Internet Crime Schemes through various methods steal millions of dollars each year from victims and this ugly trend has continued to plague the Internet and its users. Regrettably, a large number of the world population relies enormously on the services provided by this information superhighway to do several things. Nigeria has most recently joined the fray especially in the use of various IT portals to do several online transactions. A good example is the recent widespread use of debit cards (ATM Cards) and the resulting identity thefts such as phishing and spoofing scams which gave rise to this piece.
Identity theft occurs when someone appropriates another's personal information without his or her knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. Typically, the victim is led to believe they are divulging sensitive personal information for legitimate business transactions.
The most recent form of identity theft that is prevalent in Nigeria is the use of Spoof/Phishing emails/websites to steal vital information of Interswitch card users. In this case, perpetrators send bulk email to unsuspecting card users requesting them to upgrade their card information.
For the uninitiated, Phishing is simply put the fraudulent process of attempting to acquire sensitive information such as usernames, passwords, Personal Identification Number (PIN) and other card details by masquerading as a trustworthy company in an electronic communication.
Phishing is typically carried out by e-mail, text message(SMS) or instant messaging (yahoo chat, hotmail chat etc), and it often directs users to enter details on a fake websites that are almost identical (or sometimes identical) to the legitimate company.
The email is delivered to one’s inbox usually with the legitimate company’s email address (e.g. info@interswitchng.com). Please see sample email below. This is achieved by using a technique called spoofing.
E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. This is achieved by changing certain properties of the e-mail, such as the ‘From’, ‘Return-Path’ and ‘Reply-To fields’ (which can be found in the message header), the fraudsters make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to have originated from the address indicated in the ‘From’ field (found in the e-mail headers) it actually comes from a fraudulent source. This form of scam could be compared to forging the letter head paper of another company.
From my analysis, the email below is not from Interswitch Nigeria. But you will be amazed at what you see when you open the web link provided in the email. Interswitch website was almost neatly cloned in such a manner that the uninitiated will surely fall for it. I am wondering how many innocent victims that have fallen for it as I write. I am hopeful that Interswitch will be reading this piece. An email alert has already been sent to Interswitch Nigeria to urgently shut down this weblink:http://h1.ripway.com/in11/UpdatingyourInterSwitchngAccountOnline_.html. I have to also commend Interswitch Nigeria for shutting down this spoof website: http://interswitch001.justfree.com/mukoro/update2009.htm . As the last time I checked, this site has been shut down. Kudos to Interswitch Nigeria! Keep up the good works and continue to bring your experience in IT security to bear in online and IT enabled transactions.
The web link above is still running! Like I said earlier, it was “almost neatly†spoofed. Unfortunately, a thief will oftentimes leave a trail!
My observations:
This is the official website of Interswitch Nigeria: http://www.interswitchng.com/. The first thing you notice on this website is a FRAUD ALERT warning users of Interswitch Nigeria products and services of this prevailing identity theft. When this alert is closed and you go to the main home page (index), the Site has three navigational bars on its front page: the first is “Interswitch & Youâ€, the second is “Interswitch & your Business†and the third is “About Interswitch†in that order reading from left to right. But in the spoofed site, the order above was re-arranged. “Interswitch & your Business†came first instead of “Interswitch & You†In the spoofed website, the “Interswitch & your Business†navigational link was in fact repeated; the first one is not dynamic and does not point to any url while the second one points to a link cloned and redirected to the Interswitch original website. Quit splendid and ingenious, if you ask me! Give it to them these guys are smart.
When you click on the “Back†button on the browser, it takes you back to the spoofed site. In fact, that is the page where the phishing scam is actually perpetrated. The page is neatly cloned to give the visitor the false impression that he/she is on the Interswitch website. Secondly it also gives the false appearance of a secured server. I pointed my cursor on the “key†symbol which usually suggests that the information you about to provide is being processed on secured and highly encrypted server. Unfortunately, again the key symbol is not dynamic and does point to any url.
Tips.
· If you have responded to the email above and registered your card or think your card details may have been compromised in any way, contact your bank immediately to either block your card or go to the nearest ATM to change your PIN.
· In the case of Interswitch ATM cards, it is advisable for you to change your cards to the Interswitch Verve card. The Verve cards make use of chip and pin with added security that will be very cumbersome for fraudsters to clone. It is highly advisable that you change your old card to the newly introduced Verve card.
· In addition, it is recommended to use ATM Cash point in secured locations.
· Change your default password the first time you activate your ATM cards.
· Destroy the small slip where your default password is written once you have changed the default password.
· Do not write your pin/password on your phones, diaries, notebooks etc. The best option is to memorize your pins/passwords.
· When changing the default password ensure you use pins/passwords which can easily be remembered by you and accessible to you and nobody else.
· Do not put all your eggs in one basket. Avoid carrying all your cards in your wallet.
· Report immediately to the bank or your service provider if your wallet containing your Debit/Credit cards is stolen.
· If you visit a cash point and you could not have access even when you have inputted the right pin/password, it could mean that your pin/password has been compromised. In this case you have to inform your bank as soon possible.
· Ensure websites are secure prior to submitting your credit/debit card details.
Sadly and quite honestly, I have to acknowledge the ingenuity of these guys. How, I wish they could channel their immense intellectual endowments to other decent, legitimate purposes and endeavours.
During the research for my Book, “Cyber Fraudsters: The Menace In The Internet†(yet to be published) I had the unenviable privilege of talking to most of the guys who perpetrate these kinds of cyber crimes. In fact, majority of their views and opinions boil down to the inability of the government to provide a level plain field for them to grow and excel in their chosen endeavours.
This is where the government has to step in to addressing cyber and IT related crimes. This could be done by creation of massive jobs especially in IT related areas by both private and government driven initiatives. It is highly recommended for the initiation of stake-holders forums that will be all embracing where the IT fraudsters will be provided with the leverage, impetus and security (“unconditional amnestyâ€) to “renounce†their acts and embrace various decent and legitimate means of livelihood. We cannot afford to “siddon look†and wait for the “looming militancy†in the internet.
Jude Aririesike is Cyber Fraud analyst and Public Relations/Management Consultant and writes from Abuja.
