliit Boar, recently expressed worry over the frequent use of his identity by cybercriminals to defraud unsuspecting Ghanaians on various social media platforms.
“I have on a number of times fallen victim to cybercrime and in the last six months, people have been scammed through the use of fake social media account that bears my name and pictures.”
Mr. Boar expressed this concern about the increasing rate at which fraudsters always devised strategies to defraud their victims.
Speaking at Regional Cyber Security Sensitisation Programme organized by the National Cyber Security Centre (NCSC) in Nelerigu, the North East Regional capital, last year, he said the education was timely since many individuals had limited knowledge of cyber security issues.
An assessment conducted by the International Criminal Police Organization (INTERPOL) had also revealed that major corporations, movement and critical infrastructure had become major targets for cyber criminals since the outbreak of the coronavirus pandemic.
National Cyber Security
The National Security Advisor, Dr. Albert Antwi-Boasiako, said the Cybercrime/Cyber security Incident Reporting Points of Contact (PoC) had saved over 5000 Ghanaians from being defrauded between January to August 2020.
He said many of the potential victims, during the period stated, called the centre to seek guidance and advisory on resolving potential cyber security incidents including those who were nearly defrauded by cyber fraudsters as well as criminals exploiting Covid-19 related themes to target unsuspecting citizens.
Adding, he said, “Cyber Fraud, Publication of Non-Consensual Intimate Images, Misinformation, Phishing Attacks, Online Impersonation and Identity Theft, Child Online Abuse, Distributed Denial of Service (DDoS) Attacks and Ransomware Attacks are among the top 10 cyber security incidents recorded by Ghana.”
All these information, he hinted, were compiled through reports received by the National Cyber Security Centre through the Cybercrime/Cyber-Security Incident Reporting Points of Contact (PoC) and reports received from Sectoral Computer Emergency Response Teams (CERTs) and institutions including the CID.
Losing $136,000 In Two Years
Ghana lost a total of $136,000 to activities of fraudsters in 2018 and 2019. Kwame Agyapong Oppong, an official of the Bank of Ghana, said about $93,000 was lost to cybercriminals in 2018 and $43,000 in 2019 in the mobile money sector.
He urged the National Cyber Security Centre (NCSC) management to speed up the creation of awareness and public education to help check the activities of fraudsters in the mobile money sector.
The outgone Deputy Minister of Communications, George N. Andah, said the presence of cybercriminals online put critical infrastructures at risk since their Confidentiality, Integrity and Availability (CIA) risk were being compromised and consequently deprived people of critical services.
“Many high-ranking government officials have also been targets for impersonation and identity theft cases. This means that government in collaboration with key stakeholders, need to strengthen existing protocols to ensure intensified resilience of various ICT systems used by the public and institutions of the various sectors of the economy,” he said.
He had said despite these discouraging revelations, he believed digitalization had proven to be the best option for business continuity, normalization, access to educational facilities and materials, and critical operations among other endeavors.”
Education On Cyber Security Issues
An officer of the National Cyber Security Centre, Aaron Felix Opoku, has confirmed that cyber security culture among the public remains the biggest stumbling block.
He said, “Although many Ghanaians are adopting the use of digital platforms for business transactions, few have taken the pain to educate themselves on cybercrime and cyber security issues.”
Delivering a presentation on cyber security recently, Mr. Opoku said findings of the Cyber Security Maturity Model conducted by the Ministry of Communications indicated that cyber security and society which dealt with cyber security mind-set, trust and confidence on the internet, user understanding of personal information protection online, reporting mechanisms and media and social media were the biggest challenge facing the country.
Telco’s Commitments
A representative of MTN Ghana, Godwin Tamakloe, has said MTN Ghana has invested about $2.5 billion to build a system that can protect customers in the mobile money sector and make fraud costly for the criminals.
According to him, suspected criminals who use their phones to defraud their victims risk having their mobile phones and SIM cards blocked to deter potential perpetrators.
He also refuted claims that insiders in the telecoms networks leaked confidential information of clients to the fraudsters.
“MTN respects and protects data and privacy of its clients; hence disgruntled staff of the agency were been deactivated from the systems of the company immediately,” Mr. Tamakloe said.
To tackle the challenges of fraud in the financial sector and create public awareness, a representative of Financial Intelligence Centre (FIC), Kofi Boakye, also stated that his organization had secured a new online reporting and communications portal.
Mr. Boakye disclosed that FIC received financial disclosures of suspicious transactions report, cash threshold report, electronic fund transfer reports about the threshold including full account disclosure report on request, politically exposed persons report among others.
Government’s Efforts
Mr. Andah said the communications sector among others, had been working tirelessly to shoulder the huge responsibility of ensuring seamless interactions within the digital ecosystem.
“In order to make room for these surges, the Government of Ghana, through the Ministry of Communications, granted extra spectrum to some mobile network operators to ease the pressure by the public on data bandwidth,” he said.
The Minister of Communications, Ursula Owusu-Ekuful, confirmed that government websites had been subjected to cyber attacks including website defacements, Denial of Service (DoS) and Distributed Denial of Service (DDoS) among others. Data leakage, through hacking of computers and databases, has also been reported. And most surprising is how some public sector officials have also taken advantage of their privileged access to government data to leak sensitive information to achieve their malicious personal gains.
“As we continue to digitalize, we need to take our cyber security seriously. It is on this note that the ministry has established the National Cyber Security Centre (NCSC) to coordinate cyber security incidents both in government and with the private sector,” she said.
She says NCSC through the National Computer Emergency Response Team (CERT-GH) has been leading national incident response measures in collaboration with key sectoral CERT’s including NITA-CERT, NCA-CERT and a similar facility at the Bank of Ghana which handles cyber security issues emanating from the financial sector.
These strides, she revealed, spoke to the efforts being made by government to sanitize Ghana’s digital space.
“It is in continuation of the said efforts, especially on government networks, that the government has established the National Information Technology Agency Security Operations Centre (NITA-SOC) which will be responsible for establishing protocols and procedures for routine and emergency scenarios for coordination of cyber incidents and cybercrime handling for MDAs,” she said.
Mrs. Owusu-Ekuful, who is also the Member of Parliament for Ablekuma West in Accra, says NITA-SOC will work with the National CERT and the IT teams of the MDAs to ensure that all activities undertaken by MDAs within the digital ecosystem is secured and safeguarded to ensure effective delivery of services by MDAs.
“The NITA-SOC will also serve as a threat monitoring infrastructure to identify threats that seek to plague the systems used by MDAs while preventing, detecting, analyzing and responding to cyber security incidents,” she added.
By Linda Tenyah-Ayettey
(lindatenyah@gmail.com)