Money is and has always been the driving force for a lot of people with the saying, “whatever problems money cannot fix, more money can”.
And those with this mindset will go to great lengths to obtain it. However, in terms of length and motivation, how far is too far, and what is the true source of motivation and drive?
Motivation is ultimately influenced by the pressures of the world. Pressure is a central component of the fraud triangle.
The fraud triangle framework seeks to establish elements that come together for fraud to occur.
It asserts that in the presence of opportunity, situational pressures and rationalization, fraud is bound to happen.
In the fraud triangle, opportunity is solely the responsibility of management of institutions. Poor institutional governance and controls creates the opportunity for fraud but for fraud to occur, it depends on the pressures faced by the fraudster and potential rationalization.
It is believed that rationalisation for most criminals (including cyber fraudsters), and victims of fraud schemes are related to unemployment, economic difficulties, and poor incomes or compensations.
The government of Ghana is presently being faced with constant criticisms from citizens because of the worsening economic performance and declining financial indicators.
The government is currently relying on the International Monetary Fund (IMF) for a monetary policy programme, which underscores the severity of the nation’s economic problems.
The current economic shocks are attributed to COVID-19 pandemic, Russia’s war in Ukraine, and excessive borrowing, just to mention a few.
Ghana’s inflation, as assessed by a range of commodities and services, hit 33.9% in September 2022 - the highest level in two decades.
Continuous rise in prices have obliged the Bank of Ghana to increase its policy rate from 14.5% in January 2022 to 24.5% in October to tame inflation.
This has in turn caused commercial banks to raise their lending rate.
In addition, the Ghana cedi has depreciated by unprecedented proportions against the US dollar since the beginning of the year, making imports more expensive and adversely impacting prices of goods and services.
To compound our economic woes, rating agencies have downgraded the country’s sovereign risk rating to a negative outlook. This significantly limits the government’s capability to borrow on the international capital markets to fund the budget.
It is worth stating that as prices of goods and services continue to rise, salaries, compensations and allowances of workers remain the same and therefore a reason for the public agitations and outcry.
As a result, there is the possibility for a rise in fraud cases due to the pressures arising from economic or financial recession.
Businesses and individuals are likely to engage in corruption, misappropriation, and financial fraud.
The bank of Ghana’s fraud statistics for 2021 indicate a very alarming projection for fraud and cyber fraud.
A total of GH¢114 million is the amount involved in fraud cases reported to the Bank of Ghana.
About GH¢52 million of the reported amount was recovered whilst a little over GH¢61 million was lost to fraud.
The increasing prevalence of affordable, powerful, portable, and user-friendly digital devices and technologies have allowed many businesses and governments to automate their operations and create efficiencies.
In the same way that individuals, governments, and businesses rely on these systems, so do criminals.
Perpetuators will want to explore areas of opportunities to commit fraud and go unnoticed and the Internet is certainly one of the most ideal options or medium to propagate fraud or fraud related activities. Just like every other type of fraud, the intent is to illegally gain and leverage an entity’s sensitive information for monetary gain.
Primarily, the major vectors used for perpetuating cyber fraud include Phishing, Malware, Ransomware, and Social Engineering.
Actors can be internal – employees who know the inside workings of an organisation or are in a position of power or privilege and therefore can leverage the knowledge or information to commit fraud under the rationalisation of economic pressure, or external – individuals outside of an organisation or other business entities that use various forms of attacks to gain unfair advantage or acquire information that they intend to leverage upon for monetary gains.
Since the onset of COVID-19 and throughout the present economic crisis, phishing scams have been one of the most used vectors in propagating fraud.
State security agencies have repeatedly issued warnings about fraudsters employing phishing to steal information, obtain access to bank accounts, and conduct unauthorised money transactions.
Malware is also one of the principal fraud vectors. These harmful programmes are utilized by cyber criminals to obtain unauthorised access, erase files, and steal sensitive data, among other activities.
Ransomware, a type of malware, is used by hostile actors or fraudsters to encrypt the data of victims and demand money to decrypt them.
Due to the complexity and difficulty in its limitation and mitigation, ransomware poses a significant threat to most businesses.
Social engineering scams, the most prevalent of all cyber fraud vectors are used by cyber fraudsters in manipulating individuals’ emotions to expose their personal information.
Typically, a criminal would begin these attacks by conducting research on their intended victim using social media and general search queries to obtain information.
Once they identify a victim’s needs or wants, they get in touch with the individual via social media or message (Smishing), email (Phishing), or phone (Vishing), offering a service.
The fraudster attempts to gain the individuals’ trust and convinces him or her to reveal sensitive information that would grant them access to personal accounts.
Cyber fraud, in no doubt, will continue to increase as the country’s economy worsens and as more computers are connected worldwide, giving global access to computer criminals.
Bank of Ghana has hinted on increasing sanctions on financial institutions that do not comply with directives and do not deploy measures to control fraud and cyber fraud.
This also transcends to financial institutions that do not report fraud cases.
To protect against cyber fraud and prevent attacks, businesses and individuals must first seek to gain understanding of the attack vectors and actors.
A good step to start with is cybersecurity awareness training to gain understanding of how phishing, social engineering, malware, and other attacks are perpetuated by cybercriminals.
Businesses must also ensure they have the relevant information security policies in place – not just policies on paper but those that are properly integrated with business processes. Some other simple techniques are:
1. To constantly update software on devices to ensure digital assets have the most up-to-date security upgrades.
2. To ensure that all the organisation’s devices are equipped with antivirus and anti-malware software. Individuals using smart phones must ensure they install updates from manufacturers when they are made available – do not procrastinate.
3. To use unique and separate passwords for all accounts. Avoid using easily guessed passwords such as birthdates or names.
4. Enable two-factor authentication to add an extra layer of protection and
5. Back up data.
Motivation for committing fraud and cyber fraud is ultimately influenced to a large extent by economic pressures. The current state of Ghana’s economy creates an enabling environment for cybercriminals to step up their game and commit more fraud.
Corporate managers must continue to implement fraud-prevention and detection processes and controls. While the corporate managers do their part, government must also work diligently to improve the existing economic conditions so together these measures will reduce cybersecurity threats.
Source: Ben Tagoe & Daniel Kweku Ntiamoah
The writers are Ben Tagoe: Chief Executive Officer, Cyberteq Falcon Ltd. and Daniel Kweku Ntiamoah: SOC/Digital Forensic Analyst, Cyberteq Falcon Ltd.