CYBER CRIME OUT OF CONTROL IN AFRICA
Complacency, Lacking of Constructive Digital Security Approach Allows Cybercrime and Phishing to Flourish
Syl Juxon Smith-BSc
AFRICA HOMELAND SECURITY INITIATIVES WITH HOME GROWN SOLUTIONS
Most areas of internet, intranet and cybercrime attacks in Africa is rising sharply year after year. This trend is partly caused by both consumer and the authorities complacency about their security, combined with more sophisticated phishing attacks been perpetrated from outside exploiting the weak security within the cyber infrastructures in every gamut of Communications, Information and technology including data storage facilities.
The figures are very alarming coming from international comprehensive reports that gathers information from publicly available sources about a variety of computer and fraud related based crimes in Africa and globally.
One notable trend is the rise of account takeover where, instead of using false IDs to open new accounts, fraudsters focus on stealing details and access codes for existing accounts of customers or clients, using a combination of phishing emails and Trojans to gather the information. This account takeover activity is rising rapidly especially in government institution were the intranet is mainly used to fast track payments and transactions.
Now that the banks are less forthcoming with credit, and doing more thorough checks [on new accounts], the fraudsters are focusing more attention on getting hold of existing bank account, credit card account, or even online trading account. There is a clear rise in account takeover fraud. More rampant is especially the ATM machines which lacks adequate and proper security systems and forensic auditing trail. Many of its crime is not taken seriously but swept under the carpets in most cases without compensation and watchdog reactions because of no financial policy dealing with this level of crime. Governments must start looking at creating cyber commissions’ to deal with overall cyber crimes and nefarious activities pertaining to ICT. It will help greatly and protects national sovereign integrity. It must be done sooner or the entire security will be compromised and confidentiality contaminated.
A case scenario from report highlighted a 132% increase in online banking fraud with losses totalling £52.5m, compared to £22.6m in 2007. The sharp rise can be mostly attributed to nearly 44,000 phishing websites specifically targeting banks and building societies in the UK alone and other European countries as well.
The cyber fraudsters and phishers are getting more sophisticated, not necessarily in technical terms, but in the content of the emails. We are seeing phishing attacks that use the names of MPs, or which pretend to be from DHL, telling you your package has not been delivered, and to click “here” for more information. We have also seen a wave of messages purporting to come from Inland Revenue, sometimes promising a tax rebate.”
By monitoring the ‘dark market’ where stolen details are traded on the Internet, reports has also detected a massive rise in activity, not only in the sale of stolen credit card details, but also login passwords. “A year ago, you’d see 50,000 credit cards numbers a month appearing in these trading sites for fraudsters. Now we see around 120,000 a month,” he said. “We are also seeing stolen login information being bought and sold. These include logins for Web email, social network sites, eBay and PayPal. A year ago you’d see between 6000 and 10,000 of these a month — now it’s 300,000.”
Many people are often less concerned about protecting their webmail login details, but these credentials can be used to find other valuable pieces of information. “The fraudsters go into those email accounts, look for any other useful information that might give them access to other accounts. They might go to other sites you use, claim their password is lost and have a one-time password sent to that email address. They will use your webmail address to try and pick up as many one-time passwords from other facilities that you use.”
One other factor contributing to the rise in cybercrime attacks, could be a certain complacency among clients, consumers and service providers. “In 2006/7, there was a lot of publicity about ID theft, and consumers became more aware, they bought shredders to get rid of confidential documents, and thought the job was done,” he said, but since then the fraudsters have adopted new techniques.
Users must be advised professionally to be proactive in taking more responsibility for their own security, especially since the crime is so hard for law enforcement to tackle.
In addition to covering financial and identity crime only, other report also tracks online harassment, computer misuse (spreading malware), sexual offences (mainly paedophiles) and land registry (switching ownership of land) and other document fraud.
Africa must hold more workshops and networking for better understanding and sharing of experiences which can pass on information’s to the less informed. This is not a climate for monopolising pertinent valuable information which can help to reduce the frequencies of attacks through ignorance.