Cybercrime affects us all: Let’s detect and prevent it

All organisations and individuals are subject to fraud risk. It is therefore essential to prioritise fraud prevention and detection to protect the interests of every organisation and its stakeholders.  Since we can’t control and effectively manage what we don’t know or understand, so let us start by understanding what fraud is. Fraud may be classified into three categories:

•False representation-deliberate falsification of information to result in a gain for self or others, or loss or risk to others.

•Failure to disclose-concealment of information to result in a gain for self or others, or loss or risk to others.

•Abuse of position-exploitation of position, or omission to act, resulting in a gain for self or others, or loss or risk to others. (Source: The UK Fraud Act 2006)

Common frauds include Financial statement fraud: This may manifest in many ways to inflate profits, conceal losses, flatter the business performance, extract cash or otherwise misrepresent the financial status of the company.

Material misrepresentation: This manifests when a client misrepresents or fails to disclose material financial or non-financial information influencing the risk decisioning made by the lender or bank

Known bad: This occurs when an institution fails to identify the customer/client, or its directors are known within the sector, industry in which the client operates, public media or other sources to have previously been involved in fraud or other abuse of facilities.

Trade for finance, not for trade: This manifests when a client trades with undisclosed but socially or legally related counterparties to obtain bank finance and siphon money for purposes other than the stated trade.

Social engineering frauds include:

Phishing refers to emails with links containing malware that can access your personal information so always take note of the senders’ email addresses.

Vishing refers to calls impersonating banks or companies to obtain account details. To manage this always transact on safe websites with the lock icon or ‘secure and verified’ badge at the bottom of the page and never reveal personal or banking information to anyone over the phone or email.

 With SIM porting/Swapping, here fraudsters may obtain a duplicate SIM from phone companies by impersonating you. The fraudster requests for a duplicate SIM on the pretext of lost phone, damaged or replacement SIM and activates the new SIM to gain access to OTP/notification from your bank. To manage this, always be alert to any notifications sent by your phone company on any unauthorised SIM change. Should you receive such a notification, always call them immediately for verification. Lastly, take note of long periods of network outage on your mobile as this could be an indication of SIM deactivation.

 ATM frauds involve your ATM card information being stolen while you are at the ATM through someone tampering with the card reader to trap the card, someone looking over your shoulder and observing your PIN or someone installing a false keypad to capture your PIN.

 Card fraud involves the use of cards for unauthorised or unlawful transactions. To manage this type of fraud, never share your card details with anyone, always keep your card in sight when making payments over a counter and ensure the correct card is returned to you, always check your card statements for unknown transactions and always shred and discard card statements, receipts, and old and expired cards.

 Money mule on the other hand is someone who accepts and transfers money in return for a fee. To guard against this type of fraud, always be aware of people offering fees to receive and transfer money using your bank account and don’t open a bank account in your name to receive and transfer money for someone else.  Frauds can be hard to spot at times but together we can reduce the risk by spotting the warning signs. We need to always be vigilant and when in doubt, verify the source of the calls, emails and/or text messages before we act. We also need to curtail suspicious activity by not responding to requests for personal details from unknown sources and finally, we need to always report incidents for many reasons but mostly to create awareness and management. Organisations therefore need to put in place a mechanism to enable customers and clients who suspect any fraudulent activity report it immediately. The quicker the fraud is reported, the higher the chances of recovery.

Mr Stanley Katwaza is Head Conduct, Financial Crime and Compliance - Standard Chartered