CYBER SECURITY AWARENESS & TIPS FOR NIGERIANS By Don Okereke donnuait@yahoo.

com Introduction Scientists and inventors toil day and night to discover or invent a tool/product that will advance the cause of humanity and before you say Jack, that same invention has been tailored by criminals to perpetuate their nefarious activities. There are so many criminals out there in the cyber and real worlds. Cyber crime or Cyber warfare transcends physical boundaries and as such erecting perimeter fencing and all that offers no help. At the time of writing this piece, news filtered in that names, addresses, bank account details etc of some serving and retired personnel of Nigerias State Security Service was published online. What a national embarrassment and a threat to National Security. This is a wake up call. This kind of act may not necessarily be carried out by external criminal elements. A disgruntled staff could have done it as well. Many a time cyber criminals deploy Social engineering- the art of cleverly influencing people- to outsmart and swindle their unsuspecting victims. Some of the fantasies we read in science fiction novels or watch in James Bond movies that seem impracticable are now common place. There is no gainsaying the fact that advances in technology has thrown up a lot of security challenges. Sequel to Nigerias staggering population of about 160 million people cum the advent and penetration of internet and automatic teller machines, Nigerians should brace up for increased levels of cyber and financial crimes. It is not impossible to clone ATM cards, clone a website, hack into or completely take the website down. Cases abound in the Western world of criminals installing very tiny cameras on automatic teller machines to capture the PIN numbers of unsuspecting bank customers. Desist from entering your debit or credit card details in dodgy road side shops or online websites. As we strive to catch-up with technological innovation in advanced countries, we also need to brace up to the challenges inherent with such technologies; there is always a learning phase or curve. The following comprehensive guide and tips are geared towards making us conscious of the dangers out there and what to do to protect ourselves.
1.

Be careful what you do on a computer especially a public computer like the so-called cyber cafes. When you use a public computer or the so-called cyber cafes to check your emails, ensure you uncheck the keep me signed or logged in box before you sign in to your online accounts. Failure to do this means your email/online account can
Page 1 of 6

still be opened even after you sign or log out. Its also easy for criminals to install keyloggers in public computers that secretly records information of users. So it goes without saying that one must avoid using public computers or networks for financial and private transactions. Dont presume because you have deleted information from a computer therefore it cannot be retrieved. Bad guys beware! There are forensic tools that can be used to scan and recover deleted information from a computer.
2.

Watch out the type of website you enter your personal information. These days, websites can be cloned. The website you thought is your banks, may not be after all. Its safer to personally enter the URL (Universal Resource Locator) of the website you want to visit on the address bar than to Google it. It is risky to click on every link emailed to you by friends etc. Scrutinize emails claiming to emanate from your bank, PayPal and other financial institutions. Dont give out personal information over the phone unless you are sure of the caller. Be wary of text messages or even calls supposedly originating from a particular phone number or company you think you are familiar with. This writer has gotten a lot of phony text messages telling him he has won a lottery that he never entered into. If it looks too good to be true, it is. A chap approached me lately telling me he got an email telling him he won the American Visa lottery. Without even reading the content of the email I told him it is definitely fraud because I am aware the United States Department of State no longer sends emails to lucky winners of its Visa lottery. Winners are now required to personally check in www.dvlottery.gov whether they won or not. This is not even the gist, he subsequently told me they asked him to wire money via western union to an address domiciled in the United Kingdom. This is also why it pays to be INFORMED of developments around us! My wife got a call sometime from somebody telling her they both did their mandatory one year national youth service in a particular state. He went ahead to recite my wifes NYSC call-up number and all that. He asked my wife if she was still searching for a job, she said yes. He instantly guaranteed her a place in Shell where he claimed to be working. There and then, I told wify that the guy was a scammer. People can get your information from so many ways. It could be the guy had access to the Corpers magazine of that particular State/year and got all the details he needed from there. Its amazing people still fall for such trash! With bulk SMS and internet text messaging, one can send a text message with a personalized user I.D or phone number probably claiming to be someone else or originating from a specific phone number. For example criminals can send you a
Page 2 of 6

3.

customized bank transaction SMS alert purporting to emanate from your bank and anything can happen from there. Voicemail and phone calls can be hacked too. Justice Salami has had a running legal battle with OyinloIa/the PDP over alleged text messages and calls purported to have transpired between him and an ACN gubernatorial candidate. One is not necessarily holding brief for Justice Salami; its just to highlight the possibilities of technology. The case is still in court; lets see how it pans out. Computer/Phone hacking is a global phenomenon. Lately, United Kingdoms widely read tabloid- the News of the World closed shop over phone hacking scandal. Prominent celebrities have had their phones etc hacked into at one point or the other. Please if you use a wireless internet subscription on your PC or mobile device, it is very important you use a very STRONG password to protect it otherwise just about any body within your vicinity can log or hack into your network and use it. With remote log in, somebody can hack into your Personal Computer via your unsecured network and access all the information on your PC or device. You cannot exonerate yourself if your network is hacked into and used to perpetuate negative acts. Always switch off the Bluetooth on your computer or mobile device because it is an easy gateway to the information in your device. Your voicemail too needs to be password protected.
4.

Use strong passwords and change it as frequently as possible. Eschew using such things as your date of birth etc as passwords. Mix letters, numerals, capital and lower case letters if possible. If you fancy it, try using a memorable sentence for a password. E.g. AbujaIsTheCapitalOfNigeria. Take note that the aforementioned password has every word starting with a capital letter. Yes, its a long one but also easy to remember. Most importantly, it is STRONG, cannot be easily cracked. Be careful who you send or email your CV and important documents to. This applies mostly to our numerous job seekers out there. I cringe whenever I see a plethora of job seekers copying and pasting their resumes, degree results, passport photos, NYSC discharge certificates etc on every available website and to giddy recruitment websites. Armed with all these information about you, what else does some criminally-minded bloke out there need to claim to be you or clone you? Identity Theft may not be big business here in Nigeria but it is a multi-billion dollar business in most Western countries. As a job-seeker, alarm bells should ring in your head when you come across a company online claiming to be say, Shell and having an email address
Page 3 of 6

5.

shell@yahoo.com. If indeed it is Shell, then their email address should be customized to their name e.g. shell@shell.com.
6.

Be wary the type of information you leave on social networking sites such as facebook, twitter, beebo, hi5 etc. Be careful who you allow as your friend or socialize with on facebook et al. Recently a postgraduate student and daughter of a retired Major General by the name Cynthia Osokogu was brutally murdered in Lagos. She was alleged to have met one of her assailant through Blackberry Messenger. You can see the hazard in blindly trusting people you come across on social networking sites. Over here, particularly amongst teens, there seem to be some kind of competition as to who has the highest number of friends on facebook. People may not be who they claim they are on social networking sites. Its easy to copy and paste or upload another persons picture and claim to be that person. There is lot of impersonation, makebelieve and facade going on in Social Networking websites. If you are travelling, why must you post/advertise it on a Social Networking website. You are unwittingly telling potential goons that you wont be around. People have lost jobs and precious career opportunities courtesy of inappropriate information they inadvertently posted on Social Networking sites. The just concluded London 2012 Olympics recorded athletes being booted out because of their tweets. Some of the information you innocently put on Social Networking sites today may come to haunt you say in 10-20 years time especially for those with Political or leadership prospects. On a related note, you unwittingly make your self a target or a suspect if you allow a wanted criminal or terrorist as your friend on a social networking site. Do I have to also say that these sites are very addictive! So many folks waste a lot of productive hours on facebook et al. This is not to say that social networking is bad, not at all. They also have their good side. A lot of folks ask me if I am not on facebook because they cannot find me when they search for me. Please its high time you made good use of the privacy settings on some of these social networking sites. The privacy setting allows you to decide for example if you want your full date of birth to show or for the general public to see you.

7.

Have manifold email addresses. You can dedicate one of the emails for social activities- networking and all that. Another one can be for your financial transactions and may be a third one for career-related transactions. The raison d'tre for this is that if the email for social activities is compromised, it will not affect the sensitive information in your career or business emails.

Page 4 of 6

8.

Phone browsing has more security implications than browsing on a typical desk top or laptop computer. That is to say that phone browsing is not quite secured. A lot of times folks complain that their email accounts have been hacked into or compromised but on closer scrutiny one finds out that they have at one time or the other, accessed their email accounts on their phones. It often happens that cookies, malwares and Trojans may have infiltrated the said email account and will automatically start sending phony emails to all the addresses in the persons contacts list. It is not news that most of these Smart phones available today have softwares or applications that can track their owners geographical location or movements. Nigerians like to flaunt their wealth and gadgets; we just like to rub it in. It may interest you to know that Google officially admitted that more than 90% of android phones have mobile softwares with serious security vulnerabilities. It is advisable to install a mobile security antivirus on your smart phone. Talking about phone tracking, the late Col Gadaffi was alleged to have placed a call via a satellite phone shortly before he was killed. The hypothesis suffices that his call was intercepted and the coordinates of his location was extrapolated. With such phones, the origin or location of the call can be tracked in real time. So before you start flaunting that your latest toy, take time to consider its disadvantages cum security implications.

9.

Remember that each computer/phone or whatever device you connect to the internet have a specific I.P (Internet Protocol) address. There is a tendency that at every point in time your I.P address is embedded in an email or online transaction that originates from you. With the I.P address, the location or the nearest telecommunication mast where that of that particular transmission emanates from can be deduced. Please dont drag this thread into the promise of altering or hiding an I.P address; using a Virtual PC to browse or ways around some of these things. This thread is aimed to dissuade the bad guys. To the bad guys, please desist from your nefarious online activities because the law enforcement agents will sniff you out if they are determined. Recall that most of these insurgent or terrorist groups in and outside Nigeria issue their Press Releases online and have online presence hence they cannot afford not to leave an online forensic fingerprint trail no matter how meticulous or IT savvy they are. One is quite impressed with the progress been made by the Nigerian Police in using technology to fish out culprits responsible for killing Cynthia Osokogu.
Page 5 of 6

Its encouraging that the Nigeria Police recently enlisted Computer/IT professionals into the force because policing has gone beyond brandishing unserviceable rifles and mounting road blocks.
10. Delete

ALL phone numbers in your old phone before giving it out or selling it otherwise the person you sold the phone to can still have access to your contacts. You also risk exposing your contacts to stalkers or fraudsters by unintentionally giving away their contacts. Preferably, format the phone before giving it out so as to clear all the private information stored in the phone. Desist from storing private and banking details in your mobile phones. Format your Laptop or Desktop PC before selling it to avoid unconsciously giving out your personal and private information stored on your phone.

11. Mind

the type of engineer or technician you give your Laptop, PC, Phone or other gadgets to fix for you. Most of us are guilty of this! Give the wrong person your gadget to fix for you and the next minute all your personal and private information are posted online. A lot of celebrities have fallen prey to this. Some of them have had their nude pictures etc posted online. If you have the technical skill, back-up your gadget-PC, Smartphone on an external hard drive, format it before giving it out for repairs especially if the gadget will take some time to be fixed.
12. Regularly

updating your computer also makes it more secured. Similar to this is also to update your web browsers as older versions may be riddled with security flaws. Uninstall programs or softwares you no longer use from your computer. Avoid downloading or opening programs/files if you are not sure of the sites authenticity or credibility. If I may borrow a line from Intels ex-chairman- Andy Grove, only the paranoid survive.

Don Okereke
(Security Analyst & Consultant) Abuja, Nigeria Email: donnuait@yahoo.com Phone: +2347080008285

Page 6 of 6