How to circumvent the deceitfulness of cyber scams
Daniel Olugola was a father in need. A father, who was trying to solicit financial help from social media to help pay for the many surgeries and treatment for his daughter who was diagnosed with a sinonasal tumor.
Yet, he became the victim of online scammers who took advantage of his situation and diverted the funds into their personal accounts.
An unfortunate situation of money that could have otherwise been sent to him to pay for his daughter’s treatments, never reaching him.
His daughter died some months later.
Not all victims of online scams may be in situations like Mr. Olugola’s. In more recurring situations, money is not denied to you, it is rather extorted from you.
Besides the unfortunate incident of Daniel Olugola that Dubawa reported on, we have had to equally report on different manifestations of scams such as scholarship application links surfacing across social media platforms of West African countries Dubawa has a presence in (Ghana, Nigeria, Sierra Leone, The Gambia, and Liberia).
These scholarships are purported to be from reputable institutions, including the Commonwealth seen on both Ghana and Nigeria social media platforms; the University of Oslo and Abu Dhabi University seen on Nigeria social media platforms, and the University of Western Australia seen on Liberia social media platforms – all within the same period of time.
Another kind of scams Dubawa has had to report on are mass-market scams purporting to be from telecommunication group, MTN (here and here), the World Health Organisation, online stores such as Melcom (here and here) and Jumia, the Ministry of Foreign Affairs, and food and beverage companies such as Nestle and Coca-Cola (surfacing in both Ghana and Liberia social media platforms).
Most of these sites were dishonestly offering what they would never deliver, in return for people’s personal data, passwords, and ultimately, money.
Sometimes these scams are so glaringly deceptive that you wonder why people fall victim.
It is for such concerns, that an American-based neuropsychology professor, Stacy Woods, together with some colleagues, conducted research to understand this phenomenon.
The research article, which was featured on the BBC highlighted some common stratagems observed to be used by scammers that made some people easy pickings for them, and Dubawa noticed a similar trend with scams in Ghana which have been reported on.
Popular among those found in the study were:
Familiar brands: In order to sound credible and assume to have some authority, many scammers use a fairly well-known, legitimate, or local business to persuade people.
(Little wonder in Ghana, MTN and Melcom, which seem to be among the top preferred companies for scammers, are always seemingly doing some sort of give-away)
Motivation: In their quest to arouse an urgent desire in people to participate, many scammers make their offers time-bound.
Legitimacy: Some scammers are also observed to use diction that suggests seriousness in business by using legal terms to further persuade people that the offer is legitimate. Others also had website interfaces that are colourful and attractive with photos of money, prizes, and details of purported previous winners.
The study also included an experiment to identify consumer habits and their susceptibility to scams. It found that people who did not mind complying in unknown scams gave their reasons to be that the potential benefits outweighed the risks of loss for them, adding that loneliness, low income, and inadequate numeracy skills were factors that also influenced their willingness to participate.
Noticeable in the demographics of people who were usual prey for such scams, as the study found, were people with fewer years of education and in some cases, younger people.
As observed by Dubawa, particularly about the influx of fake scholarship websites, it is the season (July to October) when most school years are opening. It is found to be an opportune time for scammers to equally gush out their fake scholarship offers given the appropriateness of such a period to the needs of most students.
Notwithstanding, there seems to be a specific motivation and target for most of these scams – money. Hence, it is becoming commonplace now to see scammers lure people into participating in many online activities that are, in most cases, non-existent.
No matter what strategy it takes, whether it is a make-believe promo, fake purchase deal, scholarship scheme, or job offer, let’s call them for what they really are – defrauding and cyber crimes – and they are punishable by law.
Laws are enacted to help you
The complexities of cybercrimes and the anonymity that characterized the medium of criminality make it difficult sometimes to identify the culprits.
Notwithstanding, when a culprit is identified, there are legal provisions in place for such fraudsters in Acts of Parliament, such as Act 29 of the Criminal Code 1960, Act 772 of the Electronic Transactions Act 2008, and Act 1038 of the CyberSecurity Act 2020.
Criminal Code 1960, Act 29
In Ghana, Act 29 of the 1960 Criminal Code does not condone any kind of fraud. For example, Section 16 of Chapter 2 which makes provision relating to fraud states that,
“For the purposes of any provision of this Code by which any forgery, falsification, or other unlawful act is punishable if used or done with intent to defraud, an intent to defraud means an intent to cause, by means of such forgery, falsification, or other unlawful act, any gain capable of being measured in money, or the possibility of any such gain, to any person at the expense or to the loss of any other person.”
Electronic Transactions 2008, Act 772
Even more specifically, the Electronic Transactions Act 772 caters to cyber offenses and their consequent charges, like the Criminal Code 1960. Pertaining to the effect of the cybercrime committed, it makes provisions for offenses committed via electronic means.
These include stealing, appropriation, representation, attempt to commit crimes, conspiracy, forgery, access to a protected computer, obtaining electronic payment medium falsely, general offense for fraudulent electronic fund transfer and general provision for cyber offenses.
Other offenses are unauthorised access or interception, unauthorised interference with electronic record, unauthorised access to devices, unlawful access to stored communications, unauthorised access to a computer programme or electronic record, unauthorised modification of computer programme or electronic record, unauthorised disclosure of access code and causing a computer to cease to function.
Cyber Security Act 2020, Act 1038
The Cyber Security Act 2020, Act 1038 establishes a Cyber Security Authority which is responsible for regulating cybersecurity activities in the country.
Additionally, it establishes the National Computer Emergency Response Team (NCERT) which is responsible for responding to cybersecurity incidents, coordinating responses to cybersecurity incidents amongst public institutions, private institutions, and international bodies.
The NCERT is also responsible for overseeing the Sectoral Computer Emergency Response Team (SCERT), which has oversight of cyber security in designated sectors such as public, banking and financial, energy and utilities, national security, academic, health, transportation, telecommunication, and military sectors in the country.
The Act also allows for a cybersecurity point of contact for the general public – individuals and institutions who are not affiliated to a particular sector – to report cybersecurity incidents.
Section 48 stipulates that,
(1) The Authority shall establish a cybersecurity incident point of contact to facilitate (a) reporting of a cybersecurity incident by the general public; and (b) international co-operation in cybersecurity matters.
(2) An institution that is not affiliated to a designated Sectoral Computer Emergency Response Team, shall report a cybersecurity incident to the National Computer Emergency Response Team through the cybersecurity incident point of contact established under subsection (1).
(3) An individual may report a cybersecurity incident to the National Computer Emergency Response Team through the cybersecurity incident point of contact established under subsection (1).
Regulatory bodies exist to help you
Dubawa spoke to the Director-General of the National Information Technology Agency (NITA), Mr. Richard Okyere-Fosu, who explained the functionality of NITA in helping citizens report cybercrimes.
He said that being the agency responsible for implementing Ghana’s IT policies, NITA also serves as an Emergency Response Team and is committed to ensuring the integrity of websites in the country.
He added that in consultation with Ghana Domain Registry (which is the agency responsible for registering all websites in the country), any website whose domain is found not registered and consequently guilty of cyber offenses can be taken down when reported.
Mr. Okyere-Fosu emphasised that this is provided for in the Electronic Transactions Act 772 which allows for blocking, filtering, and taking down of illegal content.
Section 87 of the Act states that,
(1) The Authority may, on the order of a court, authorise a service provider to block, filter or take down illegal content and phone numbers used for a malicious purpose which seeks to undermine the cybersecurity of the country.
(2) The grounds for blocking, filtering, and taking down illegal content and phone numbers include
(a) the protection of national security;
(b) the protection of children;
(c) the public safety;
(d) the prevention or investigation of a disorder or a crime;
(e) the protection of health;
(f) the protection of reputation or the rights of an individual;
(g) the prevention of the disclosure of information received in confidence;
(h) compliance with a legal order; or
(i) any other ground that the Authority may determine
Mr. Okyere-Fosu further revealed that NITA had in past services, focused more on its operations for government and now, given the rise of fraudulent websites, is purposed to equally focus on its regulatory duties for citizens.
He advised that there are several agencies, of which NITA is included, in place to handle the investigations of cybercrime, and citizens should not hesitate to report such incidents to the Cyber Security Authority.
“Use Cyber Security to report any incident. They have a good response team who will handle it with all relevant agencies such as BOG, data protection, or NCA, depending on where the crime is being committed. They will investigate it and come out with the necessary penalty,” Mr. Okyere- Fosu said.
He, however, cautioned that cyber security was not only the responsibility of cyber security agencies but individuals also had a part to play in their safety online.
How you can help yourself
Kaspersky, which is an Internet security store and offers cyber security services, lists nine simple ways to protect yourself online. They are:
Update software and operating system frequently to be protected with the latest security offers for your computer.
Use anti-virus or a comprehensive internet security solution and ensure it is updated to prevent your computer from cyber attack.
Use strong passwords and do not record them anywhere
Do not open attachments in spam emails
Do not click on links in spam emails or untrusted or unfamiliar websites
Do not give personal data via electronic means such as phone or email unless the security of the means of communication has been established.
Contact companies about suspicious offers before indulging via their contact lines from their official websites.
Be cautious with clicking on unfamiliar URLs
Monitor your bank statements
Additionally, a Secure Life – an organisation that offers security services – gives some tips on how to identify a fake website by showing that:
The address bar matters. It reveals that the ‘s’ in https:// means ‘secure’ which further means that the website has encryption for data transfers and is protected from hackers. However, a website showing http:// without an s does not always mean it is a scam, except that it may not be as secure and users should be cautious entering personal data on such sites.
The domain name matters. Scammers like to imitate established brand domain sites by changing single alphabets therefore caution must be taken before navigating such sites.
The domain age matters. How long a website has been created can be checked to further confirm suspicions. This is helpful in confirming sites such as those maliciously created around school reopening dates to chance on scholarship offers. Whois Lookup domain is a tool helpful in assessing who a domain is registered to, its location, and how long it’s been in existence.
Other tips include watching for grammatical errors, identifying the provision of reliable contact information, the accessibility of using only secure online payment options, thinking through offers that are too good to be true, and running a virus scan on the site with the help of free resources such as IsitHacked?, VirusTotal, PhishTank, and FTC ScamAlerts.
As Mr. Okyere-Fosu advised, “Cybersecurity is also a personal responsibility. Ensure you take good care of your cybersecurity hygiene.”