On Jan. 31, 2024, the Nigerian police apprehended 22-year-old Ayobami Bakare and his 26-year-old Abdullahi Abubakar accomplice for cybercrime in Ekiti. The Ondo Police Public Relations Officer (PPRO), Funmilayo Odunlami-Omisanya, revealed that the incident followed a cybercrime complaint the police received on Oct. 26, 2023, after the accused allegedly bought a Toyota Corolla 2006 model from Mr Filani Oluwaseun and Ogbaguwa Oluwasola at Ikare Road, Owo.
The transaction ended at N4.65 million, but the accused used a fake transfer to complete the negotiation. During apprehension, the state PPRO revealed that the culprits also had a Toyota Camry 2014 model at N6.2 million, an iPhone 12 Pro Max at N600,000, and an iPhone 14 Pro, all through fake transfers in different situations.
This case is not the first in Nigeria, but only the latest that went public. In December 2021, the police apprehended a crime syndicate in Enugu State, specialising in buying cars from dealers with fake bank transfers. The state police commissioner, Abubakar Lawal, said six vehicles fraudulently purchased, among other incriminating items, were recovered during apprehension. Other cases involved an actor in Ibadan and a soldier in Lagos.
Such fraudulent activities inflict financial losses on unsuspecting victims and pose a significant challenge to digital transactions. By understanding the tactics employed by cybercriminals and implementing effective preventive measures, individuals and businesses can better safeguard themselves against the threat of fake bank alerts.
How it works
Fake bank alerts generated by malicious apps operate through sophisticated techniques that exploit vulnerabilities in banking systems and deceive unsuspecting victims in Nigeria, where digital literacy is below standard.
Scammers employ specialised mobile applications known as “Flash fund” or “Flash alert” apps, which they install on their smartphones. These apps mimic legitimate banking interfaces and enable users to fabricate fake bank alerts with ease.
DUBAWA attempted to download such notorious applications but could not find them on the Google Play store. However, some are available via the dark web. Leveraging these tools, scammers input false transaction details, including the recipient’s name, account number, and transfer amount, often accompanied by fabricated transaction reference numbers and dates.
The fake transaction begins once the scammer enters the recipient’s details on the malicious application. This prompts the application to generate a deceptive message resembling a genuine bank alert, which includes the bank’s logo, name, and other details to create a convincing façade.
Upon receiving the fake alert, the recipient, usually a seller of goods or services, believes payment is confirmed and proceeds with the transaction. However, the funds are non-existent, and the scammer carts away the goods or services before the recipient realises the deception.
Scammers exploit factors such as time delays in bank notifications or the absence of real-time updates in banking apps to buy themselves time to disappear with ill-gotten gains.
Fake bank alerts orchestrated through the Flash Fund application prey on trust and exploit gaps in banking systems and consumer awareness. To be one step ahead, vigilance and scepticism are crucial defences against falling victim to these increasingly sophisticated scams. Below are some of the details or things to look out for.
Always double-check the sender’s details on any bank alert you receive. Legitimate bank alerts will display the bank’s name, crispy logo on graphics, and the sender’s contact information, such as their email address or phone number. You can confirm this information by visiting the bank’s official website or calling their customer service hotline.
Also, pay attention to the language and tone used in the alert message. Authentic bank alerts are usually written professionally and formally, devoid of spelling errors or grammatical mistakes.
Be wary of any links in the alert message. Fake bank alerts may contain links that lead to malware or fake websites that steal personal information. Before clicking on any links, hover over them to view the URL and ensure it is from a secure site.
If you suspect a link is fake, refrain from clicking on it and report it to the bank immediately. Examine the content and formatting of the alert for any inconsistencies. Legitimate bank alerts typically include the account number and transaction details, whereas fake alerts may lack such information.
After receiving a money transfer alert, verify that the transaction is reflected in your account balance. If the amount hasn’t been credited, it’s likely a fake alert. If you receive a money transfer alert from someone you know, contact them directly via call or message to confirm if they initiated the transaction.
If you have any doubts about the authenticity of a bank alert, contact the bank’s customer support team immediately. They can help verify the alert and provide information on recent transactions.
While scammers consistently improvise in their pursuit to defraud unsuspecting victims of their hard-earned resources, proactive Nigerians must be familiar with their deceptive tactics to avoid falling into precarious situations and aid the improvement of digital literacy.