On 17th April, 2020 at 12noon I was musing at home when I saw several missed calls from an unknown number and text messages on my phone that read;
“Cash In received for GHS 50.00 from NYAME NA YE ENT ENTERPRISE. Current Balance 608.02. Available Balance 608.02. Transaction Id.54868022865891.
Yellow you have been BLOCK because of wrong Momo transaction received in your wallet thank you.”
Aha! How can I be blocked; MTN paa, I said to myself angrily. How do I rectify this in this lockdown, I quizzed myself.
I was so angry that after reading the texts several times I still could not get past the fact that my number has been blocked. Pandemic, lockdown and MoMo account blocked, gosh!!! I fumed.
I woke up my sister who was enjoying her afternoon nap to listen to me rant about an unfair treatment from MTN.
It was then I noticed the text came from the number who had called and not MTN. It was then I also remembered I do not have that much in my wallet. My sister said sleepily that it is a scam.
This incident is one of numerous tricks cybercriminals use to outwit unsuspecting victims. I remember someone after receiving a similar text message immediately punched in his pin number to send the money back to the said person. Fortunately or unfortunately for him, he did not have the supposed amount he received in his wallet. That was how he was saved from being a victim of scam. Unfortunately, some have not been lucky and duped of huge sums of money.
These old tricks seem to have increased in form that is more sophisticated in recent times due to the novel Coronavirus or COVID-19 pandemic facing the world. Cybercriminals are cashing out on COVID-19 pandemic at an interesting rate.
In order to stop the spread of this deadly pandemic, we have been directed and ordered to stay home. Thus, increasing the routine for working from home, trading online and banking online. The COVID-19 pandemic has made cybercriminals to scam people out of their money, data and to gain access to systems. Currently, as many individuals and companies adopt to operate online in response to the coronavirus pandemic, cybercriminals are also seeking to exploit COVID-19 to target individuals and companies.
Cybersecurity has been and is still a growing issue. Cybercriminals are exploiting people’s concerns and desire for information about the COVID-19 pandemic by directing them towards websites designed to either install malicious software or steal personal information (Australian Cyber Security Centre, 2020).
A Lead, Cybersecurity Delivery – World Economic Forum, Amy Jordan and Threat Intelligence, Palo Alto, Ryan Olson on 30th March, 2020 wrote that many cybercriminals are seeking to exploit our thirst for information as a route for attack. They indicated that attackers are using COVID-19-themed phishing e-mails, which purport to deliver official information on the virus, to lure individuals to click malicious links that download Remote Administration Tools (RATs) on their devices. Cybercriminals are reportedly using malicious COVID-19-related Android applications that give attackers access to smartphone data or encrypt devices for ransom.
It is reported that the global pandemic has also led to the creation of more than 100,000 new COVID-19 web domains, which should be treated with suspicion, even though not all of them are malicious.
Individuals, organisations, churches have been pushed to operate online to limit face-to-face interactions to halt the spread of the disease. Unfortunately, cybercriminals have taken advantage of the pandemic to attract users through various vectors such as phone calls, text messages, social media and phishing emails.
Cybercriminals use phone calls and text messages to scam unsuspecting victims. Just as I received a text that I have received an amount in my mobile wallet.
Protecting yourself against malicious phone calls and text messages
- Do not answer unknown numbers. But if you have to, be sure to ask the name of the person if you are still not sure end the call as soon as possible. You can also use a different number to call the unknown number to verify the identity of the caller.
- Install Truecaller App on your mobile phone to help identify callers. Truecaller would display the name corresponding to the incoming number.
- Read and reread text messages before acting on it.
Cybercriminals use social media platforms to post fake accounts of companies selling electronic products. Such companies do not have physical offices. Oftentimes when an individual shows interest in a product, you are requested to pay half of the amount before delivery. After payment, the individual is blocked and product would not be delivered.
Protecting yourself against social media
- Be sure to only use trusted and verified information from companies’ websites.
- Think critically about the sources of information that you use, and balance all evidence before believing what people share.
Cybercriminals would also send phishing emails pretending to be from reputable organisations. Such emails usually resemble a legitimate email address of an organisation to deceive unsuspecting victims. Malicious cyber attackers use phishing emails to steal personal information.
Protecting yourself against phishing emails
As stated above, cybercriminals and scammers can produce phishing emails that look very legitimate. By following these simple steps, you can assist in protecting yourself against phishing emails:
- Before opening an email, consider who is sending it to you and what they are asking you to do. If you are unsure, call the organisation you suspect the suspicious message is from, using contact details from a verified website or other trusted source.
- Do not open attachments or click on links in unsolicited emails or messages.
- Do not provide personal information to unverified sources and never provide remote access to your computer.
- Remember that reputable organisations locally and overseas – including banks, government departments, Amazon, PayPal, Google, Apple and Facebook – will not call or email to verify or update your personal information.
- Use email, SMS or social media providers that offer spam and message scanning.
- Use two-factor authentication (2FA) on all essential services such as email, bank and social media accounts, as this way of ‘double checking’ identity is stronger than a simple password. 2FA requires you to provide two things, your password and something else (such as a code sent to your mobile device or your fingerprint) before you – or anyone pretending to be you – can access your account (Australian Cyber Security Centre, 2020).
Australian Cyber Security Centre (2020). Threat update: COVID-19 malicious cyber activity. Retrieved from https://www/cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity accessed on Tuesday, 5/5/2020.
Jordan, A. & Olson, R. (2020). How to protects yourself from cyberattacks when working from home during COVID-19. Retrieved from https://www.weforum.org/agenda/2020/03/covid-19-cyberattacks-working-from-home/ accessed on Tuesday, 5/5/2020.
Source: PAU Desk