Regulatory Alerts2022-11-24
advisory On Geographical Trend Analysis Internet Fraud
The Nigerian Financial Intelligence Unit (NFIU) has released an advisory on the trends and patterns of internet fraud, particularly romance scams and ransomware attacks, between 2019 and 2021. The report highlights the geographical distribution of these crimes within Nigeria, with Delta, Lagos, and Edo states being the most vulnerable. It emphasizes the need for increased awareness and proactive measures to combat cyber fraud, especially among young males aged 0-29 who are identified as the most skilled perpetrators. The advisory provides recommendations for policy makers, reporting entities, law enforcement agencies, and the public on how to mitigate the risks associated with internet fraud.
NIGERIAN FINANCIAL INTELLIGENCE UNIT
NFIU
INTEGRITY & DILIGENCE
ADVISORY
NFIU/EXT/PUB/ADV/AC-STEI/AUG-2022/VOL.I/006
Geographic Crimes Analysis (Internet Fraud) 2019-2021
The Nigerian Financial Intelligence Unit (NFIU) In fulfilment of its obligations on the timely provision of guidance to Reporting Entities and Competent Authorities (CA) publishes Indicators and advisory on crimes of money laundering and terrorist financing in an effort to guide Reporting Entities and Competent Authorities on observable trends and patterns to mitigate AML/CFT/CPF threats.
AUGUST 2022
Contents
Overview 2
Analysis of Suspicious Transaction Reports: sending and receiving jurisdictions 3
Fraud Type Analysis 6
Romance Scam.. 6
Ransome Ware Attacks.. 6
Estimated Losses to Internet Fraud... 7
Legitimate Versus Illegitimate Internet Transactions.. 8
Analysis on Reasons for Transactions 8
Bank Analysis. 9
Demographical Analysis.. 9
Age.......... 9
Gender Analysis 10
Case Examples Case Study 1. 10
Case Study 2........ 11
Case Study 3 (Open-Source). 11
General indicators of Internet Fraud.. 12
General Red flags and Indicators of Romance Scam in STRs 13
Red flags indicators of Ransomware and Associated Payments.. 13
Conclusion 15
Recommendations. 15
Recommendation to Policy Makers 15
Recommendation to Reporting Entities 15
Recommendation to LEAS 15
Recommendation to the NFIU 15
How to Avoid being a victim of Romance Scam 15
Tips on how to prevent Internet Fraud .. 16
Page 1 of 16
Overview
Although technology such as the internet has not only wholly changed how one communicates, conducts business, and attends to entertainment, it has also opened up new horizons for criminal pursuits and new forms of victimization. Although technology such as the internet has not only wholly changed how one communicates, conducts business, and attends to entertainment, it has also opened up new horizons for criminal pursuits and new forms of victimization.
Consequently, these changes have negatively impacted law enforcement, which is saddled with the responsibility of deterring and responding to such acts in addition to their mandates of addressing other forms of crime. Consequently, these changes have negatively impacted law enforcement, which is saddled with the responsibility of deterring and responding to such acts in addition to their mandates of addressing other forms of crime.
While the concept of internet fraud has long existed, cybercriminals within and outside Nigeria have come up with another method to further sophisticate their extant criminal ways. While the concept of internet fraud has long existed, cybercriminals within and outside Nigeria have come up with another method to further sophisticate their extant criminal ways.
This method is colloquially known as “Yahoo Yahoo. This method is colloquially known as “Yahoo Yahoo."
As at January 2021, Nigeria's internet penetration stood at 50%1. As at January 2021, Nigeria's internet penetration stood at 50%1.
This is a phenomenal increase from a meagre 3.5% in just 2005 (WDI, 2016). This is a phenomenal increase from a meagre 3.5% in just 2005 (WDI, 2016).
This increase in usage came with unintended consequences, such as cyber fraud, which has become a national and global concern.”. This increase in usage came with unintended consequences, such as cyber fraud, which has become a national and global concern.”.
For instance, in 2016, cyber fraud accounted for about 43% of total monetary loss due to fraud in Nigeria.2 For instance, in 2016, cyber fraud accounted for about 43% of total monetary loss due to fraud in Nigeria.2
According to section 6(1) of the Cybercrimes (Prohibition, Prevention, etc.) Act 20153, any person, who without authorization or in excess of authorization, intentionally accesses in whole or in part, a computer system or network, with the intent of obtaining computer data, securing access to any program, commercial or industrial secrets or confidential information, commits an offence. According to section 6(1) of the Cybercrimes (Prohibition, Prevention, etc.) Act 20153, any person, who without authorization or in excess of authorization, intentionally accesses in whole or in part, a computer system or network, with the intent of obtaining computer data, securing access to any program, commercial or industrial secrets or confidential information, commits an offence.
Section (14)1 of the Act also makes it an offence for any person to engage in damaging, deletion, deteriorating, alteration, restriction or suppression of data within computer systems or networks, including data transfer from a computer system. Section (14)1 of the Act also makes it an offence for any person to engage in damaging, deletion, deteriorating, alteration, restriction or suppression of data within computer systems or networks, including data transfer from a computer system.
Finally, the Act criminalizes such other cybercrimes as: system interference, electronic theft, spamming, spreading of viruses or malware, identity theft, phishing, and denial-of-service-attacks. Finally, the Act criminalizes such other cybercrimes as: system interference, electronic theft, spamming, spreading of viruses or malware, identity theft, phishing, and denial-of-service-attacks.
The term also refers to the deliberate use of computer networks to advance criminal causes. The term also refers to the deliberate use of computer networks to advance criminal causes.
Area Of Advisory
In fulfilment of its mandate, the NFIU is issuing this strategic product to draw the attention of relevant stakeholders and the public to the trend in internet fraud. In fulfilment of its mandate, the NFIU is issuing this strategic product to draw the attention of relevant stakeholders and the public to the trend in internet fraud.
This sectoral and geographical advisory focus on the issue of internet fraud between 2019-2021, with the aim of identifying, analyzing and understanding the reason certain jurisdictions are more vulnerable than others, it seeks to reveal the emergence of the newest methods of cyber fraud and also aims to unravel techniques through which This sectoral and geographical advisory focus on the issue of internet fraud between 2019-2021, with the aim of identifying, analyzing and understanding the reason certain jurisdictions are more vulnerable than others, it seeks to reveal the emergence of the newest methods of cyber fraud and also aims to unravel techniques through which
1 Simon Kemp, Digital 2021: Nigeria, 2021, DATAREPORTAL.
2 Umaru Ibrahim, The Impact of Cybercrime on the Nigerian Economy and Banking System.
3 CYBERCRIMES (PROHIBITION, PREVENTION, ETC) ACT, 2015
Page 2 of 16
these criminalities are perpetuated and to educate competent authorities and the general public on how best to counter these attacks. these criminalities are perpetuated and to educate competent authorities and the general public on how best to counter these attacks.
The advisory also aims to provide operational experts and decision makers with up-to-date empirical information which is used to monitor existent and emerging trends of money laundering, terrorism financing and proliferation of weapon of mass destruction. The advisory also aims to provide operational experts and decision makers with up-to-date empirical information which is used to monitor existent and emerging trends of money laundering, terrorism financing and proliferation of weapon of mass destruction.
Analysis of Suspicious Transaction Reports: sending and receiving jurisdictions
The analysis below highlights the jurisdictions where transactions were initiated and the destination countries:
| Countries | Transaction Count |
|---|---|
| Unknown4 | 306 |
| USA | 196 |
| Europe | 52 |
| Nigeria | 36 |
| Africa | 26 |
| UK | 26 |
| Asia | 20 |
| North America | 7 |
| South America | 9 |
| Oceania | 9 |
| Grand Total | 681 |
| Table 1: Originating Jurisdictions |
Categorization was done hierarchically according to the countries with higher transactions and countries with less than eight transactions were grouped into various continents. Categorization was done hierarchically according to the countries with higher transactions and countries with less than eight transactions were grouped into various continents.
It is worth noting that 45% of the transaction amounts were not reported in the STRs by the reporting entities, thus a hindrance to the analysis. It is worth noting that 45% of the transaction amounts were not reported in the STRs by the reporting entities, thus a hindrance to the analysis.
29% of the transactions originated from the USA, followed by, countries in Europe -with 8%, Nigeria with 5%, other African countries with 4%, UK-3%, Asian countries with 3%, and countries in North America, Oceania and South America 1%. 29% of the transactions originated from the USA, followed by, countries in Europe -with 8%, Nigeria with 5%, other African countries with 4%, UK-3%, Asian countries with 3%, and countries in North America, Oceania and South America 1%.
See below table:
4 Source country was not stated in the STR
Page 3 of 16
Map 1: Sending Locations in Nigeria
Page 4 of 16
Similar to the receiver country analysis, Lagos State originated more than 50% of the transactions from Nigeria distantly accompanied by Delta state with 17%, Ogun with 5%, and River, Anambra, Edo, Enugu, Jos, and Kogi States at 3%. Similar to the receiver country analysis, Lagos State originated more than 50% of the transactions from Nigeria distantly accompanied by Delta state with 17%, Ogun with 5%, and River, Anambra, Edo, Enugu, Jos, and Kogi States at 3%.
5% representing Nigeria were transactions conducted in Nigeria but no mention of State in the STRs. 5% representing Nigeria were transactions conducted in Nigeria but no mention of State in the STRs.
Map 2: Heat Map for Geographical Distribution of Receiving Locations in Nigeria
Based on the above heat map, it is observable that Delta state in the South-South geo-political zone has the highest number of reported suspicious Internet fraud transactions with a total of 167 STRs at 60.00%. Based on the above heat map, it is observable that Delta state in the South-South geo-political zone has the highest number of reported suspicious Internet fraud transactions with a total of 167 STRs at 60.00%.
Lagos and Edo's states follow closely with 116 and 93 respectively with 20%. Lagos and Edo's states follow closely with 116 and 93 respectively with 20%.
Bauchi, Gombe, Sokoto, Kebbi, Katsina, and Jigawa have no STR reported from these regions. Bauchi, Gombe, Sokoto, Kebbi, Katsina, and Jigawa have no STR reported from these regions.
Page 5 of 16
Fraud Type Analysis
Internet fraud has grown in scope, going beyond the banal mailing list there are scammers in almost every sphere of human activity. Internet fraud has grown in scope, going beyond the banal mailing list there are scammers in almost every sphere of human activity.
The spontaneous nature of these activities has aided criminals in adopting new forms of fraud and many methods to this pandemic exist. The spontaneous nature of these activities has aided criminals in adopting new forms of fraud and many methods to this pandemic exist.
While Online fundraising, phishing, business email compromise, Forex fraud, and Cloning are some of the most popular forms of internet fraud, there remains a critical kind of internet fraud known as “Romance Scam". While Online fundraising, phishing, business email compromise, Forex fraud, and Cloning are some of the most popular forms of internet fraud, there remains a critical kind of internet fraud known as “Romance Scam".
Other fraud types constituting 12% according to analyzed STRs are Advance fee fraud, Business email compromise, and Forex fraud. Other fraud types constituting 12% according to analyzed STRs are Advance fee fraud, Business email compromise, and Forex fraud.
Romance Scam
According to the Federal trade commission report, “people have reported losing a staggering &1.3billion to romance scams more than any other fraud category6. According to the Federal trade commission report, “people have reported losing a staggering &1.3billion to romance scams more than any other fraud category6.
This number has skyrocketed in recent years. This number has skyrocketed in recent years.
2021 was no exception as the report hit a record of $547 million for the year. 2021 was no exception as the report hit a record of $547 million for the year.
This concept involves scammers weaving all sorts of touching stories to lure Victims, with the most popular style involving a plea for help for financial or health crises. This concept involves scammers weaving all sorts of touching stories to lure Victims, with the most popular style involving a plea for help for financial or health crises.
But lately, there exists a twist on romance scams where individuals intentionally transfer funds to please their "supposed sweethearts. But lately, there exists a twist on romance scams where individuals intentionally transfer funds to please their "supposed sweethearts.
These compassionate individuals often think they are helping but end up as “money mules “in laundering stolen funds. These compassionate individuals often think they are helping but end up as “money mules “in laundering stolen funds.
Ransome Ware Attacks
According to a 2021 report by Sophos, a global leader in cybersecurity, 22 per cent out of the respondents from Nigeria had experienced a ransomware attack in the last 12 months, compared to 53 per cent in 20207. According to a 2021 report by Sophos, a global leader in cybersecurity, 22 per cent out of the respondents from Nigeria had experienced a ransomware attack in the last 12 months, compared to 53 per cent in 20207.
The report, noted that the average ransom paid globally is $170,404, and that only eight per cent of organizations managed to get back all of their data after paying a ransom with 29 per cent getting back not more than half of their data. The report, noted that the average ransom paid globally is $170,404, and that only eight per cent of organizations managed to get back all of their data after paying a ransom with 29 per cent getting back not more than half of their data.
Internationally, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) received 37% more reports of ransomware incidents in 2019 than in 2018, with a 46% increase in associated financial losses. Internationally, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) received 37% more reports of ransomware incidents in 2019 than in 2018, with a 46% increase in associated financial losses.
BSA reporting shows a stark increase in financial losses per ransomware incident, with the average dollar amount in financial institution SARs on ransomware increasing approximately $87,000 from BSA reporting shows a stark increase in financial losses per ransomware incident, with the average dollar amount in financial institution SARs on ransomware increasing approximately $87,000 from
5 https://card-file.ontu.edu.ua/bitstream/123456789/21641/3/Stan_dos_inform
6 Reports of romance scams hit record highs in 2021 | Federal Trade Commission (ftc.gov)
Page 6 of 16
2018 to 2019 ($417,000 to $504,000) and $280,000 from 2019 to thus far in 2020 ($504,000 to $783,000)8. 2018 to 2019 ($417,000 to $504,000) and $280,000 from 2019 to thus far in 2020 ($504,000 to $783,000)8.
Above data showed incessant rise in ransomware extortion. Above data showed incessant rise in ransomware extortion.
Chart 2: Internet Fraud Types
Out of 681 STRs analyzed for the period, the Romance scam carries the biggest weight with about 600 STRs reported representing 88% of the fraud types which is consistent with the findings of the federal trade commission that placed romance scams as the most persistent of all internet frauds. Out of 681 STRs analyzed for the period, the Romance scam carries the biggest weight with about 600 STRs reported representing 88% of the fraud types which is consistent with the findings of the federal trade commission that placed romance scams as the most persistent of all internet frauds.
Estimated Losses to Internet Fraud
According to an article on cyber-fraud by business day, “Nigerian banks lost N3.5 billion between July and September 2020 to fraud-related incidences, representing a 534-percent increase from the same period in 2019, when it was N552 million. According to an article on cyber-fraud by business day, “Nigerian banks lost N3.5 billion between July and September 2020 to fraud-related incidences, representing a 534-percent increase from the same period in 2019, when it was N552 million.
The statistics are supported by the STRs analyzed, showing an increase between 2019 and 2020. The statistics are supported by the STRs analyzed, showing an increase between 2019 and 2020.
In 2021, the numbers went down by a few percentages. In 2021, the numbers went down by a few percentages.
See below table:
| Year | 2019 | 2020 | 2021 |
|---|---|---|---|
| Amount | N514,276,387.09 | N1,362,320,265.00 | N1,352,277,553.00 |
| Table 2: Yearly Losses to Internet Fraud |
8 See FBI IC3, "2019 Internet Crime Report," (2019); and FBI IC3, "2018 Internet Crime Report," (2018).
Page 7 of 16
Legitimate Versus Illegitimate Internet Transactions
There are several reasons why people carry out transactions online reasons could be legitimate or illegitimate. There are several reasons why people carry out transactions online reasons could be legitimate or illegitimate.
For various economic reasons, it is more business-efficient to carry out transactions via the internet to other means. For various economic reasons, it is more business-efficient to carry out transactions via the internet to other means.
Individuals in different jurisdictions would at some point need to send funds to loved ones for family upkeep and other personal reasons. Individuals in different jurisdictions would at some point need to send funds to loved ones for family upkeep and other personal reasons.
Nonetheless, some criminals tend to abuse this mostly to avoid regulatory oversights by moving large amounts of money might not attract scrutiny if it looks like there is a relationship between the sender and receiver in cases of a romance scam. Nonetheless, some criminals tend to abuse this mostly to avoid regulatory oversights by moving large amounts of money might not attract scrutiny if it looks like there is a relationship between the sender and receiver in cases of a romance scam.
The below image depicts other reasons for this occurrence. The below image depicts other reasons for this occurrence.
Figure 1: Legitimate Versus Illegitimate Reasons
Analysis on Reasons for Transactions
The STRs analyzed showed different reasons by individuals as reasons for the transactions. The STRs analyzed showed different reasons by individuals as reasons for the transactions.
Most of the transactions lacked economic justification spanning across family upkeep, business, construction, medical bills, and school fees. Most of the transactions lacked economic justification spanning across family upkeep, business, construction, medical bills, and school fees.
Family support and self-upkeep were predominantly reported while 151 individuals representing 22% of the total number of transactions had no justifiable reasons, thus raising suspicion. Family support and self-upkeep were predominantly reported while 151 individuals representing 22% of the total number of transactions had no justifiable reasons, thus raising suspicion.
See below chart:
Page 8 of 16
Chart 3: Chart
Bank Analysis
A total number of thirteen banks filed STRs within the period with a corresponding value of N3,228,874,205.09. A total number of thirteen banks filed STRs within the period with a corresponding value of N3,228,874,205.09.
Demographical Analysis
| Age | Sender | Receiver |
|---|---|---|
| 0-29 | 11 | 304 |
| 30-39 | 15 | 214 |
| 40-49 | 17 | 47 |
| 50-59 | 23 | 18 |
| 60-69 | 5 | 9 |
| 70-79 | 11 | 3 |
| 80-89 | 1 | Nil |
| Unknown | 598 | 86 |
| Table 3: Age of Senders and Receivers |
Page 9 of 16
The ultimate beneficiary (Receiver) is the predator who defrauds the senders. The ultimate beneficiary (Receiver) is the predator who defrauds the senders.
The most prevalent age group presumed to be involved in this fraud based on the STR analysis is 0-29. The most prevalent age group presumed to be involved in this fraud based on the STR analysis is 0-29.
The statistics on the United States Federal Trade Commission confirm this “an increase in fraud is most striking for people ages 18 to 29 and further stated that for this age group, the number of reports increased more than tenfold from 2017 to 2021