The modern cyber fraudster became deadlier during the Covid-19 pandemic, moving from saving money hidden in off-shore banks to storing it in cryptocurrency networks running on blockchain systems to which authorities cannot access.
The study, The Anatomy of the New Fraudster, published by technology company Banking Payments Context (BPC) shows that in addition to targeting corrupt employees, crooks are now targeting untrained staff to share the private data of top executives unknowingly and end up stealing billions of money, which is hidden in the form of cryptocurrency.
“Card fraud and in particular identity theft have become commonplace. Fraudsters are also using cryptocurrencies to purchase credit card data on the darkweb, data that has been stolen by phishing or hacking. “, reveals the study.
According to Nairobi-based Understanding the Blockchain author Benjamin Arunda, the ever-growing stature of data and digital currencies like Bitcoin and Ethereum in Kenya is the main motivation for online thugs to convert stolen money into crypto.
“Bitcoin wallets provide ‘semi-anonymity’ to natural or legal persons, so that they can hide funds in Bitcoin from the regulator’s radar. It is a very convenient way to launder money,” he said. he told Digital Business.
In February, German prosecutors confiscated more than 6 billion shillings of Bitcoin from a fraudster, but the police were unable to release the money because the man refused to give them the password.
In 2019, over 400 billion shillings were lost to crypto scams across the world, with Ponzi schemes being the main form of Bitcoin fraud where huge platforms such as PlusToken have attracted large sums of money. ‘silver.
In January, Rossen Iossifov, 53, owner of a Bulgarian Bitcoin exchange, was sentenced to prison in the United States for his role in a transnational multi-million dollar online auction fraud scheme that has defrauded people of over 700 million shillings.
Iossifov, who owned the RG Coins cryptocurrency exchange, was found guilty of knowingly and intentionally engaging in business practices designed to both help fraudsters launder the proceeds of their fraud and protect themselves from any fraud. criminal liability.
“Since the inception of cryptos in 2009, criminals have used blockchain technology to launder large sums of money to fund global crimes. With their identities hidden, it is difficult for regulatory and law enforcement authorities. money laundering to track their identity and sources, ”says Alice Anangi, managing director of Nairobi-based Zeden Technologies.
She adds that as long as regulators can associate blockchain technology with such illegal activities, it would be more productive for them to adopt the technology instead and use its distinct features such as transparency and transparency. steadfastness in the fight against cybercriminals.
Cardless ATM (CNP) payment transactions remain the prime target of fraudsters during the pandemic, for the simple reason that buyer and seller do not meet in person.
The anonymous nature of CNP payments, the survey notes, makes them much more vulnerable, leading to the unauthorized use of specific credit or debit card numbers, security codes, expiration dates and addresses. billing to purchase products and services through websites or e-commerce applications.
According to Frank Molla, Managing Director and Head of Sub-Saharan Africa at BPC, fraudsters are also posing as financial institutions.
“They even go so far as to replicate your bank’s website, which looks exactly like the real thing. They get huge chunks of data from Facebook and Google, which leads to identity theft,” he said. he told Digital Business.
And as millions of people continue to adapt to working from home, cyberattack gangs have designed even more sophisticated software using artificial intelligence, capable of doing business on behalf of a company, taking advantage of the various cybersecurity loopholes.
Many companies have abandoned traditional data storage methods and moved to the cloud. However, while backing up their data offline, other virtual machines have access to their confidential information.
These attacks come in the form of traps in the form of hashes of files, Internet Protocol links, zip files, runtime files, applications. Spear phishing, botnets, malware, ransomware, Dedicated Denial of Service (DDoS), and Advanced Persistent Threat (APT) have made the cybersecurity space complex for many businesses.
Transaction laundering, where one merchant aggregates payment transactions on behalf of another merchant’s website, without the acquiring merchant’s knowledge, is also on the rise.
With a February Mastercard study showing that 79% of Kenyan consumers have been shopping online since the start of the pandemic, cybercriminals are finding Kenya, a tech-savvy country with poor online security skills, an attractive target.
Instead of investing millions in cybersecurity plans that can thwart a real-time attack, local businesses, banks, saccos, and telecom operators have chosen not to undermine the ravages of a cyberattack gang, and ended up losing billions in the deal.
A 2019 survey of more than 150 Kenyan companies by technology consulting firm Serianu shows that 60% of companies surveyed did not have a real strategy in place to tackle cybercrime, while 84% did not. formal IT governance standards in their institutions.
The report also shows that 44% of companies only set aside 100,000 shillings or less as part of their annual cybersecurity budget.
36% of companies have invested between 100,000 and 500,000 shillings in cybersecurity, while only 6% have spent at least 1 million shillings.
“You will never hear reports of mass cyber hacking, but they happen every month, and the victimized businesses cover up the loss as it would result in customer distrust and loss of business,” Ms. Anangi says. .
Data from the Kenya Communications Authority (CA) shows that more than 56 million cyber threats were detected across the country in 2020, up from 37.1 million in 2019.
In 2017, Kenya’s digital economy lost 21.1 billion shillings to cybercrime, which rose 39.8 percent in 2018 to 29.5 billion shillings, according to the Pan-African cybersecurity consultancy Serianu.
“As the world continues its march towards the Fourth Industrial Revolution, banks and businesses operating in the digital sphere must remain vigilant and prepare for more attacks. The economic and reputational risks are simply too great to ignore, ”says Emmanuel Obinne, Head of Growth and Partnerships, BPC West Africa.