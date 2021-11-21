Bank customers lost a whopping N42.755 billion to fraudulent activities perpetrated through social engineering in just three months, data obtained by LEADERSHIP Sunday have shown.

Social engineering is when fraudsters trick individuals to reveal personal data that could be used to access their bank accounts.

In the heat of the COVID-19 pandemic and the months following, many Nigerians were and are still being defrauded mainly thorough social engineering.

With increasing penetration of fraudsters into the banks’ database, experts have warned Nigerians to avoid releasing sensitive information to strangers.

This is as some customers believe that staff of banks also collude with these fraudsters to release sensitive information with which they use in perpetrating their heinous crimes.

Data from the Nigeria Inter Bank Settlement System (NIBSS) showed that social engineering is still a preferred and successful technique employed by fraudsters, as a total of 11,589 cases were reportedly carried out using various social engineering techniques, resulting in N42.755 billion fraud loss value for Q3,2020. This represented 68 per cent of the entire fraud volume and value for the third quarter of 2020.

Although, LEADERSHIP Sunday investigation revealed a rapid increase in the spate of calls from fraudsters claiming to be bank staff with the motive to get sensitive information that could give them access to victims’ accounts, there are strong indications that some bank workers partake in this racket by selling sensitive information of customers to these fraudsters for a fee.

Experts however believe that while few of the fraudsters have insider links in the banks, a majority of them rely mainly on information gotten from people’s mobile phones, especially, stolen ones, or from websites in which bank customers may have done one transaction or the other, hence, revealing certain sensitive information that could be useful for fraudsters to pounce.

LEADERSHIP Sunday learnt that the fraudsters trick Nigerians by pretending to be staff of a bank, and ask for some details that will give them access to customers’ bank account; once they succeed in getting the information, they withdraw almost all the funds in there.

So, when fraudsters call bank customers and read their bank verification number (BVN), their full names and date of birth, many believe that they are being called from their banks and give out other sensitive information such as the two-factor authentication code that allows a successful diversion of the customer’s fund.

Many Nigerians have been defrauded this way and there has not been anyone who takes responsibility for the funds that have been stolen in this regard.

While banks, in this circumstance, always insist that the customer would have compromised his or her bank details for the fraud to have been successfully carried out, customers accuse the banks of leaking out information or collaborating with the fraudsters.

One opportunity that fraudsters leveraged on last year was through the several government social intervention funds aimed at relieving the impact of the Covid-19 pandemic on Nigerians, to rob them of their funds.

They had sent messages via WhatsApp and text telling people to fill a form to be a recipient of some of the funds being disbursed.

Similarly, the federal government N-Power website was cloned as individuals filled out sensitive information on phoney websites. An individual lost more than N1 million to fraudsters within hours of filling out his details such as BVN, full name, date of birth and home address, alongside other details on the cloned website.

According to data from NIBSS, attempted fraud value rose by 44 per cent in the third quarter of 2020 compared to Q3 2019, while actual loss value for Q3 2020 rose by 500 percent compared to Q3 2019.

In Q3, 2019, there was 10,692 attempted fraud cases with a value of N1.09 billion while actual loss was N552 million. The figure, however, rose to 16,988 attempted fraud cases with a value of N3.5 billion of which actual loss to fraudsters was N3.35 billion.

While noting that there have been a few cases of bad eggs within the system who collaborate with the fraudsters,

the director of corporate communications of the Central Bank of Nigeria (CBN), Osita Nwanisobi, pointed out that most bank customers in one way or the other compromise their data.

According to him, most individuals store their bank details such as account number and bank name as well as BVN on their phone which can be easily accessible by anyone who has access to the phone.

“Most of the time we give them the information. I have been hearing the stories and the reality is that we give the information. When some of these criminals are caught and they begin to tell how they do these things, we know that we give them the information.

“They tell you that all they need is your phone or your simcard and once they are able to get your sim card, it is possible to get some of these things. I am not discountenancing that even in the system, we still have some bad eggs, and it is very possible that some of them might connive, but the reality is that often times we give the information,” Osita stated.

When LEADERSHIP Sunday spoke with some bank customers, it was discovered that many store their BVN and account numbers in their contacts list which makes it easy for anyone to be able to have access to them.

Asides this, Osita noted that Nigerians also put out sensitive data when they input their details on suspicious websites.

On his part, group head, Payment Solutions, Unified Payment Services Limited, James Agada, said in most cases, there has to be a hole which the fraudsters have access to before those frauds can be successful.

“The truth is that the fraudsters will not tell the truth about how they operate and the customers will not tell the truth about how they safeguard their credentials.

“As a customer, if you have in your phone your account number, you put your BVN and all your details and your phone is stolen, someone can access it; sometimes, it is very simple: they steal your phone, they copy your data and then use it.

“In Nigeria two-factor authentication is mandatory, so for someone to be able to do this he has to redirect your two-factor authentication to your phone which he is holding. If he is holding your phone, it is possible to come in and request a change or do some other thing.

“If he doesn’t have your phone but has collaborators in the bank, it is possible for them to work together with the collaborators and momentarily divert the two-factor authentication to their phone; they do the transaction and divert it back and you get the notification.”

Meanwhile, some have accused the road-side business centres who help individuals do the National Identity Number (NIN) registration as being farms where fraudsters harvest data from.

Although the National Identity Management Commission (NIMC) does not list the BVN as a requisite for NIN registration, some of the centres, it was gathered, request for it and an operator of such a centre told LEADERSHIP Sunday that with the technological advancement and the orientation of most of the youths in the country presently, it cannot be ruled out that some individuals’ data can be copied at these centres.

However, he said, the two-factor authentication as provided by the bank ensures that the customer is protected and as long as the customer does not provide the fraudster with the code as sent by the bank, the fraud cannot be successful.

When asked the role of banks in this racket, the president, Association of Senior Staff of Banks, Insurance and other Financial Institutions (ASSBIFI), Comrade Oyinkan Olasanoye, linked most fraudulent activities in banks to casualisation, saying “because of the poor conditions of service, most of workers in banks divulges information to outsiders who use such as tools to defraud innocent customers.”

According to her, some innocent customers often fall victim as they are called by their names and exact BVN which they get from casual workers who felt they do not have a stake in the banks.

On how the police handle such matter, the public relations officer (PRO), Police Special Fraud Unit (SFU), Deputy Superintendent of Police (DSP) Eyitayo Jonhson, explained that when instances of collusion by bank staff with fraudsters to defraud customers happen, the police try to address it based on available evidence.

According to him, “Petition can come from either individuals or the bank itself. If the petition comes from the bank we expect the bank to have conducted some level of internal investigation and only come to us to prosecute the offender because they lack that power of prosecution. In this instance, the suspect, which may include the bank official, will be arrested and prosecuted, after investigation.”

While warning Nigerians to be watchful on how and who they release their sensitive information to, he said some of these fraud cases were due to the negligence of the customer itself whereby they divulge information such as PIN and token on phone when a supposed bank official calls.

Eyitayo advised customers to approach the fraud unit of the police when they sense foul play on their accounts, especially, when it has to do with the negligence of the bank,

Customers, he advised, must have the phone number of their account officers, as it would be useful whenever they notice illegal transactions on their accounts, before all their deposits are withdrawn.

“It’s unfortunate most customers don’t have the contacts of their account officers. This is crucial to stop further transactions on their bank immediately unauthorised withdrawals are made. Thereafter, they can now visit the bank on the next working day and lodge an official complaint.

“However, when the bank refuses to do the needful, then they (customers) can reach out to law enforcement agents, like the SFU or any fraud unit for redress,” he said.