Is cybercrime here to stay?
In this article, JULIANA AJAYI writes on the cost of cybercrime in Nigeria and efforts to combat it
In 2020, when Cynthia Daniels (real name concealed) completed her National Youth Service Corps assignment in Anambra State, she returned to her place of residence in Lagos State, in search of a job. One year after, there was no job available for Cynthia, until February 2022 when she woke up with a congratulatory Short Message Service on her phone.
She had been invited for a job interview at Ogba, Lagos, supposedly recommended by the Federal Government. Dressed for the interview with high hopes, she left her house at Agege to Ogba. She was to discover that she could have lost her life, if she hadn’t dropped her bag and phone for the criminals in the garb of interviewers.
Like Cynthia, quite a worrying number of people have fallen victim to cybercrime, through electronic mail, theft of financial data, cyberextortion, phishing, among many others.
For many years, users of Nairaland, an online platform where various people discuss topics across all spheres of life, have continuously updated Nigerians on places to avoid when searching for jobs in Lagos, as they are hideouts for fake recruiters. Ogba is among them.
In 2021, a young lady, Hiny Umoren, who graduated from the University of Uyo, awaiting her NYSC call up, was lured with a fake job interview on social media by a young man, Uduak Akpan, disguised as a job recruiter. Her trip to the interview resulted in her murder by Akpan.
Today, criminals disguise as job recruiters, government agencies and federal aid officials.
Research published by the Institute for Securities Studies shows that cyber attacks in Nigeria surged following the outbreak of the Coronavirus Disease, which resulted in restrictions and lockdowns.
According to the ISS, commercial banks in Nigeria lost a cumulative N15bn ($39m) to electronic fraud, a 537 per cent increase on the N2.37bn loss recorded in 2017. Over 17,600 bank customers and depositors lost N1.9bn to cyber fraud in 2018, rising by 55 per cent from the previous year.
In addition, Nigeria’s Consumer Awareness and Financial Enlightenment Initiative has projected a $6tn loss to cybercrime within and outside Nigeria by 2030. These crimes are committed mostly through phishing and identity theft.
Deloitte Nigeria, which specialises in audit, tax, consulting, risk advisory and financial advisory services, reported a spike in phishing, malicious spam, and ransomware attacks. Cyber criminals are using COVID-19 crisis to impersonate brands, thereby misleading customers and employees.
Phishing
Phishing is an attack aimed at stealing people’s money, identity or other personal information by getting them to reveal their personal information, such as card numbers, bank information or passwords on websites that pretend to be legitimate.
Phishing allows fraudsters to appear legit; it is also the practice of sending fraudulent communications that appear to come from a reputable source, usually carried out through emails. It is one of the commonest types of cyber attack.
According to Cisco, a global Informations Technology and Networking company, phishing starts with a fraudulent email or other forms of communication designed to lure a victim. The perpetrators start by identifying their target and creating email and text messages that appear to be legitimate but contain dangerous links, attachments or lures that trick their targets into taking an unknown, risky action. Such messages include those claiming to be a grant from the Federal Government of Nigeria. A most recent one circulating is designed to falsely inform people of a special package to celebrate the emergence of former Governor of Lagos, Bola Tinubu, at the APC presidential primary on Wednesday, June 8.
Phishers, Cisco added, frequently use emotions like fear, curiosity, urgency and greed to compel recipients to open attachments or click on links, which are designed to appear to come from legitimate companies and individuals.
Cisco warns that cybercriminals are continuously innovating and becoming more sophisticated, adding that it only takes one successful phishing to compromise people’s networks and steal their data.
Google reportedly blocks 100 million phishing emails daily across the globe, about 18 million of which are related to COVID-19. It also warns of unsafe sites, noting that Chrome users would receive a warning while trying to verify a dangerous or deceptive content.
However, bank customers and staff in Nigeria remain exposed to opportunistic schemes by fraudsters, who exploit the uncertainty created by the pandemic.
Cybersecurity
Cybercrime is not peculiar to Nigeria; it has become a global concern. In China, for instance, consumer loss through cybercrime led to $66.3bn in 2017, with the United States losing just about $19bn.
According to Statista, of the global data breach incidents reported in the same year, 69 per cent involved identity theft.
The number of cybercrimes in India is 50,000, with the cost of a data breach in 2021 put at $2.21m, and the state with the most cybercrime cases is in Uttar Pradesh.
In line with Cybersecurity Ventures, global cybercrime damage costs are expected to be $6tn a year, $500bn a month, $115.4bn a week, $16.4bn a day, $684.9m an hour, $11.4m a minute and $190,000 a second.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 per cent yearly over the next five years, reaching $10.5tn yearly by 2025, up from $3tn in 2015. This represents the greatest transfer of economic wealth in history.
Cybersecurity, over the years, has protected systems, networks and programmes from digital attacks. It prevents cyberattacks aimed at accessing, changing or destroying sensitive information; extorting money from users or interrupting normal business processes.
According to a report, implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.
Cybercrime and Nigerian law
“The country’s 2015 cybercrime law may not be adequate to reduce the vulnerability of financial institutions, especially the banking sector, to these offenses. Enabling Public-Private Partnerships and joint task forces could hold the key,” says the ISS.
It is also noted that, in Nigeria, cybercrimes are perpetrated by individuals, hackers, or connected networks of criminals motivated by financial interests.
As a response, banks in Nigeria have taken extra measures, especially since the outbreak of COVID-19. Messages have been sent by phone and email to customers, calling for caution in all online transactions. Government agencies and private corporate establishments have acted likewise.
Under the Nigerian Cyber Law Prevention Act 2015, any person, who, without authorisation, intentionally accesses, in whole or in part, a computer system or network for fraudulent purposes and obtains data that is vital to national security, commits an offence and shall be liable, on conviction, to imprisonment for a term of not more than five years and/or to a fine of N5m. Also, where the office provided in subsection (1) is committed with the intent of obtaining computer data, securing access to any program, commercial or industrial secrets or classified information, the punishment shall be imprisonment for a term of not more than seven years or a fine of not more than N7m or both.
In addition to the Consumer Awareness and Financial Enlightenment Initiative, Nigeria’s Cybercrimes (Prohibition, Prevention, etc) Act 2015 aims to reduce the country’s vulnerability to cyber attacks. The law empowers the President to designate certain computer systems, networks and information infrastructure as vital to national security or the economic and social wellbeing of citizens. The act also gives financial institutions the responsibility for combating cybercrime.
Security limitation
However, limitations in the cybercrimes legislation mean that financial institutions, especially banks, remain at risk. The law – as is the practice across the world – pushes the responsibility for combating cybercrime from the state to financial institutions. Section 37(1), for example, places a duty on financial institutions to verify the identity of customers carrying out electronic financial transactions.
The ISS says: “It is, however, difficult for banks to tackle cybercrime alone when the digital economy enables most financial transactions to take place outside banking premises and in customers’ homes. Former president of the Chartered Institute of Bankers of Nigeria told the ENACT-organised crime project that banks could only take cautionary measures, which are not enough to curtail the threat.”
