Engineering by Social Hackers

Now this is something I am supposed to have written many months ago. But being a Devops Engineer can come with its daily tasks that could be really daunting. But here we are finally. Had to steal some office time do this piece.

The rate of fraud and Social Engineering of bank customers is alarming, though the popular banks such as GTBank, Firstbank, Diamond and Zenith bank are the most affected, no bank is left behind in this nefarious act.

We are here to demystify these occurrences, how you as a user can easily identify and the necessary action(s) to take. while in some cases you do not need to take any action. Banks send messages/information through two major channels, SMS and Email. These are the two channels that they use to carry out their act. I will start with SMS

SMS

First of all you, need to understand that your bank will NEVER I repeat NEVER send you an SMS with a phone number. Whenever you get an SMS that claims your bank asked you for something. This is an example of an SMS that is a fraud

Sample Fraud SMS

Let us break down this message and analyze it.

1. The title shows a phone number: +2348140672547. This already disqualifies the message because when it is from a bank, it will read the name of the bank. For example: GTBank, ZenithBank, WemaBank, FidelitySMS etc. The bulk SMS channels have been spam-filtered to prevent users from using any bank name to send this type of message. So when the messages come from any title like that there is a 99.99% chance it is legitimate.
2. Every bank has standard helplines you call when there is any problem, and you can see it on the back of your ATM card. Also, your bank will tell you to visit their office when there is a problem with your ATM card not to call a number to fix it for you.
3. When your ATM is blocked your bank seldom sends you a message telling you it has been blocked, there are also policies behind blocking of an ATM card that the banks follow. So they won't just block the ATM and tell you to call a number for it to be resolved “Under 24 hours” (tells you he needs to get your card details and use it to withdraw all your money). Beware!

Email

This is the most used method to engineer users to share their personal credentials, and this is more dangerous than the SMS because they wait immediately to use the details that have been provided to withdraw money from your account INSTANTLY! The major method used to do this is to send some kind of email claiming your bank is asking you for your login credentials either to update your account, update your BVN, or more recently you are told that a subscription has been initiated in your account, and a debit has occurred on your account. For you to unsubscribe and stop the recurrent debit, you are to click a link to stop the process. This link always takes you to a malicious website that is not the bank website. From there you are asked for your bank login, Token and any information that enables you to login to your internet banking account. This is a sample email:

Similar to the SMS method metioned above, let us identify what makes this message malicious even before you try to click any link at all

1. The sender of the message already shows it all. Diamondbank will not send an email with the “@gmail.com” as shown in the image above which is “<apphikon@gmail.com>”. When it is your bank that sends an email it will have “@diamondbank.com” or for a GTbank “@gtbank.com” for a Zenithbank “@zenithbank.com” pari passu for other banks. So when you see a sender that is not having your bank name, just ignore or delete the email.
2. All banks implement what is called an SSL on the web page where you enter your Internet Banking Login Information. This means the space where you type your “www” will have a “https” added to it, to show that the page is a secured page. Let us assume you ignore the (1) mentioned and you click the link to open the page. You should not just go ahead to start inputting your details because the next thing you will see is a form asking for your login information. Pause a little to investigate the page. It usually does not have the “https” on it.

Web Address that does not contain https

3. Your bank will not send you an email to unsubscribe for a debit operation instead the bank will tell you to visit any of its branches if you have any unsolicited debit on your account so you can resolve or deactivate it. This is in most cases though

These are some of the ways that this malicious people ask you for personal login details after which they will carry out 3rd party “authorized” transactions on your account. So I hope when you follow the little steps I have mentioned in this email, you will identify and either ignore the person or report to your bank or law enforcement agency.

Quick TIP: You can actually take the phone number of the user and identify them on truecaller.

Hope this helps someone thank you

Part two of: Docker and Ships and Berths is coming soon too (read part one here)