How current economy could increase cyber-fraud

0

Money is and has always been the driving force for a lot of people, with them saying “whatever problems money cannot fix, more money can”. And those with this mindset will go to great lengths to obtain it. However, in terms of length and motivation, how far is too far; and what is the true source of motivation and drive?

Motivation is ultimately influenced by pressures of the world. Pressure is a central component of the fraud triangle. The fraud triangle framework seeks to establish elements that come together for fraud to occur. It asserts that in the presence of opportunity, situational pressures and rationalisation, fraud is bound to happen. In the fraud triangle, opportunity is solely the responsibility of institutions’ management. Poor institutional governance and controls create the opportunity for fraud; but for fraud to occur, it depends on the pressure faced by the fraudster and their potential rationalisation.

It is believed that rationalisation for most criminals (including cyber-fraudsters) and victims of fraud schemes are related to unemployment, economic difficulties and poor incomes or compensations.

The government of Ghana is presently being faced with constant criticism from citizens because of the economy’s worsening performance and declining financial indicators. Government is currently relying on the International Monetary Fund (IMF) for a monetary policy programme, which underscores the severity of the nation’s economic problems. The current economic shocks are attributed to the COVID-19 pandemic, Russia’s war in the Ukraine and excessive borrowing, just to mention a few.

Ghana’s inflation, as assessed by a range of commodities and services, hit 33.9% in September 2022  – the highest level in two decades. Continuous rises in prices have obliged the Bank of Ghana to increase its policy rate from 14.5% in January 2022 to 24.5% in October, aiming to tame inflation. This has in turn caused commercial banks to raise their lending rate. In addition, the Ghana cedi has depreciated by unprecedented proportions against the US dollar since beginning of the year – making imports more expensive and adversely impacting prices of goods and services.

To compound our economic woes, rating agencies have downgraded the country’s sovereign risk rating to a negative outlook. This significantly limits government’s capability to borrow on the international capital markets to fund the budget.

It is worth stating that as prices of goods and services continue to rise, salaries, compensations and allowances of workers remain the same – and is therefore a reason for the public agitation and outcries.  As a result, there is the possibility for a rise in fraud cases due to the pressures arising from economic or financial recession. Businesses and individuals are likely to engage in corruption, misappropriation and financial fraud.

The Bank of Ghana’s fraud statistics for 2021 indicate a very alarming projection for fraud and cyber-fraud. A total of GH¢114million is the amount involved in fraud cases reported to the Bank of Ghana. About GH¢52million of the reported amount was recovered, while a little over GH¢61million was lost to fraud.

The increasing prevalence of affordable, powerful, portable and user-friendly digital devices and technologies have allowed many businesses and governments to automate their operations and create efficiencies. In the same way that individuals, governments and businesses rely on these systems, so do criminals.

Perpetrators will want to explore areas of opportunities to commit fraud and go unnoticed, and the Internet is certainly one of the most ideal options or mediums to propagate fraud or fraud-related activities. Just like every other type of fraud, the intent is to illegally gain and leverage an entity’s sensitive information for monetary gain.

Primarily, the major vectors used for perpetuating cyber-fraud include Phishing, Malware, Ransomware and Social Engineering. Actors can be internal: employees who know the inside workings of an organisation or are in a position of power or privilege, and therefore can leverage the knowledge or information to commit fraud under the rationalisation of economic pressure; or external: individuals outside an organisation or other business entities which use various forms of attack to gain unfair advantage or acquire information that they intend to leverage on for monetary gain.

Since the onset of COVID-19 and throughout the present economic crisis, phishing scams have been one of the most used vectors in propagating fraud. State security agencies have repeatedly issued warnings about fraudsters employing phishing to steal information, obtain access to bank accounts, and conduct unauthorised money transactions.

Malware is also one of the principal fraud vectors. These harmful programmes are utilised by cybercriminals to obtain unauthorised access, erase files and steal sensitive data, among other activities. Ransomware, a type of malware, is used by hostile actors or fraudsters to encrypt the data of victims and demand money to decrypt them. Due to the complexity and difficulty in its limitation and mitigation, ransomware poses a significant threat to most businesses.

Social engineering scams, the most prevalent of all cyber-fraud vectors, are used by cyber-fraudsters in manipulating individuals’ emotions to expose their personal information. Typically, a criminal begins these attacks by conducting research on their intended victim by using social media and general search queries to obtain information. Once they identify a victim’s needs or wants, they get in touch with the individual via social media or message (Smishing), email (Phishing) or phone (Vishing), offering a service. The fraudster attempts to gain the individual’s trust and convinces him/her to reveal sensitive information that grants them access to personal accounts.

Cyber-fraud, indubitably, will continue to increase as the country’s economy worsens and as more computers are connected worldwide – giving global access to computer criminals.

The Bank of Ghana has hinted at increasing sanctions on financial institutions that do not comply with directives and do not deploy measures to control fraud and cyber-fraud. This also applies to financial institutions which do not report fraud cases.

To protect against cyber-fraud and prevent attacks, businesses and individuals must first seek to gain understanding of the attack vectors and actors. A good step to start with is cybersecurity awareness training to gain understanding of how phishing, social engineering, malware and other attacks are perpetrated by cybercriminals. Businesses must also ensure they have the relevant information security policies in place – not just policies on paper but those that are properly integrated with business processes. Some other simple techniques are to:

  1. Constantly update software on devices to ensure digital assets have the most up-to-date security upgrades.
  2. Ensure that all the organisation’s devices are equipped with anti-virus and anti-malware software. Individuals using smartphones must ensure they install updates from manufacturers when they are made available – do not procrastinate.
  3. Use unique and separate passwords for all accounts. Avoid using easily-guessed passwords such as birthdates or names.
  4. Enable two-factor authentication to add an extra layer of protection, and
  5. Back-up data.

Motivation for committing fraud and cyber-fraud is ultimately influenced to a large extent by economic pressures. The current state of Ghana’s economy creates an enabling environment for cybercriminals to step up their game and commit more fraud.

Corporate managers must continue to implement fraud-prevention and detection processes and controls. While the corporate managers do their part, government must also work diligently to improve the existing economic conditions so, together, these measures will reduce cybersecurity threats.

Ben is the Chief Executive Officer of Cyberteq Falcon Ltd., and Daniel is a SOC/Digital Forensic Analyst at Cyberteq Falcon Ltd.

Leave a Reply