The alarming rate of fraudulent practices perpetrated by cybercriminals in the banks in collaboration with their willing accomplices who breach all known security protocols has led to the loss of depositors’ funds running into billions of naira in recent times, reports Ibrahim Apekhade Yusuf
Watch your bank, cybercriminals on the prowl!
Ordinarily, banks are supposed to be safe havens for funds. But the irony of it all is that these days funds meant for safekeeping are not even safe in the banks any more than they are safe outside. (No pun intended).
The word ‘alarming’ becomes apposite in describing the rapidity of the occurrence of frauds and crimes in banks and other financial institutions these days.
The situation is so bad that when this reporter got a hint about one victim and was carefully following the lead, other chilling accounts of victims conned by cybercriminals broke in quick successions right in the middle of it all.
Read Also: First Lady’s RHI awards scholarships to 46 tertiary students
Different accounts by victims all seemed unbelievable at first and could have been scenes taken straight from some crime thrillers judging by the sheer audacity and clinical precision with which they were executed.
Victims of bank frauds linked to Opay
Five victims of bank frauds; let’s call them ABCDE; six weeks ago had their banking details compromised in ways considered both novel and unfathomable from OPay Digital Services Limited (doing business as OPay), operates as a mobile based money platform and offers money sending and receiving, funds disbursement, and payroll processing solutions.
Victim A operates an account in one of the new generation banks. A family member sent him money to an Opay account, with all his details such as full name, phone-generated account number. He later received a transaction receipt as evidence of payment from his cousin bearing all his details. But he swore by his life that he didn’t open the Opay account himself and no one has yet informed him that an account was opened on his behalf.
As at the time of filing in this report he was yet to unravel the mystery surrounding the account and of course, didn’t access the funds either because he didn’t open the account in the first place, so naturally access would be denied. This is case of identity theft.
In the case of victim B, he operates as a merchant with Opay, that means he can transact in high volume of cash as a mobile money operator. A customer had visited his store around Itire Road, Lagos and requested a transfer N350, 000 to be made to another Opay account with proof of payment sent. The merchant was to retrieve the sum from the customer’s account. He withdrew the money alright from the customer and made the transfer to the receiving account, which is an Opay account with proof of payment sent accordingly
But less than 30 minutes after the transaction, he received three debit alerts of N300, 000, N300, 000, N200, 000 cleared from his account to the same account he had previously paid the sum of N350, 000 moment’s ago. He was completely stunned. Pronto, he sent words to the Opay customer care to put a lien on his account to stop further transactions. As at the time of filing this report he was still battling to retrieve his money back.
Victim C, D and E; all have peculiar if not similar cases. They all have accounts with GTB Bank. At separate times, they received debit alerts from their banks of monies leaving their account without their authorisation at Friday and Saturdays respectively. They visited their banks to complain at the first day of the working week on Monday, where the bank had them fill complaint forms and they had to wait for the customary five working days before resolution of their cases. But at the expiration of the time, there was no word or any action from the bank until one of the customers personally had to call out the bank on Twitter that they E-Fraud Unit deemed it fit to say that the moneys were transferred to the Opay merchant accounts and therefore it was no more in their jurisdiction. Beyond that feeble excuse nothing else was said about how the customers would get their refund.
Mum’s the word from Opay
After hearing the chilling accounts of victims of bank frauds linked to Opay accounts, our correspondent reached to the customer care line of the mobile money platform sourced through its website as follows: 07049147958. But all calls put to it were futile as the number has remained switched off.
However, as a last resort, a mail was sent ng-antifraud@opay-inc.com with the CBN Complaint desk copied as follows: cpd@cbn.gov.ng, with no responses yet from the two as at press time.
More horror stories of victims of bank frauds
If the accounts of the victims of fraud linked to Opay account is bad enough those of other mainstream bad is worst off.
A case in point is Mr. Osita Godwin Chiagba, a businessman. On May 7th 2022, Chiagba, who deals majorly in generators of all types, was at the llasamaja Market, Lagos, trying to procure generator parts for a customer.
Few minutes after getting to the market to make purchases he heard his phone beeped in quick successions and by the time he retrieve the phone from his pocket, he saw debit alerts, about seven of them ranging from N20,000 to N50,000.
Alarmed because the debit transactions were not authorised by him, he rushed to the nearest Access Bank to report the incident. His account, 144….31 was blocked but by then the suspected fraudster had withdrawn N220,000. This was money a customer paid into his account for the purchase of the generator parts that brought him to the market in the first place.
Naturally, he visited the nearest branch but was directed to his home branch, at No. 205 Shasha Rd, Akowonjo, Alimosho Local Government Area, Lagos.
Completely stripped of the money for the purchase of the generator parts, he went straight to the Access Bank branch, where an official named Mr. Lewis prodded him to no end and was able to establish that his ATM card and other bank materials were not compromised, and subsequently advised him to go to the Police Station.
He got to the Afonka Police Station, Shasha alright but officials demanded some money to enable them engage a tracking company. He could not do the bidding of the policemen and later returned to the bank, where to his temporary relief they told him that the bank had been able to track the beneficiary’s account number, names and other details. Elated, he asked how soon he would be able to get his money.
However, to his greatest surprise, the bank official told him that it was his business to pursue the case. He complained of lack means to do so, arguing that he would have sought a safer place to keep his money if he knew his bank was not reliable. At that point, the bank official told him that they would still get in touch with him.
Days later, he received a message on his phone from the bank asking to give them till the 14th of July 2022. “Dear Osita, your case ID is CAS-13447128-44N5YO—we will update you by 14/07/2022.”
Since then he has not heard from the Access Bank and all his efforts to speak to them have yielded no positive fruit thus far.
If Chiagba’s case seemed pathetic, that of Mrs. Obiamka Jide is gut-wrenching indeed.
Jide, a GTBank customer with the acct no. 014…5, was at Afeez Bus Stop, Ogba, Lagos, January 15 2022 to make withdrawals from a GTB ATM.
Unfortunately her card got trapped in the ATM without dispensing money. Four days after the incident, Mrs. Jide, a pregnant woman, went to the bank to retrieve the card, but was advised to get another card as she could no longer use the other card because 24 hours had elapsed. On 19th January, a new card was issued to her.
However, on the 28th of January, barely one week after, she received several One Time Pass codes [OTP] asking her to use the OTP to confirm her new means of authentication for her GTBank mobile app. The heavily pregnant woman quickly ran back to the bank to confirm if the messages were from them. They replied in the negative and subsequently advised that the mobile application be deleted while they reset the password and her secret questions and re-issued her with a new card.
About two weeks after, the second card was issued to her, precisely on February 17th 2022, she received a similar OTP, asking her to confirm her new means of authentication for the mobile banking. Like before, she headed to the nearest GTBank but before she could get there, a total of two million, one hundred and ninety thousand naira [N2,190,000] had been removed from her account.
She rushed to her bank to report the case. The next day, she sent an email addressed to the manager at the Magodo branch of GTB, detailing everything that happened. She stated that N300, 000 was moved from her account to an account with the name Reuben Ishaya, of Sparkle Microfinance, with account number 1000374253. The rest of the money was moved in batches of N400,000, N500,000, N509,000, N490,000 to Sporty Internet Ltd, who listed their phone numbers as 07047983718, 09063280548, 09160197607 and 09069168175.
In the email which was made available to The Nation, Mrs Jide demanded that GTB should investigate and fish out the perpetrators and return the money. She threatened that if the bank did not return the money she kept in their care, she was prepared to go to town with the story as well as get relevant agencies like the Central Bank of Nigeria [CBN], and the Nigerian Deposit Insurance Corporation [NDIC] involved in the case.
She later received an email from the bank which stated that her request on fraud/unauthorised transaction with ticket number 220221252603477 had been received and should be resolved by 23/02/2022. “If you are not satisfied with the resolution after the time frame provided, please visit the help Center on GTbank website.”
Subsequently, she received another email dated February 23 2022, signed by Omoruyi Aiyudu, E.fraud, Analytics and e-channel security Group, stating that the fraudulent transactions were done via mobile banking platform.
Mr. Aiyudu stated that the customer’s account was restricted from further debit immediately she complained. He stated that the beneficiary’s bank was immediately contacted to restrict the beneficiary’s account but “we received feedback that the accounts had been restricted and funds drawn. However, we are following up to obtain the beneficiary’s BVNs for the watchlist. We are also following the merchant.”
Furthermore, Mr. Aiyudu stated that the transaction was authenticated on all security levels of the mobile banking platform. He said that investigation revealed that the customer’s profile was registered on a new mobile device at 12:55:32pm on 17/02/2022 with her card details and One-Time Pass Code [OTP] sent to the customer’s email address/mobile phone.
“We have reasons to believe that your security details, email and mobile number had been compromised. It is important to state that our investigation did not reveal internal compromise or wrong doing on the part of the bank. We advise that you immediately report this matter to the police for further investigation as the bank is willing to cooperate with the police in carrying out their investigation.”
At this stage, the pregnant distraught customer had to petition the Deputy Commissioner of Police, State Criminal Investigative Department, Smith Street Yaba, Lagos. In the email dated February 2022 made available to The Nation, she appealed to the Police to help retrieve her money. “I am trying to survive with the little money the said culprits stole from my account and I do not have any option than to report this matter to your good office to investigate and recover my money.”
Not having heard from the bank since the last communication of two weeks, she emailed them again requesting for an update and stating her dissatisfaction with the lackadaisical manner they were handling her case. “I am totally dissatisfied with this incident and expect that GTB will go all out to resolve this issue by ensuring that the fraudsters are apprehended. I believe NDIC and the CBN will not take unauthorised withdrawal from a bank customer’s account as a light matter but will ensure the customer is protected and money refunded. I await your swift response.”
Responding to an email dated March 11th 2022, the bank said, “we reached out to the merchant, unfortunately funds had been drawn. We advise that you report this matter to the law enforcement agencies for further investigations.”
Being left completely in the cold by the bank and with the police dragging their feet, she had to use high personal contact to mount pressure on the police who subsequently mounted pressure on the bank even threatening to arrest some staff.
“The bank did not want to pay. They said they had many customers with such issues and if they should refund all of them, that the bank would collapse. At one point, they said I should go to court. They deployed all manners of delay tactics.
“With my highly placed contact mounting pressure on the police, a series of meetings were arranged between the police, bank and myself to resolve the matter. The police insisted the bank repay the money that was in their custody.”
Exactly three months from the time Mrs. Jide reported the case to the police, as the brouhaha continued between the bank and the police as to how the female bank customer would recover her money, Mrs Jide who was under great stress, suffered a miscarriage.
According to her, it took that miscarriage for the bank to pay her. “Immediately I sent them news about the miscarriage and photos of the foetus, the next day GTbank credited my account with N1,790,000.00 remaining a balance of N300,000.00 which I have vowed to collect. It was not easy getting my money back.”
In a telephone conversation with the reporter, last week, Tuesday, Mrs. Jide disclosed that she had sent messages to the bank demanding for her balance. She equally revealed that she sent a message to the Police last week 25th July 2022 wondering why they have not been able to arrest the culprit and recover her money when they have his address and other contact details.
Unlike Mrs. Jide who was able to recover the bulk of her money based on her high network of contacts, this may not be so for the likes of Mr. Osita Chiagba and many other bank customers with no police connections and contacts in high places.
In an email dated July 21 2022 and addressed to the Corporate Affairs Manager of Access Bank, Mr Abdul Imoyo, our correspondent wanted the bank’s side of the story but could not make any positive headway as many questions were left unanswered.
Much later in the day, Imoyo called the reporter and advised that Mr. Chiagba should report the case to the police.
When the reporter informed him that the case had already been reported to the police, he said the affected customer should get a court order.
On why the bank could not refund the customer, he confirmed what Mr. Lewis told the customer earlier, “many customers have this issue and if we keep refunding them the bank will close-down.”
The question on the lips of many is that does that mean that customers’ money is not safe with Access Bank.
Psychology of scammers
On how cybercriminals operate, Salisu Adamu, a security cum ICT expert said most times the scammers open new bank accounts and present fake identification documents with their synthetic identities.
More often than not, they make small deposits and withdrawals to help build the synthetic identity’s credit history.
“Bank frauds occur due to ignorance, situational pressures and permissive attitudes. It is difficult to detect in time and even more difficult to book the offenders because of intricate and lengthy legal/judicial requirements and processes.”
Scammers, he noted, get access to your bank account numbers through fraudulent telemarketer calls or by stealing them from unsecured websites when you sign up for a free trial.
“Once a scammer has access to your account information, they can debit your account every month with your knowledge or approval. Besides, they can use all sorts of tricks to figure out which bank you use, including your social media and Internet activity just by guessing a major bank. They send you communications — mail, email, text messages, social media messages, etc. — that appear to be from your bank.
“Fraudsters can still use your debit card even if they don’t have the card itself. They don’t even need your Personal Identification Number—just your card number. If you’ve used your debit card for an off-line transaction (a transaction without your PIN), your receipt will show your full debit card number.”
Pressed further, he said, “Fraudsters can use all kinds of methods to find your personal or banking details. If they get hold of them, they can try to use your bank account to steal your money.”
While speaking on the punishment for scamming in Nigeria, Adamu said if the property defrauded of the accuser is not worth up to ¦ 1000, the punishment is a sentence of three years imprisonment or more but not up to seven years.
Nigeria not alone
Banking and financial-related fraud has gotten so sophisticated these days such that no bank is inured to the antics of these fraudsters who perpetrate these crimes as they operate like a syndicate with network across different verticals of the criminal world, most especially cybercrime.
The Centre for Strategic and International Studies (CSIS) estimated that $600 million is lost to cybercrime each year, an increase from a 2014 study that puts global losses at about $445 billion.
In Africa, the cases of cybercrime recorded a massive rise in the first six months of 2022, with phishing and scams hitting 438 percent and 174 percent in Kenya and Nigeria respectively.
Echoing similar sentiments, Dell Technologies had in a recent study stated that cyber-attacks in Africa grew by 600 per cent in last two years.
According to the firm, in its latest report titled ‘Keep Your Business Cyber Safe’, 90 per cent of business on the continent is operating without necessary cyber security protocols.
Businesses in Africa are a breath away from being hit by a cyber-attack, as new a report from Dell has shown that as much as 90 percent of companies on the continent operate without a cyber-security protocol.
It said, “$4bn is lost annually to cybercrime in Africa. 52 per cent of companies in Africa believed that they were unprepared to handle a large scale cyber-attack. 88 per cent of all data breaches are caused by an employee mistake.”
CBN, CIBN to the rescue
Alarmed by the spate of bank frauds, concerted efforts are being made by stakeholders to rein in this hydra-headed monster of some sorts.
One such move is the one being mooted by the Committee of Chief Information Security Officers of the Nigerian Financial Industry (CCISONFI), in partnership with the Central Bank of Nigeria (CBN) and the Bankers Committee.
The tripartite cooperation will lead to the unveiling of a new campaign to sensitise citizens on the need to be cybersecurity conscious, The Nation can authoritatively report.
The anti-fraud campaign titled ‘NoGoFallMaga, Confam Am Again’ which will be delivered in many languages is targeted at customers of commercial banks, payment service providers (PSPs) and the citizenry in Nigeria, which is delivered leveraging local technical consultants including Cybersafe Foundation and The Hook Media.
According to the partners, cybercriminals work on the ignorance of the populace and delivering the campaign in different languages will help to carry everyone along to reduce the menace of cybercrime in the country.
Justifying the need for the intervention, Festus Amede, chairman, CCISONFI, said the rise in cybercrime and fraud may lead to an increased loss in customers’ trust and confidence in the financial system.
“This increased innovation and use of digital platforms has greatly transformed the cyber and technology landscape thereby giving rise to new risks, especially with sustaining trust and confidence in customers’ ability to communicate and transact securely within the financial ecosystem.”
He said only through concerted efforts and collaboration by industry stakeholders to ensure that customers remain cyber-aware, can there be reduction and eventual elimination of the menace.
Abumere Igboa, chief information security officer, Stanbic IBTC Bank added that the campaign is aimed to guide Nigerians from falling victim to different tactics and methods fraudsters may attempt to come at them, including how to respond.
He explained that the ‘last man standing’ is actually the target of the fraudsters since the customer is the final authoriser. “A lot has been done behind the scene by the banks, and they are still doing more, but the most effective security lies with the customer, who is the last firewall.”
Peter Obadere, chairman of Cybersafe Foundation said the essence of the initiative is to build a human firewall in addition to the security firewall being built by the financial institutions to prevent fraud.
“What we’re doing today, is about increasing the cybersecurity intelligence quotient of the populace, which is very important. It’s about building the human firewall,” Obadere said.
Complicit of banks’ staff
Indications are that most bank frauds are most times instigated by staff of the banks, especially account officers who have access to customers’ accounts.
More worrisome is the fact that most of these bank staff-assisted frauds are often treated with kid gloves by the banks in question, even when customers lodge their complaints and there are traces of where the money is fraudulently transferred to, banks where the transactions originated from are usually unwilling to take it up the case.
Investigation by our correspondent revealed that most banks don’t reveal the identity of their staff involved in such fraudulent practices; neither do they openly accept that their staff was complicit, even very obvious cases.
Rather, they quietly discipline such erring staff even as they absolve themselves of any blame.
However, in rare cases when they faced with tough customers they settle such discreetly to avoid trouble for the banks as a face-saving measure.
EFCC dragnet
In a few reported cases where the anti-graft agency, the Economic and Financial Crimes Commission waded in there have been breathtaking successes like the case involving a First Bank staff Andrew Nwadiashi who debited over N9m from customer’s account.
Nwadiashi a 40 year-old banker and eight internet fraudsters including: Osawa Marvellous, Etinosa Ogieva, Erharruyi Osaigbovo, Isaac Godstime Eghosa, Obasohan Kelvin, Evans Jessa Mike, Timothy Odion and Festus Efe Iyengunmwena, were on Friday, August 4, 2023, convicted and sentenced to prison by Justice M. Itsueli of the Edo State High Court sitting in Benin City.
Nwadiashi was arrested following a petition by First Bank sometime in 2020.
As Head, Non-Financial Transaction at Warri branch of the bank in Delta State, Nwadiashi disregarded banking policy and debited a customer’s account to the tune of N9, 354,000.00. During investigation the banker confessed to the offence.
The eight other defendants were arrested following intelligence which linked them to internet fraud activities.
They were subsequently arraigned on separate one count charges bordering on stealing, retention of proceeds of illegal activities and unlawful possession of fraudulent documents by the Benin Zonal Command of the EFCC.
Upon arraignment, the defendants pleaded guilty to their respective charges, prompting the prosecution counsel, I. M Elodi, IK Agwai, K.Y. Bello and Ibrahim Faisal to ask the court to convict and sentence the defendants accordingly.
Justice Itsueli convicted and sentenced Nwadiashi to two years imprisonment or a fine of N200,000. The defendant had fully paid the aggregate sum N9, 654,000.00, being the principal sum and interest, in restitution to the victim of crime.
The court convicted and sentenced Marvellous, Odion, Ogieva and Iyengunmwena to three years imprisonment with an option of Three Hundred Thousand Naira as fine.
The duo of Osaigbovo and Mike were each sentenced to three years imprisonment with an option of Two Hundred Thousand Naira fine.
Eghosa and Kelvin, each bagged one month imprisonment and a fine of Two Hundred Thousand Naira.
Justice Itsueli ordered that a Toyota Lexus ES 330; Lexus E350, phone, laptops and the balance in the convicts’ bank accounts be forfeited to the Federal government of Nigeria.
The EFCC, have also stepped up awareness about cybercrimes as part of efforts to bring bank-related fraud top its barest minimum.
In a public notice announcement sighted by The Nation at the weekend, the agency on its official website warned Nigerians about the new antics of cybercriminals.
In the statement issued by the Cyber Crime Department, which reads in part, it said, “This is to inform all the citizens that the Mobile Sim Card 5G service has started. This is something you already know, some miscreants oif cybercrime will call your mobile and tell you to update your Sim card from 4G too 5G and you will get an OTP. Please, do not provide the OTP sent to you. If you tell them the OTP number sent by them, they will transfer all the money in your bank account to their own account, so please don’t tell if any stranger asks for OTP.”
No respite for thieving bank staff
In a move which will help curb the excesses of bank staff involved in pilfering, aiding and abetting crimes in the banks, the lawmakers at the 9th Assembly proposed a bill to sentence culprits to 20 years jail-term.