Spotting Forex Scams

Forex trading is one of the most prevalent financial activity the world over. It is easy to get into because anyone with a cell phone, computer, tablet, and minimum of $10 dollars can get started. It is available for trading daily. This explains why forex trading has been popular among young Nigerians in the last few years.

What is forex trading?

Forex market also referred to as foreign exchange (FX), is the world’s largest and most traded market with over $6 trillion traded daily according to the Bank for International Settlements.

Forex trading means buying and selling of currency pairs which implies that once you sell one currency, you also buy another currency at the same time. For example, EUR/USD, here you are buying the euro at the same time selling the US dollar with the intention that the euro will strengthen against the US dollar to make profit.

Forex trading involves predicting the actual rising and falling of currencies and leveraging from it. Exchange rates are not stable because of factors like Economic, political, and industrial events. These events help the trader to make decisions to buy or sell a currency. Forex traders try to predict if the exchange rate will rise or fall with the aim to buy a currency at a lower rate and resell it at a higher rate for profit making. It is normal for forex traders to hold on to a particular currency until it has risen for them to sell such currency.

Forex Trading is not centralized, and this means that there is no central location. Traders are scattered all over the world.

Types of Forex scams

Forex trading is legal however, it is a zero-sum game, meaning that one trader’s gain is another trader’s loss. Since large well-financed corporate institutions are better informed and direct a lot of the currency movements, the individual trader is always likely to lose. Furthermore, due to the steep learning curve required to master trading, fraudsters are always on hand to take advantage of newbie traders or those uninformed about the market looking to make quick cash. If you are interested in investing or trading in the forex markets, below are a few scams you need to be conversant with.

Pyramid schemes masquerading as Forex training academies. Fraudsters set up faux training academies where they claim to teach people how to trade forex. These “training academies” might teach the rudimentary aspects of trading currencies but they always have options to allow a “master trader” to trade on your behalf or pay money for referring others to register. It is the referral money paid instead of actual gains made trading currencies that make these academies pyramid schemes.

Get rich quick forex groups on social media. Scammers are aware of the situation of the economy and take advantage of that to introduce some juicy looking schemes just to defraud their victims. They use some social engineering techniques, advanced advertisement techniques stationed in different media platforms, including the internet, social media platforms such as Facebook, Instagram, and Twitter to lure victims. They advertise for high returns with images of luxurious items such as expensive cars, houses, and jewelry. They claim to guarantee fictitious high profits, promising little or no financial risks. They promise unrealistic profits on any investments made and in a short period.

Automated trading and signal sellers. These are the most advanced and rapidly growing scams in the forex industry. Fraudsters often claim to sell legitimate automatic trading systems which are supposed to guarantee automatic trades every hour of the day, 7 days in a week. They promise that these automated systems can trade even when the trader is attending to other things. These systems are purportedly guaranteed to earn investors profits irrespective of the market situation. Another ploy fraudsters use is to offer “signals” which are illegitimate manual or automated systems that they claim can identify favorable times for buying and selling a currency pair. These signals supposedly rely on technical analyses, professional forecast, current news, or the combination of the three. They then charge a daily, weekly, or monthly fee for their services. Obviously, these signals do not help the trader make any money and if it were possible to use these methods to predict the market, no one with this information would make it widely available, given its competitive advantage.

Unscrupulous Brokers. These are online forex brokers that use various sharp practices to defraud traders of their funds. Top of these are churning trader’s accounts that results in excessive trading to get commissions and having built in systems that makes the trader’s lose money.

Red flags about a forex investment opportunity

  • The biggest red flag an indicator that an offer is a forex scam is the promise of guaranteed returns with little or no risk
  • Persons or groups that promise to make you a lot of money within a brief period of time.
  • Legitimate forex brokers/traders will not pressure you to join them. If you are being pressured into investing, it is probably a scam.
  • If you are told to just invest and do nothing else, that is a big red flag. Scammers are fond of telling their victims that all the need to be rich is by investing without doing anything else.
  • Fake bonuses and promotions. Fraudsters often promise bonuses and promotion for investing with them.
  • Forex Brokers operating from country, territory or state which maintains a system of financial secrecy and little or no financial regulation

Conclusion

Forex trading is not as easy and straight forward as it might seem. Before you decide to trade or invest in forex, get a considerable knowledge in forex trading. Also, before choosing a forex broker, there must be proper background check and due diligence to determine the legitimacy of such broker, past records, and history. Avoid brokers who are not willing to provide complete information of their trading practices and history. Always remember, since the risk of loss is high you should only put in funds you can afford to lose.

Contributors

  • Iheanacho Obinna
  • Emmanuel Akinyemi
  • Uduakobong Innocent Okon

Is Zeniq legit or a scam?

We recently found Zeniq being promoted on several online forums, so our Intel team decided to look at it. On their website zeniq.com, Zeniq claims to be a “Blockchain ecosystem for finance and investments.” In essence, the Zeniq platform will supposedly allow you to exchange cryptocurrencies and to invest in different projects. In their FAQ section, they say: Everyone who has purchased the ZENIQ “HUB 01” will get the minting option to produce ZENIQ Coins. The earlier you buy your ZENIQ “HUB 01”, the earlier you start minting and therefore you get more ZENIQ Coins. The minting option does not apply to the ZENIQ HUB “02”.

To invest in this project the investor must buy the Zeniq Hub to mint Zeniq coins. So, when the coin appreciates in value the investor can then sell it or exchange it for another cryptocurrency and make money.

Appriasal of Zeniq

We begin the appraisal of Zeniq with the most critical factor, the Zeniq Coin. The Zeniq websites clearly states that the Zeniq Coin runs on the Zeniq Blockchain.

But all we found listed on their website is an address to an ERC 20 token in the Ethereum blockchain, and not the Zeniq Blockchain. So where is the Zeniq blockchain? The explanation given by Zeniq is this: The ZENIQ coin is on its own blockchain, but since it is not (yet) listed on other exchanges, we have wrapped the ZENIQ coin and made it an ERC20 token (https://etherscan.io/token/0x5b52bfb8062ce664d74bbcd4cd6dc7df53fd7233) so it can be traded on Uniswap (https://info.uniswap.org/#/tokens/0x5b52bfb8062ce664d74bbcd4cd6dc7df53fd7233), for example. As soon as the ZENIQ exchange is ready, the ZENIQ coin can be traded on it. If ZENIQ is listed directly on an external exchange, it can be traded earlier.

Since Zeniq claims that ” The ZENIQ coin is on its own blockchain,” we simply ask where is this blockchain? Where is the code? Bitcoin and Ethereum all have their code base publicly published where anyone can read it and check that it is what its founders claim it to be. Simply saying that Zeniq has its own blockchain is not enough, for all we know the Zeniq blockchain might be a pie in the sky.

Also, we noticed there is no whitepaper on the Zeniq website. A whitepaper is a document that lays out the background, goals, strategy, concerns, and timeline for implementation for the project. It should have accompanying resources such as financial models, legal concerns, SWOT analysis, and a roadmap for implementation. All we have on the Zeniq website is a list of milestones. This is a huge red flag.

The next thing we looked at was the company location and its license status. Zeniq claims in its website to be a “Limited Liability Company in DIFC Freezone.” This is true but looking at the details of the company on the DIFC website we found two red flags. The date of incorporation is listed as 24th May 2021 and the type of license is listed as Non Regulated.

non-regulated license simply means that the business is not regulated. Such licenses are given to firms providing non-financial goods and services, for example, consultancy services. Looking at the company overview we see consultancy services is listed.

Notice that its stated business activities have nothing to do with providing financial services, which is in line with the type of license given, but this is in variance with what Zeniq claims on its website.

The next red flag is the date of incorporation. The timeline on Zeniq website shows the Official Sale of the ZENIQ Hub as far back as August 2020.

Since the incorporation date is 24th May 2021, it means Zeniq was running an unlicensed and unregistered scheme for close to 9 months while making its customers and the public think otherwise.

A last point of concern is its CEO, Erwin Dokter. A search on the internet showed him as the CEO of another crypto project called JUWELIS Digital Systems AG.

A perusal of a past version of the website shows it has the same crypto services and offerings as Zeniq. For instance, below is a comparison of the fifth question of the FAQ from Juwelis Digital to that of Zeniq. Notice that both are identical.

Currently, the Juwelis Digital website is showing a coming soon banner, the above screenshots were from an earlier version of the website from the Internet archive’s way back machine.

From the foregoing, we can infer that Juwelis Digital was the first scheme propagated by Erwin Dokter, after it flopped, he quickly rebranded it to Zeniq. The is indeed a huge red flag for who is to say Zeniq will not become inactive tomorrow and when the dust settles gets rebranded as something else?

Putting it all together, we have a project with no whitepaper and blockchain, it started operation before it was incorporated, its license says it is unregulated and it is a copy of a past failed crypto project. Due to the afore mentioned reasons, we recommend that you do not put your money into Zeniq.

Avoiding Scholarship Scams

These are scams that target those seeking assistance with regard to higher education. Scholarship scammers set up agencies that claim to “specialize” in getting prospective students full or partial financial aid. Scammers use a variety of means to seek out their targets, from in-person seminars to targeted social media posts and advertisements. Such scammers use a variety of methods to fleece their victims, here are a few:

Scholarship Search Service. In this method, scammers promise to find the best-fit scholarship for a fee and if they do not, you are guaranteed a refund. But as soon as they receive the fee, they disappear. In other cases, they might send you a bogus list of matching scholarships, but their policy is stated in such a way that no one can get a refund.

Non-Existent Scholarships. Scammers will claim to have found a scholarship for you, but you need to send some money for application or processing. But, the scholarship does not exist, and in the end, they might claim that the scholarship was later canceled, or you did not qualify.

Financial Aid Lotteries. In essence, this is what these types of scholarships scams are, though the scammers never make this known. How this scam works is that the scammers through their dubious agency will advertise a scholarship of $2000. The take application and processing fees of $50 from say, one thousand applicants. The scammers would make $50,000 and give the scholarship to three candidates making a net profit of $44,000. The odds of winning in this scenario are like winning in a lottery.

The Scholarship Prize. You get an email or a message saying you have won a scholarship or have been approved for an educational grant. Of course, the catch here is you need to pay disbursement or redemption fees.

The Seminar Scam. Most legitimate scholarships do not require you to attend any physical event to apply in contrast to seminar scams which asks that you attend a seminar or information session. In the seminar you will receive a sales pitch from a trained sales consultant on why you need to pay for their service to take advantage of the scholarship opportunity they are presenting. Their aim is to take advantage of you.

Steps for Protection

  • Never pay money to apply or receive a scholarship. If you are being asked to pay for application or processing fees, know that you are dealing with a scam.
  • Never give out financial information like card and account numbers, if you are being asked for this, you are dealing with a scam.
  • If you have been invited to a scholarship seminar, make sure you do a thorough investigation about the agency or organization. Also, never pay money for anything at the venue of the seminar.
  • Keep track of the scholarships you have applied for, and if you receive a message that you have been selected for a scholarship you did not apply for, do not respond.
  • Scholarships are not hidden; with a little effort you can find out all the information you need on your own. This is better than letting agents or agencies handle things for you as they might turn out to be a scam.
  • Legitimate scholarships have eligibility criteria, any scholarship that is all encompassing with little, or no requirements is a scam.

To find out more about other types of scams and the ways you can protect yourself and your loved ones, read our book of scams.

Escaping Social Media Scams

Social media scams are scams that use a particular social media platform to defraud the users of that platform. Due to the almost universal use of social media, scammers have found it a helpful tool for scouting potential victims and for the propagation of their frauds. Also, scammers often use social media as the originating point for their schemes, this is done by paying for catchy ads and embedding them with links to the fraudulent schemes. Below are some common scams you are likely to come across on social media.

Money flipping scams from hijacked accounts. The scam starts with a scammer hijacking someone’s account. Once the account is under the full control of the scammer, the scammer does a post tagging most the friends of the hijacked account. The post is often about an investment such as forex or cryptocurrency that yields double of the capital invested.

Romance Scammers. Asides dating sites, social media is another tool for romance scammers. They create legitimate looking profiles to defraud those looking for love or relationships.

Influencer scam. Influencers are those on social media with a large following. Unfortunately, some of these individuals resort to less than worthy practices to monetize their followership. Influences have been caught promoting Ponzi scams and absconding with funds after asking their followers to invest in a business scheme.

Fake celebrity scam. A scammer impersonates a celebrity and does a post announcing a giveaway. The supposed “winners” are then contacted to redeem their prizes by paying a delivery fee for the item and supplying other information. Once the delivery fee is paid, the scammer blocks the victims, in some cases they sell the information pf the victims to other scammers. Another variant of this is when a scammer uses a fake celebrity profile to promote a Ponzi or investment fraud.

Fake Vendor scam. Scammers pose as vendors or service providers, once victims pay money for goods or services, they are blocked. Another variant of this is when a scammer impersonates a vendor or business on social media. Using the same logos and pictures as the legitimate vendors, they are able to defraud those who do a search on social media and land on the fake accounts.

Auction scams. Scammers impersonate government agencies and put-up posts about goods to be auctioned. A favorite for scammers is impersonating officers of the Nigeria Customs service. Often, you will come across profiles of Customs officials with posts about cars to be auctioned at prices way below their market value.

Steps For Protection

  • Regularly check and update the privacy settings of your social media account. Limit who can see your posts, pictures and the information displayed on your profile.
  • Be careful what you post about yourself and your activities, do not share personal information on social media.
  • Do not accept friend requests from people you do not know or have not met in person.
  • Use a strong password and set up two factor authentication.
  • Do not partake in social media challenges and quizzes, especially those that ask questions that are personal.
  • Always do a search using the profile or page name of the company on social media. If you see multiple accounts do not go ahead till you can figure out which, if any are genuine. Note that cybercriminals also seek out businesses that do not have a social media presence to impersonate, hence seeing only one account does not mean that it is genuine.
  • Always confirm the social media handles of a business or organization which you intend to interact with via its website.
  • Be wary of Investment offers being promoted on social media. Do not invest till you have sought advice from competent and certified investment professionals.

For more information on scams, download the NGFM Book of Scams.

Is 1global.com.ng a Scam or Legit?

1global.com.ng is a website that claims to be an auction and bidding website where you can win and purchase some of your favorite authentic items. The site is getting attention in various online forums. Therefore, we decided to do a comprehensive analysis, below are our findings.

Website Information

Official Domain

1global.com.ng

Registered on

2021-03-26 (valid for 1 year only)

Location

Nigeria

Alexa Rank

113,435

Registrar

WhoGohost

Red Flags

On its FAQ page it says “At 1Global, we have met the legal requirements provided by the Certified Institute of Auctioneers, Nigerian and the National Lottery board, so there’s no mago-mago over here.

A visit to the National Lottery Regulatory Commission’s website shows no record of 1Global, you can view the list here.

Another red flag is the FSAVER Account. Nothing about this is stated in the website’s FAQs, but there is a link to it in the site menu. Once you sign up on the website, you have access to the FSAVER account and welcomed with this message: “Put Your Money to Work
Invest for your projects, your child’s education, pilgrimage, or any other investment goal, and stay in line with your values. Experience an Easy and Quick FSAVER Account – Grow Your Money with 1Global, Withdraw your interest in few minutes.:

The FSAVER mini claims to pay an interest of 1% per day while the FSAVER Market offers a daily interest of 1% daily or 20% monthly. Comparing this with prevalent market rates and economic realities this is extremely high.

Considering that 1Global claims to be an auction/bidding website and falsely states that it has government approval to operate, and then is running an illegal high investment scheme, it is a scam.

Who is behind 1Global?

1Global has no office address, phone number or email on its contact page. Also, there is nowhere on the website where it lists the operators of this scheme, this is typical of scam websites. Looking at the source code of the website, we found that the site was built off another website called kobobid.com, which is another bidding website.

Conclusion

We recommend you avoid 1global.com.ng as this website has all the markings of a fraud.

Defending Against Ransomware: Strategies for Individuals

Imagine handing over the keys to your house to a stranger, mistaking him for family or a friend. Now this stranger has carted some of your belongings away, and as if it is not bad enough already, he also locked you out of some rooms ‘in your house.’ He insists that the only way you can regain access to your rooms and your belonging is by paying him. Tragic, right? This in practice, is what ransomwares are. They sneak into your system in the guise of relevant mails or files and manifest by making your files unavailable to you. They do this by encrypting these files and demanding a ransom so they can send you the decryption instruction. According to Cybersecurity Ventures, the cumulative costs of damage resulting from ransomware attacks doubled from an estimated $11.5 billion in 2019 to $20 billion in 2020The problem does not get any more pronounced than that. 

The focus of this article is to consider the full range and extent of this problem from an ‘individual’ perspective, recommend preventions and see if there is any remedy for affected persons. 

RANSOMWARE STRAINS 

There are many strains of ransomware. This is testament to the resourcefulness and determination of these actors. As new ransomware variants arise regularly, it can be challenging to keep track of all the strains. But while each of these strains are different, they are fundamentally the same in the damage they inflict. 

Some of the most popular ransomware strains include Bad Rabbit, Cryptolocker, GoldenEye, Jigsaw, Locky, Maze, NotPetya, Petya, Ryuk and WannaCry. Their range of sophistication varies and while a sizable number of them may rely on social engineering tools to trick users into relinquishing access, some like the NotPetya variant are more aggressive and would simply exploit chinks in the user’s security architecture. The implication of this is that they do not rely on trickery to affect their host. Sophisticated people can be victims too. 

RANSOMWARE INFECTION VECTORS (CARRIERS) 

How is Ransomware transported? What or who are the possible carriers? 

Phishing Emails 

Phishing rose in the fourth quarter of 2020 as the most used ransomware attack vector. Using links, attachments, or both, an email phishing attack looks to trick users into taking some sort of action. Phishing emails containing links may appear to come from a known contact asking a user to enter credentials for a bogus purpose. Those credentials are then stolen and used to access key systems on which ransomware can be installed. Other tactics include asking the user to click on a fake attachment, after which ransomware begins to automatically download. 

Websites Serving Pirated Content 

Ransomware can come bundled with pirated content downloaded from the Internet. As many people source their software, movies and music from pirate websites, Ransomware authors have been known to upload such files embedded with the malware. Once the file is downloaded and opened the payload is executed.  

Compromised Websites 

Websites with poor security such as those running outdated plugins or having multiple bugs and vulnerabilities can be compromised by Ransomware authors who then proceed to implant their malicious code within. These websites then serve the malware directly via drive-by-downloads or may redirect to another malicious website hosting an exploit kit. 

Malvertising 

This term denotes malicious advertising which occurs when malware actors use legitimate online advertising services to spread malware by injecting malicious code into ads and web pages. Some Ransomware authors have resorted to this using this method to spread their malware.  

SYMPTOMS OF RANSOMWARE 

  • Missing files 
  • Slowed computer operation 
  • Unable to open files
  • File name extensions changed
  • Increased system crashes 
  • A message on your desktop directing you on how to pay to unlock your files 

PREVENTION STRATEGIES-WHAT TO DO TO AVOID BECOMING INFECTED 

Multibillion dollar companies and indeed high network individuals are really concerned about this plague, and rightly so. But the myth that ransomware attacks are exclusive to the rich and powerful is false. Common individuals have been victims to extortions and blackmails aided and abated by the malignant ransomware. The greatest approach then, to avoid being a victim of ransomware is to avoid becoming one in the first place. To that end, here are eight (8) things you can do to protect yourself from ransomware. 

  1. Be Cautious 

Avoid opening any attachments that appears to be suspicious. This is true of all messages, not just those sent by strangers. It also applies to senders whom you assume to be your friends. Phishing emails can appear to be from a financial institution, delivery service, a law enforcement agency, or an e-commerce site. 

  1. Be Deliberate 

Before you click, think twice. Nefarious hyperlinks can be sent through social media and instant messaging. Fraudsters frequently hijack people’s account and proceed to send out malicious links to their whole contacts. This explains why a malicious link can come from someone you know and trust. If you receive a link without enough explanation as to its relevance, DON’T CLICK ON IT. Reach out instead to the sender to get more insight about the link they sent. 

  1. Take Privacy Seriously 

Give out as little personal information as possible. If malicious actors want to send you a phishing email embedded with ransomware, they will need to collect your information from somewhere. Sure, they may procure it via data breaches traded on the dark web. But being less private means they can simply obtain it by sifting through your social media profiles utilizing Open-source intelligence (OSINT) techniques. It is critical not to divulge more private details than is necessary online. 

  1. Apply Patches 

Keep your software up to date by patching it. To guarantee that you have fewer vulnerabilities that can be exploited, keep your operating system patched and up to date. Those notifications informing us of the latest updates available can be annoying, but they are critical to our continuous safety from malware. 

  1. Use Strong and Unique Passwords 

Malicious actors may brute force their way into a system or account if the password is weak. They can then use that access to carry out attacks or move throughout the network to spread ransomware. As a result, for all accounts, you should use and ensure strong, unique passwords. 

  1. Do not Use Strange Media 

It is one thing for bad actors to break into a company’s supply chain and distribute trojanized material. It is another thing to connect a strange device to your PC. You never know what is on someone else’s USB device or CD. As a result, you should only use these types of media if they have been obtained from a reliable source. File sharing should be cloud based to reduce the risks of exposure. 

  1. Block pop-ups with a browser add-on. 

Malicious actors use pop-ups as a typical entry point to initiate ransomware assaults. Installing browser add-ons to halt pop-ups in their tracks is therefore a promising idea. 

  1. Create and Defend Backups 

As having a clean copy of your data is required for data recovery, having a robust and comprehensive backup system is critical. Your data losses can be reduced if you create intra-day snapshots in addition to full end-of-day backups. Because some ransomware searches for and encrypts external backup devices, keep backup drives offline or backup to the cloud to preserve these critical copies. 

Backups will not stop an attack but can make damage caused by one less significant. 

RESPONSE STRATEGIES-WHAT TO DO IF YOU BECOME INFECTED. 

If your device is showing signs of a ransomware infestation, here are the steps you should take: 

  1. Restore from a backup 

Once you determine you have been hit with a ransomware attack, wipe your device clean and restore from a backup. 

  1. Determine the strain and look for a decryption tool 

If you do not have a backup or snapshot of your operating system, settings, and files the next step is to determine the type of ransomware that has encrypted your files. Knowing the type of ransomware will aid in searching for a decryption tool online. To determine this, upload a sample infected file to the following services: 

  1. Once you have identified the type of ransomware that has encrypted your files, you can search for decryption tool on the following websites
  1. Remove Ransomware from Device 

If you cannot find a decryption tool and you are certain you do not want to pay the ransom, and you are okay with losing your files, then take the following steps: 

  • Reboot your computer to safe mode 
  • Install antimalware software 
  • Scan the system to find and remove the ransomware program 
  1. Pay the ransom 

This step is not recommended but should you choose to proceed, note that according to Bleeping computer, half of those who paid ransomware actors never got their data back. 

CONCLUSION

According to statistics from the FBI (Federal Bureau of Investigation), “since 2016, more than 4000 ransomware attacks happen daily” and “1 in every 4000 emails contain malwares previously unknown to security experts”. The scale of the ransomware problem is near cataclysmic. 

There has been conjectures by optimists, stating that due to the spike in the value of Bitcoin and other crypto currencies, ransomware attack tend to be declining given the shift in interest by actors. This is logical but should not mean we can now sit on our oars. If there is indeed any correlation between ransomware attacks and bitcoin value, then it can be assumed that the problem, though relaxed, is not completely over. The prices of crypto currency is volatile hence the uncertainty. 

The best way to stay safe is by being aware of the problem, acknowledging it and actively working to prevent it. NoGoFallMaga 

Contributors:

  • Chibuike G. Offor
  • Solakunmi J. Oyedele
  • Subomi C. Lawson
  • Oyelakin Timilehin Valentina

E-commerce Scams: How to Avoid Being a Victim

E-commerce scams are those scams perpetrated on online marketplaces or online buying and selling platforms. The essence of these scams is to lure the unsuspecting to part with their money either through theft of card information or the purchase of substandard/non-existent goods and services. E-commerce scammers have numerous methods to achieve their goals, below are the most common.

The use of fake websites. The rise of various e-commerce website builders such as Shopify, woo-commerce, Wix, and Magento has made this option more appealing for scammers as they can easily set up e-commerce stores with little or no technical knowledge. Once the website has been set up, the scammer will either put up pictures of non-existent goods or goods with a reduced market price. With regards to the former, the aim of the scammer is to get people to make purchases for goods they will never receive. With regards to the latter, putting up goods with a reduced marker price will drive traffic to the site as would-be buyers search for a bargain. Then their card details will be harvested at the point of purchase.

The use of hacked websites. In this scenario, scammers seek out an e-commerce store and compromise it. This can be done through social engineering an admin to get their login credentials or implanting malware on the admin’s device to harvest such credentials. Once they have access to the website they implant a code on the checkout pages that would harvest card credentials as they are entered. Neither the website admins nor the customers know what had happened.

Account takeover. This occurs on e-commerce websites that have poor security. In this scenario, a scammer takes over a user’s account on an e-commerce store. Since there is poor security, the scammer can use the user’s accounts to order goods after they have changed the delivery address. Once the scammers received the goods, they sell them and obtain the monetary value.

Steps for Protection

  • Shop From Only Reputable Marketplaces and Retailers. If you see a deal or offer and the online store is unknown, it might be best to avoid such because cybercriminals have been known to set up fake online stores to hoodwink unsuspecting people. Naturally, any online store in which you want to make a purchase should have a good reputation and should be well known. Always do some research on the store and item and if you want to make a purchase.
  • Do not store store your card details on any website. If you are not buying anything, don’t submit your card details.
  • Check that the site you are buying from is secured, that is, check for a locked keypad icon on your browser or that the URL begins with https://
  • When buying from an e-commerce platform, if possible, opt for cash payment upon delivery.
  • Practice Good Cyber Hygiene. Use strong and unique passwords for all your accounts, this can be easily done if you’re using a password manager. You should also consider using a virtual card in which you can fund with only the amount needed for the items you wish to buy. Finally, make sure multi-factor authentication is enabled across all your online accounts.
  • Monitor Your Bank Accounts. Make sure alerts are enabled and functional on all your accounts. Also, make sure you have the contact numbers or email of your bank’s customer support in case you need to reach them.

In conclusion, E-commerce frauds are pervasive because of the popularity of E-commerce. As the technology to edge out Cyber fraud develops, so does the technology to create new scams. Therefore, to protect yourself from Cyber fraud, one must remain vigilant and do everything possible to prevent it from happening or minimize its effect if it does happen.

Contributors:

  • Oluwaseun Adio
  • Akim Emmanuel
  • Blessing Oyekan Mariam

EazyMobile (eazymobile.ng): An Appraisal

eazymobile.ng is an online platform that claims to “offers economical payment of Utility Bills, Airtime To Cash, Data Purchase, Money Transfer, Airtime Top-up, Buying And Selling Of Bitcoin, Investment Plan, and all Telecom needs, either on a recurring or one-time basis.” Of all the previous services listed, the “Investment plan was what caught our attention. A section on their homepage showcasing their services also has a blurb about their investment service.

Information concerning their investment plan was not readily available on their website, so we decided to check out their social media handle to see if anything of interest could be found there. Out of the four social media links listed on their website, non was functional except the link to their Twitter handle. A perusal of their Twitter account shows it was a personal account before being converted to several business accounts. A Tweet from 2018 shows it was called Ogojesu Modest Data with the numbers 08110391505 and 08166327382 listed.

Later on, in 2019 we find flies of EazyMoble and in 2020 a Tweet about “Eazy Global Solution.”

A search of Eazy Global Solutions on Facebook led to their Facebook page where we found a flier of their investment proposition.

They were offering a 10% return on investment for every 25 days which translates to 146% per annum. This is an outrageous figure, especially when compared to prevailing market rates and the CBN monetary rate which is 11.5% per annum. Looking at the flier, we see the company registration number listed as RC 3062123. A search for the company name on the Corporate Affairs Commission’s website shows that the Number 3062123 is a registered business name and not an incorporated company.

The search also revealed that the company upgraded its status to an incorporated entity on the 18th of August 2021.

So from April 2, 2020, when the flier was posted till August 18, 2020, Eazy Global Solutions has been running an investment scheme with just a Business Name. This means they carried on without any form of regulatory compliance or oversight. Also, on the flier, we again see the number 08166327382, first seen on the flier from their Twitter post. A google search shows this number on a pdf document on another website ogdams.com

Perusing ogdams.com we see that it is a replica of eazymobile.ng and both are offering the same services.

From the foregoing, it is safe to say that both websites are being run by the same entity or the owners of both websites know each other and have some sort of relationship.

Putting it all together, given that Eazy Global Solutions just recently got incorporated and shows no evidence of regulatory approval from the Securities and Exchange Commission, and ran their investment scheme for more than a year with just a business name, we warn all to stay clear of their investment package. Another thing worthy of note is to be wary of businesses that offer investment schemes as one of their service packages. They might be using their other authentic businesses to confer legitimacy on an otherwise fraudulent investment scheme. Do not be swayed by huge returns on investments and always do your due diligence.

Avoiding Charity Scams: A Brief Guide

Most humans want to do good for a plethora of reasons. Some are for altruistic reasons while some are for more cynical reasons. But whatever their reasons may be, this automatically makes them potential victims of ‘Charity scams’.

Charity scams are schemes devised to deprive unsuspecting people of their funds by preying on their benevolence. This can take many forms but mostly through scammers pretending to be legitimate charities. In such instances, they pretend to solicit funds for victims of a recent disaster, veterans from the military, orphanages, or people with serious medical conditions.

Charity scammers use every available means to approach their victims, they can approach in person, via e-mail, telephone, SMS, and social messaging applications. They use logos and images of real charities and victims or create fakes using image editing applications like Photoshop. Unfortunately, most charity scams go unreported because the victims committed sums they consider expendable. This sustained precedence seems to encourage its occurrence.

How to Recognize a Charity Scam

Here are some ways to determine if that call, e-mail, SMS, social media post/message or pitch is legit.

  • Fake Charities are not registered: A reputable charity organization should be registered with the government. To know if a charity is registered, you can look them up from the CAC name search portalthe portal gives details about an organization’s registration date, branch address, and contact information.
  • They use pressure and urgency: Reputable and legitimate Charities do not pressure people into donating no matter how urgent a situation may be. In contrast, scammers treat ‘donations’ as a matter of urgency, pressuring you into making donations. They employ emotional blackmail, aggressively pushing victims’ stories with the aim of manipulating the donors.
  • They accept donations through channels that aid anonymity: Given the unprecedented proliferation of payment technologies, scammers now employ alternative channels of payment, especially those that protect the identity of the receivers. These may include Cryptocurrencies, Gift Cards, and Wire Transfers that are untraceable, so you should watch out for this. Legitimate charity organizations will always accept a variety of payments method including traditional methods that provide an audit trail.
  • They spam you with messages: Fake charities spam people with messages or links for donation. Legitimate charities do not do this, instead they usually have a webpage with clear information on how to donate and where.

Steps for protection

  • Verify their “good works”: Don’t be swayed by responses such as “we take care of the needy” or “we support widows and orphans,” without actions these are empty words. Seek out concrete proof that the are actually involved in the work they claim with verifiable results. For instance, If they claim to take care of orphans, find out where their orphanage is, how long they’ve been involved in the work and the difference it has made in the lives of the children.
  • Do some checks on their website: Scammers can clone a charity organization’s website and content. They then slightly alter the domain name (For example, www.nogofallmaga.org can be misspelled as www.nogofalmaga.org). How can you be vigilant and not fall for this? You can do so by using these online tools to check if a website is a clone and if the content of the website is used elsewhere; CopyScapeSiteLinerPlagSpotter. You can also make use of reverse image search to check if images on the website are being used on other sites.
  • Verify Crowdsourced or social media appeals: Before you give out money for a gofundme or social media appeal for assistance, make sure you can verify the situation is true or that you personally know the person soliciting for funds. If you can’t then you should consider not giving no matter how tragic the situation may be.
  • Approach the charity yourself: Always approach the charity organizations you are willing to make a donation or offer support. Do not rely only on a phone number, contact or website address given by the person who first called, visited or emailed you because they could be impersonating a legitimate charity.  

In conclusion, always do your due diligence, and do not let the antics of charity scammers dampen your drive for giving, for there is great value in helping others.

Contributors:

  • Chibuike Gabriel Offor
  • Awoyomi Muyiwa Anthony
  • Emmanuel Beyoma

Brand Impersonation on Social Media: A Safety Guide

With the ever-increasing surge in digital engagement through the instrumentality of social media, individuals, small businesses, and organizations are investing heavily in growing their digital footprint as a way to drive brand awareness and generate revenue. On the flip side, scammers and internet fraudsters in furtherance of their scrupulous intentions, are exerting considerable effort to exploit the brand reputation established by these organizations through brand impersonation in a bid to achieve their fraudulent ends.

What is Brand Impersonation

Brand Impersonation is an attack that impersonates a trusted brand using the name, image, or other identifying elements of the brand to trick victims into divulging sensitive or personal information for fraudulent purposes. In this article, our central focus is to discuss brand impersonation on social media through look-alike accounts and to furnish some safety precautions individuals and organizations can take to prevent these impersonation attacks as well remedial measures to mitigate the effects of the attacks when they occur.

Brand Impersonation Attacks on Social Media

Social media impersonation occurs when a page is made to look or appear as though it is the legitimate social media page for an organization or business. Three common use cases are for phishing, collecting sensitive information, and for sending funds to a fraudulent account.

Phishing: Attackers use social media phishing to harvest personal or financial information. To achieve this, an attacker may post a deceptive and irresistible phishing link such that upon clicking the unsuspecting user is routed through a series of screens and spoofed webpages where the attacker would harvest the victim’s important identifying information including sensitive data such as his/her financial data. Also, links can lead to web pages that automatically install malware on the victim’s device that does the same thing.

Collecting sensitive information: Attackers can pose as customer service representatives and elicit sensitive information such as pin and card numbers with a view to defrauding the victim.

Sending funds to a fraudulent account: If the brand is into selling goods and services, the attackers can pose as sales representatives with a view to getting the victim to make a transfer to a transit account where the funds are immediately withdrawn or sent somewhere else.

Preventive/Remedial measure

For Individuals:

  • Always do a search using the profile or page name of the company on social media. If you see multiple accounts do not proceed till you can determine which if any are genuine. Note that cybercriminals also seek out businesses that do not have a social media presence to impersonate, hence seeing only one account does not mean that it is genuine.
  • Rather than trust what you see on social media, use a search engine to determine the website of the company or vendor, then navigate to their social media handles using the links listed on their website.
  • Look for historical information related to the account. Twitter lists when the account joined on the accounts profile, use page transparency for Facebook to see when the account was opened, and use name history for Instagram. An account that has been recently opened or has changed its name numerous times is more likely to be a scam.
  • Be wary of paying money into personal accounts. Of course not all businesses or vendors will be able to have a company account, but established businesses or vendors should have company accounts. If you find that the business or vendor is big or well established then a request to pay into a personal account is a sign that you might be dealing with scammers.
  • Always do a internet search with the business name and phone numbers given with words such as “scam” or “fraud.” Use search engines, search on various social media and forums like nairaland.
  • It’s always safer to make a purchase from a business or vendor who you know someone has used and comes highly recommended.

For Businesses/Organizations:

  • Have dedicated reporting channels, either through phone, email, SMS and social media where customers can report scam issues.
  • Have in-house or outsourced personnel to monitor social media for conversations around your brand and to seek our impostor accounts.
  • Apply to have your social media accounts verified. Top social media websites like Facebook, Instagram, Twitter etc.; allow brands, business organizations to apply for a verification badge. This should allow your customers know which accounts they should trust and identify/authenticate business accounts and advertisements.
  • Carryout periodic security awareness campaigns in which customers are educated about the latest scams and preventive measures.
  • For big organizations, consider investing in AI-based advanced brand protection solutions.

In conclusion, Social media/online impersonation scams are dynamic in nature and an ever-increasing threat, but realizing that every online/social media communication between a business with its customers is a potential bait for a brand exploitation attack/scam will put you into the right frame of mind to the above proactive/preventive actions.

The post Brand Impersonation on Social Media: A Safety Guide appeared first on #NoGoFallMaga.