Dangerous Acts of Social Engineering in Nigeria -By Caleb Onah

In the city of Opebi in Ikeja Lagos State, Nigeria, I once heard of a notorious social engineering group called “The Persuaders” operated in the shadows, preying on unsuspecting individuals. Led by their charismatic leader, Tolu, they manipulated emotions and exploited vulnerabilities for their own malicious gains. Tolu’s team targeted wealthy businessman Mr. Johnson (not real name), promising him a low-interest loan to expand his business empire.

Posing as representatives from a reputable Microfinance bank, they gained his trust and convinced him to pay a “processing fee.” But after receiving the money, they vanished, leaving Mr. Johnson empty-handed and scammed.

However, as their usual practise, the Persuaders stayed one step ahead, constantly adapting their techniques to exploit the human psyche. Till today, no one knows their whereabout. This serves as a cautionary tale, highlighting the importance of skepticism and critical thinking.

It reminds us to verify information, remain vigilant, and report suspicious activities. Social engineering scams are a constant threat in an increasingly vulnerable countries like Nigeria. With the rise of advanced communication technologies and the increasing dependence on digital platforms, cybercriminals have found new ways to exploit human vulnerabilities for their malicious intentions.

Just as the “The Persuaders”, attacks can take various forms, ranging from phishing emails and phone scams to impersonation and pretexting. In Nigeria, these tactics are often employed to gain unauthorised access to personal data, financial accounts, or corporate systems with Allen and perhaps Ikeja as one major “headquaters” in Lagos State.

Phishing remains one of the most common social engineering techniques which many of us can testify about. Cybercriminals send deceptive and manipulative emails, text messages, or create fake websites that resemble legitimate organisations.

They lure unsuspecting victims into providing sensitive information such as passwords, credit card details, or personal identification information. Recently, in Nigeria, these attacks are often targeted at banking customers, with scammers attempting to gain access to online banking credentials.

A practical real life experience told by a friend during one of my psychosocial support session, is when Amina (not real name) received a call from someone claiming to be a police officer. They exploited her fear and trust, convincing her that her bank account had been compromised.

Ignorantly, Amina followed their instructions, providing personal information and transferring her savings to a “secure” account. Unbeknownst to her, she had fallen victim to a skilled social engineer where her life pension savings were debited, causing her depression, and with suicide ideations.

Sometimes, (they) social engineers may impersonate trusted individuals, such as government officials, company executives, or customer service representatives. By utilising this tactic, they manipulate victims into sharing confidential information or performing actions that compromise security. Impersonation scams in Nigeria can range from fake government agencies requesting personal data for documentation purposes to fraudulent calls from bank representatives seeking account details.

In March, Bolarinwa Oluwasegun, a prominent member of the APC, was apprehended by the EFCC for purportedly assuming the identity of an Army general in order to deceive unsuspecting individuals and swindle them out of $270 million.

Moving forward to May 2022, the EFCC detained Abdulaziz Yari, a former governor of Zamfara State, on allegations of benefiting from N22 billion out of the N84 billion that the suspended Attorney General of the Federation was accused of embezzling. According to an anonymous whistleblower within the EFCC, Yari and Anthony Yaro, the Chairman and Managing Director of Finex Professional, were apprehended in relation to the N84 billion fraud case involving a former Accountant General of the Federation.

It has been discovered that, these scammers uses another form – pretexting involves the creation of a false narrative or pretext to deceive individuals. Social engineers may pose as co-workers, suppliers, or acquaintances to gain trust and extract sensitive information.

In Nigeria, pretexting is often employed to target employees in organisation. For instance, scammers may pose as IT technicians, requesting login credentials or access to computer systems under the guise of technical support.

Business Email Compromise (BEC) scams which is another I have discovered and are particularly prevalent in Nigeria. Attackers compromise or impersonate email accounts of company executives or employees and send requests for urgent payments or financial transactions. These scams exploit the trust between employees, and organisations often suffer significant financial losses as a result.

The consequences of falling victim to social engineering attacks can be severe. Individuals may experience financial loss, identity theft, or reputational damage. Organisations, on the other hand, face financial implications, data breaches, and compromised customer trust. It is therefore crucial for both we as individuals and organisations to take preventive measures to mitigate the risks associated with social engineering.

Such as implementing robust authentication mechanisms such as two-factor authentication (2FA) can add an extra layer of security, making it difficult for attackers to gain unauthorised access to accounts or systems.

Verifying the identity of individuals through multiple channels before divulging sensitive information (Patience is key) is crucial in mitigating social engineering risks like, others is regular software updates and security patches, incident response planning, regular security assessments, encourage reporting, adhering to relevant cybersecurity regulations and frameworks, such as the Nigeria Data Protection Regulation (NDPR) or international standards like ISO 27001, as well as continuous monitoring and adaptation.