FAKE job offers from cloned government and corporate websites are showing up on the emails of job applicants. Victims are losing money, and financial institutions are turning blind eyes.
Last October, Mercy Olayinka, a mother of one, stumbled on an online advert for enlistment into the Nigeria Immigration Service (NIS) with six hours left to the deadline that Sunday evening.
This was welcome news for Mercy, who had applied for full-time employment on different job websites. She created a profile on a fake NIS website with her email, received a web link, and uploaded her relevant documents directly onto the website.
Things got sketchy. Mercy was required to pay N1500 to submit her application. Using her husband’s Automated Teller Machine (ATM) card, she input the bank details on the portal.
Minutes later, the sum of N4,000 was withdrawn from her account. Still, the application had not gone through.
After two attempts, Mercy used her debit card to pay to complete the application process but discovered that another debit of N5,000 had taken place without her approval. Still, the application didn’t go through.
Suspecting she had fallen victim to a scam, she informed Wema Bank customer service of the development, which prompted the bank to block the ATM card used for the transaction.
However, it turned out that the NIS didn’t post the job offer on its website. Five months earlier, 6,105 applicants had been shortlisted by the NIS for the officers’ cadet position.
Mercy was unaware she was applying for the job through a fake NIS website cloned by scammers to scam people.
“I didn’t know the job offer was fake because it looked real, but I was desperate and wanted to get a job badly, so I had to believe,” she told The ICIR.
The fake NIS website had red flags of a scam site, described by Siteadviser – a website assessment platform – as a risky site to visit. It had no contact address and social media accounts.
The ICIR investigations revealed that the scammers went to great lengths to impersonate the NIS. They bought a website from linkservehost.com in February 2021 and set up a Microsoft email server.
They opted for privacy protection that hid their names from public registries of website owners.
The IP address hosting the fake NIS website is linked to 92 different websites. Statistics obtained from Google Analytics shows the fake NIS website gets 105,000 page views monthly, with an estimated 94,000 new visitors to the website each month.
The debit alerts Mercy received on her phone revealed that the deductions from her account were routed through Web Buy, an online merchant on Wema Bank’s payment gateway.
Wema Bank requires online merchants on its payment platform to provide proof of ownership of a corporate bank account and a registration certificate from the Corporate Affairs Commission (CAC) to be listed.
The bank says the policy ensures fraudsters do not use its platform to carry out nefarious activities
The Central Bank of Nigeria (CBN) mandates banks to place a two-factor authentication(2FA) for all online money transactions, so Mercy should have received an alert when a third – party tried to access her account, but Wema Bank disregarded the policy.
How Wema Bank reacted
Mercy asked the bank’s customer service to trace where her money was transferred to, which they promised to investigate. Two months after, she is yet to know the outcome of the bank’s investigation.
The ICIR contacted Funmi Falola, spokesperson of Wema Bank to ascertain why the bank’s behavioural monitoring system fails to flag unusual transactions on customer accounts against the CBN policy.
“I am in a meeting with my team and can’t take calls right now,” she said. When asked why she didn’t respond to a message via WhatsApp she said the message encroached into her family time during the weekend.
Online scammers dupe thousands of Nigerians like Mercy of their hard-earned money through job scams each year, though the actual number of victims who have fallen for this kind of scam is unknown.
A different scam trick
The Federal Bureau of Investigation’s Internet Crime Complaint Center report said 443 people in Nigeria reported being victims of employment scams in 2020, with losses estimated at $20 million.
For Mercy, she stumbled on a cloned website of the Immigration Service, but Emmanuel Dawa fell for a different scam.
He received a congratulatory email from what he thought was the Nigeria Customs Service (NCS) that he was shortlisted for recruitment and invited to participate in the final training and screening.
Dawa was excited. In 2020, he had applied for enlistment into the service but failed to gain entry. However, the email instructed him to upload his resume, relevant documents, and bank details to a web link to secure placement for the screening.
“I was happy but sceptical about it, so I informed a few friends who advised me to proceed with the process that I was lucky to get the opportunity,” he said.
He completed the application and didn’t get feedback that the submission was complete despite paying the N5,000 application fee. He did not get a bank debit alert but felt it was a network problem.
So he used his friend’s UBA bank debit card to make the payment again.
Hours later, he received debit alerts on his phone of N10,000 each, but before he blocked the debit card, he had lost N80,000.
His friend debited the sum of N30,000.
Like Mercy and Emmanuel, many job applicants do not carry out verification of employment websites because they are desperate to get a job. And some of them do not know the steps to take to identify such fraudulent websites.
According to the Nigeria Bureau of Statistics (NBS), Nigeria’s official unemployment rate rose to 33.3 per cent in the fourth quarter of 2020, leaving over 70 million of its labour force either jobless or underemployed.
“I complained to the customer care at UBA bank in Yola, but they told me there was nothing they could do about it,” Dawa told The ICIR.
The scams pattern
Online employment scams follow a similar pattern involving embedding phishing links in emails to direct victims to fake job websites or emailing job applicants to trick them into giving up their bank details while offering outrageous salaries.
When the victim puts their bank details or Card Verification Value (CVV) of their ATM cards, a three-digit number on the back of the card in the fraudulent website, the scammer copies the details from the bank’s payment gateway before withdrawing the monies from their account.
On January 30, Adedapo Onabiyi, a travelling agent in Lagos, received debit alerts from his Guaranteed Trust Bank (GT Bank) account. Three debits alert later, he had lost N997,000 which belonged to his client.
Without Adedapo’s authorisation, his money was transferred using the GT Bank app to a Wema Bank account belonging to Asen Football Ventures International Nigeria Ltd in Benue State.
The firm legally registered with the CAC is located in Makurdi.
The ICIR findings revealed that the company’s directors are Johnson Ajaver Tyolumun and Helen Ajaver, who are also joint-owners of another company, Pensata Communications Nigeria Ltd in Gboko.
Adedapo said the Wema Bank customer care agent told him the money was untraceable while he laughed at him for falling for a scammer.
“I was explaining to him that someone had duped me and transferred my money to an account in their bank. Before I could show him screenshots as evidence; he was laughing at me. I nearly fainted that night because it was like they were covering up for fraudsters,” he told The ICIR.
Adedapo went public to Twitter, igniting conversations about his plight, which prompted GT Bank officials, the Police, and the Economic and Financial Crimes Commission, EFCC, to investigate the case.
“I am yet to get my money back. The Police promised they would arrest the fraudsters involved because they had tracked one of them, but I am yet to get feedback. The EFCC is involved as they are also investigating the matter,” he said.
However, as of the time of filing this report, no arrest has been made.
Catherine Anene, Police spokesperson in Benue State told The ICIR she had not been informed of the case, “I am not aware of this case you mentioned and yet to be briefed,” she said.
The ICIR contacted Wilson Uwajuren, the spokesperson of the EFCC, to get an update on its investigation in the case, but he didn’t respond to calls or text messages sent to his phone.
A Weak Chain-link
In 2015, the CBN established the Nigerian Electronic Fraud Forum (NEFF) to provide solutions to fraud arising from an increase in the adoption of online payments in the country.
The CBN mandated banks to set up a minimum of 10 dedicated lines to support customers of electronic frauds at any time of the day, block or restrict bank accounts involved if there is a fraud complaint, and log customer fraud complaints within all electronic delivery channels.
Most banks fail to comply with this directive. Osita Nwanisiobi, the spokesperson of the CBN, was asked by The ICIR if the CBN had sanctioned any bank lately for failing to comply with its order on fraud complaints.
“Did the banks tell you they don’t have a fraud desk, or they are not complying with the CBN directive?” he retorted. He abruptly ended the call, saying he was in a meeting and did not respond to a text message sent to his line.
The ICIR findings showed that some banks didn’t meet the required number of phone lines dedicated to complaints as prescribed by the CBN.
Some of the banks include First Bank with three phone lines, United Bank of Africa, UBA had three, GT Bank had two phone lines, Wema bank had four phone lines, and Access Bank had five phone lines.
Section 18 of the CBN regulatory framework for mobile money services stipulates that customer complaints should be attended to within a reasonable time and not later than 48 hours from the date of reporting or lodging the complaint with the financial institutions.
Tom Precious, a co-founder of PandaScrow, a payments solutions startup based in PortHarcourt that seeks to eliminate fraud in online payments, said the exposure of personal bank details of victims was the first breach of security.
“By clicking on phishing links or malicious emails operated by fraudsters means that your bank details are stored on their websites when you leave, and they take their time to start withdrawing your money.
“The first line of defence is protecting your sensitive personal information online and never paying a fee to apply for anything, which is where escrow technology comes in to serve as an intermediary to protect your money,” he said.
In August 2021, the Nigeria Police Force (NPF) arrested a suspected fraudster, who alleged that Access Bank and First Bank were the most accessible banks to hack.
The hacker, Salau Abdulmalik, was arrested by detectives from the Special Fraud Unit (SFU) for allegedly hacking the Flex-Cube Universal Banking System (FCUBS), a server of an unnamed Nigerian bank, to steal N1.87 billion.
The Nigeria Inter-Bank Settlement System (NIBBS) said that fraud-related transactions cost Nigerian banks an average of N14 billion in losses each year.
Red Flags to note
Most employment scam emails [they can also be circulated via closed messaging platforms like WhatsApp] contain poor grammar and misspelt words which are basic tips for identifying scammers.
They often offer a higher than average salary and have buzzwords like ‘no interview necessary’ or ‘instant hire.’
Cybersecurity experts say people should check the employment website or call the company where they hope to work to see if the posted job advert website is real.
“Most scam websites have generic images that don’t correlate with their content,” said Imoh Anselem, who runs PandaScrow, a technology company.
The Factcheckhub, a platform that seeks to combat misinformation gives tips on how to identify phishing websites or scams that are perpetrated by masquerading as something else online.
Is fake army recruitment website linked to NiRA BOT chair?
Findings by The ICIR shows that one of the employment scam websites in circulation is linked to Chima Onyekwere the founder of Linkserve Limited, Nigeria’s foremost web hosting company, and the current Chairman Board of Trustees of the Nigeria Internet Registration Association (NiRA).
The website joinarmy.com.ng just like the fake immigration website that duped Mercy have no social media handles or contact addresses. They collect bank details and other sensitive information from job applicants.
The fake army website created in December 2020, which information contradicts the on the genuine Nigerian Army’s website listed Onyekwere as the registrant of the fraudulent Nigerian army website. It also included his professional company email address.
Google describes a registrant as the owner of the domain. It says “A registrant is the registered holder of a domain. A registrant holds the “rights” to a domain for the duration of the registration period.”
It is different from a registrar which is a company that manages the registration of domain names or a registry which is an organisation that manages the administrative data for the domain.
In the case of the joinarmy website, Onyekwere is listed as the registrant (owner) while Linkserve as the registrar.
Onyekwere however denied involvement with the scam website saying as Managing Director of Linkserve Limited his name appears on domain addresses hosted on its server.
“Do you know my age and how do you think I can be associated with such a scam? I don’t know anything about it and I will tell my people to shut down the website after this call,” he told The ICIR.
According to him the name of the owner of the fake army website is Abdullahi Kabir whose location is Abuja.
Asen Football Nigeria Limited linked to a fraudulent website
Online scammers are venturing into the $147 million Nigerian betting market by cloning football betting websites.
On the surface, bangbet.com.ng looks legit as it appears to be a website to place bets on football matches.
The website was bought in March 2020 and mimics the features of bangbet.com whose domain host is based in Germany and was registered in 2013.
The cloned website collects the bank details of users who place bets like their debit card passwords, CVV of their ATM cards, etc, to take monies from their accounts without their knowledge.
Both websites look genuine, which makes it difficult to spot clues of a scam.
The ICIR traced the internet address of bangbet.com.ng to the domain name registered with Asen Football Ventures International Nigeria Ltd, located in Makurdi, Benue. The same company that owns the Wema Bank account where Adetayo’s money was transferred.
Messages sent by The ICIR to the directors of Asen Football Ventures International Nigeria Ltd via their Facebook pages were not replied to, at the time of filing this report.
