When documentaries sensationalise rather than educate
I did not see the Real Story
episode that was broadcast last night, but the snippets that were shown in the news
stories during that day did have a touch of sensationalised histrionics to it.
It is a well-known fact that certain
enterprising but dishonest Nigerians have been involved in what is known as Advanced Fee Fraud
or 419 in the local parlance.
Part of what I saw showed a raid on
an Internet café in Nigeria where officials of the EFCC (Nigerian Fraud Squad) had everyone
vacate the computers; they asked everyone to put up their hands facing the walls
and then as one of the suspects remonstrated an EFCC official assaulted the man
with a slap in the face commanding him to shut up.
This is a poor reflection on the Nigerian
criminal justice system that suspects can be assaulted but law enforcement agents
with impunity and very little recourse for justice.
My take on 419
Back to 419 - This is where using
the human susceptibility to greed and gullibility, a victim receives a request to
supposedly launder ill-gotten gains from bogus contracts or stashes of frozen sums
of money by providing their bank account details and paying an upfront fee for the
administration of the process. Some are so sophisticated in their ploys that it
becomes too good to be true – anything that has that feel to it has my radar homing
in on something fishy.
Many have fallen for this get-rich-quick
scheme and lost large sums of money, but I
have no sympathy for both the perpetrator and the victim, they were both about
to engage in a criminal act. However, there are cases where the contracts do look
real, but when you are about to invest money, especially in Nigeria, you have to
have your wits about you and seek an independent, impartial review of the whole
thing – involve lawyers and investigators you can trust before you part with your
cash.
The Real Story episode revealed that
people’s details were being sold for as little as 20 Pounds, the details were supposedly
gleaned of hard disks which would have been in used and second-hand computers exported
to Nigeria.
Your details can be used anywhere
The fact is the information on hard
disks can be read in any country and can be used by any set of criminals either
in Nigeria or elsewhere. Having completed a module on Computer Forensics, I am very
well aware of the fact that it takes a lot more to delete data off a hard disk.
There are tools to recover long removed
data and special tools are required to wipe hard disks to the security standard
of the Department of Defence, in fact, in most cases, the hard disk would be melted
if the data that it once contained is considered secret.
Besides, identity fraud is probably
an issue closer to home than in faraway Nigeria. All you have to do to rummage through
a bin and find letters, bank statements, if not credit card PIN slips that give
enough information about a person – this is called bin
raiding – a further search on the Internet can reveal birth date, birthplace
and parents if the genealogy, census, birth, marriage and death registrations are
online.
A letter posted to my cousin in England
from Nigeria some 20 years ago ended up in the hands of a lodger who used that information
to obtain a National Insurance number in my name – so identity theft does not have
to be so complicated or sophisticated.
Developing a sense of security
to protect privacy
People who generally would lock their
doors when they go out and pull the curtains to keep prying eyes out, apparently,
do not apply the same principle to their information, data, computers and personal
details.
Everyone who receives a letter of
any importance must invest in a paper shredder and shredders
do have different security ratings from strips to pulp – I never dispose of any
paper that has not been shredded and I have been doing that for at least 7 years.
Your computer when online is like
an open door with drawn curtains and open windows; you need more than just any popular
anti-virus software because virus developers test their malevolent programs against
popular anti-virus software to prevent detection.
The general idea is to develop the
fortress principle to your computer, an outer wall (a firewall), the doors and windows
(an anti-virus software) and then the protection of valuables within the home (malware
detectors).
Use good tools
In my case, I do use a hardware firewall
found in my wireless router and enable the software firewalls on all computers,
I have installed the well known McAfee VirusScan Plus
and Trend
Micro PcCillin Internet Security ensuring that the updates run every day at
night.
Malware
is software that gets installed inadvertently on your system through opening a suspicious
email or visiting an innocuous web site, they can install key loggers which record
all the keystrokes you have typed and send that information to a harvesting system
where the information can be replayed as if it were you logging on to your bank
account or some other security service. These are really the identity theft perpetrators.
I use Lavasoft Ad-Aware and SpyBot – Search and Destroy,
with all that attention to detail, I still find that a keylogger still ends up on
my laptop every few days – you just need to keep ahead of the criminals – time after
time.
In addition, to remove all references
to sites, I have visited and files I have opened on an operational system, I use
CleanUP.
If you are done with your computer,
you can recycle it, but before you do, search for a secure hard disk deletion tool
as this write-up suggests – Purge hard drives before
recycling.
Common sense approach to social
engineering
In all, you have your identity to
protect, ensuring that the people privy to your secrets are authorised to access
that information with discretion under the contract of confidentiality, not of which
should violate your right to privacy.
Where people, emails or forms ask
for information that should be personal and known only to you like your PIN numbers,
do not under any circumstances reveal that information because that that time you
would be seriously compromised – they might want information about who you are where
name, address, date of birth and account number might suffice, but that should only
be divulged to those your have ascertained through obtaining their own details first.
Always err on the side of caution,
err of the side of keeping the information than giving it out.
References
No comments:
Post a Comment
Comments are accepted if in context are polite and hopefully without expletives and should show a name, anonymous, would not do. Thanks.