• Home
• Columnist
• Videos
• Artist
  • Musicians
  • Actors
  • Comedians
• Notable Nigerians
• Legend Dies
• Articles
  • Nigeria Articles
• Photos
• Submit Article

Author: Jude Aririesike
Posted to the web: 7/22/2009 6:12:22 AM

Internet Crime Schemesthrough various methods steal millions of dollars each year from victims andthis ugly trend has continued to plague the Internet and its users.Regrettably, a large number of the world population relies enormously on theservices provided by this information superhighway to do several things. Nigeriahas most recently joined the fray especially in the use of various IT portals todo several online transactions. A good example is the recent widespread use ofdebit cards (ATM Cards) and the resulting identity thefts such as phishing andspoofing scams which gave rise to this piece.

Identity theft occurswhen someone appropriates another's personal information without his or herknowledge to commit theft or fraud. Identity theft is a vehicle forperpetrating other types of fraud schemes. Typically, the victim is led tobelieve they are divulging sensitive personal information for legitimatebusiness transactions.

The most recent form ofidentity theft that is prevalent in Nigeria is the use of Spoof /Phishing emails/websites to steal vital information of Interswitch card users. In thiscase, perpetrators send bulk email to unsuspecting card users requesting themto upgrade their card information.

For the uninitiated, Phishing is simply put the fraudulent process of attempting toacquire sensitive information such as usernames, passwords, Personal IdentificationNumber (PIN) and other card details by masquerading as a trustworthy company inan electronic communication.

Phishing istypically carried out by e-mail, text message(SMS) or instant messaging (yahoochat, hotmail chat etc), and it often directs users to enter details on a fakewebsites that are almost identical (or sometimes identical) to the legitimatecompany.

The email isdelivered to oneâ's inbox usually with the legitimate companyâ's email address(e.g. info@interswitchng.com). Please see sample email below. This is achievedby using a technique called spoofing .E-mail spoofing is a termused to describe fraudulent e-mail activity in which the sender address andother parts of the e-mail header are altered to appear as though the e-mailoriginated from a different source. This is achieved by changing certainproperties of the e-mail, such as the ‘From’, ‘Return-Path’ and ‘Reply-Tofields’ (which can be found in the message header), the fraudsters make thee-mail appear to be from someone other than the actual sender. The result isthat, although the e-mail appears to have originated from the address indicatedin the ‘From’ field (found in the e-mail headers) it actually comes from afraudulent source. This form of scam could be compared to forging the letterhead paper of another company.

From myanalysis, the email below is not from Interswitch Nigeria. But you will beamazed at what you see when you open the web link provided in the email.Interswitch website was almost neatly cloned in such a manner that theuninitiated will surely fall for it. I am wondering how many innocent victimsthat have fallen for it as I write. I amhopeful that Interswitch will be reading this piece. An email alert has alreadybeen sent to Interswitch Nigeria to urgently shut down this weblink: http://h1.ripway.com/in11/UpdatingyourInterSwitchngAccountOnline_.html. I have to also commend InterswitchNigeria for shutting down this spoof website: http://interswitch001.justfree.com/mukoro/update2009.htm. As the last time I checked, this site has been shut down. Kudos toInterswitch Nigeria! Keep up the good works and continue to bring your experiencein IT security to bear in online and IT enabled transactions.

 Sample of ScamMail

“ InterSwitch Debit/ATM Card CompulsoryOnline Re-Activation/Registration

InterSwitch NigeriaLimited <info@interswitch.com

 

Dear InterSwitch Customes,InterSwitch Nigeria Public Announcement .This message is sent from InterSwitch ATM CARD Banking Secure Server to verifyand secure your Online Banking service.Your access to ATM CARD banking has been suspended temporally for securityreasons by InterSwitch Nigeria.All information entered must be accurate and correct for your ATM CARD accessto be re-activated.You must activate and verify your ATM CARD Account to have access to all ATMMACHINEClick Here http://h1.ripway.com/in11/UpdatingyourInterSwitchngAccountOnline_.htmlThank you.InterSwitch® Nigeria Limited.”

 

The web linkabove is still running! Like I said earlier, it was “almost neatly” spoofed.Unfortunately, a thief will oftentimes leave a trail!

My observations :

This is the officialwebsite of Interswitch Nigeria: http://www.interswitchng.com/.The first thing you notice on this website is a FRAUD ALERT warning users ofInterswitch Nigeria products and services of this prevailing identity theft.When this alert is closed and you go to the main home page (index), the Site hasthree navigational bars on its front page: the first is “Interswitch & You”, the second is “Interswitch & your Business” and the third is “About Interswitch” in that orderreading from left to right. But in the spoofed site, the order above was re-arranged.“Interswitch & your Business” came first instead of “Interswitch &You” In the spoofed website, the “Interswitch& your Business” navigational link was in fact repeated; the first oneis not dynamic and does not point to any url while the second one points to alink cloned and redirected to the Interswitch original website. Quit splendidand ingenious, if you ask me! Give it to them these guys are smart.

 

When you click on the “Back”button on the browser, it takes you back to the spoofed site. In fact, that isthe page where the phishing scam is actually perpetrated. The page is neatlycloned to give the visitor the false impression that he/she is on the Interswitchwebsite. Secondly it also gives the false appearance of a secured server. Ipointed my cursor on the “key” symbol which usually suggests that the informationyou about to provide is being processed on secured and highly encrypted server.Unfortunately, again the key symbol is not dynamic and does point to any url.

 

Tips.

·       If you have responded to the email above and registered yourcard or think your card details may have been compromised in any way, contactyour bank immediately to either block your card or go to the nearest ATM tochange your PIN.

·       In the case of Interswitch ATM cards, it is advisable for you tochange your cards to the Interswitch Verve card. The Verve cards make use ofchip and pin with added security that will be very cumbersome for fraudsters toclone. It is highly advisable that you change your old card to the newlyintroduced Verve card.

·       In addition, it is recommended to use ATM Cash point in securedlocations.

·       Change your default password the first time you activate yourATM cards.

·       Destroy the small slip where your default password is writtenonce you have changed the default password.

·       Do not write your pin/password on your phones, diaries,notebooks etc. The best option is to memorize your pins/passwords.

·       When changing the default password ensure you use pins/passwordswhich can easily be remembered by you and accessible to you and nobody else.

·       Do not put all your eggs in one basket. Avoid carrying all yourcards in your wallet.

·       Report immediately to the bank or your service provider if yourwallet containing your Debit/Credit cards is stolen.

·       If you visit a cash point and you could not have access evenwhen you have inputted the right pin/password, it could mean that yourpin/password has been compromised. In this case you have to inform your bank assoon possible.

·       Ensure websites are secure prior to submitting your credit/debitcard details.

 

Sadly and quite honestly, I have toacknowledge the ingenuity of these guys. How, I wish they could channel their immenseintellectual endowments to other decent, legitimate purposes and endeavours.

During theresearch for my Book, “Cyber Fraudsters: The Menace In The Internet” (yet to bepublished) I had the unenviable privilege of talking to most of the guys whoperpetrate these kinds of cyber crimes. In fact, majority of their views andopinions boil down to the inability of the government to provide a level plainfield for them to grow and excel in their chosen endeavours.

This iswhere the government has to step in to addressing cyber and IT related crimes.This could be done by creation of massive jobs especially in IT related areasby both private and government driven initiatives. It is highly recommended forthe initiation of stake-holders forums that will be all embracing where the ITfraudsters will be provided with the leverage, impetus and security (“unconditionalamnesty”) to “renounce” their acts and embrace various decent and legitimatemeans of livelihood. We cannot afford to “siddon look” and wait for the “loomingmilitancy” in the internet.

Jude Aririesike is Cyber Fraud analyst and Public Relations/ManagementConsultant and writes from Abuja.

Website: http://www.naijabestofthebest.blogspot.com/

Email: judeaririesike@gmail.com