Flutterwave to go after beneficiaries of 2023 breach

also ft; Cybersecerity expert warns of “Quishing” new attack vector

and

Dec 14, 2024

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

One of Nigeria’s most significant breaches last year was the 2023 Flutterwave breach. Efforts are still ongoing to recover lost funds.

— Noah

HIGHLIGHTS

Nigeria Police to arrest beneficiaries of fund transfers from POS agents involved in Flutterwave breach

The Nigerian Police says it is ready to arrest 601 customers involved in the Flutterwave breach of October 2023. The breach allowed Flutterwave’s point of sale (PoS) agents to transact beyond their available balance, and while we are still in the dark on how the breach happened, authorities have traced out over 601 bank accounts of those who received money from the transfers of POS agents exploiting the breach.

In previous efforts to recoup the money lost from this breach, which is one of a couple that’s happened to the fintech unicorn, stakeholders have attempted to force banks to reverse the traced funds but were not allowed by the court. After investigations into the KYC details of account holders and phone numbers of the 814 Flutterwave point-of-sale merchants involved in the unauthorized transactions, the police are ready to make arrests while also seeking a freeze of 601 accounts suspected of benefitting from the fraudulent transfers.

Proceedings of the investigation and prosecution of the 2023 Flutterwave breach will go down as one of the most interesting case studies of the complex nature of financial fraud, breaches, and fund recovery in Nigeria.

A constant lack of transparency is a poster problem in the Nigerian finance sector, where institutions deny, totally or in part, incidents to protect their reputation. A lack of seamless cooperation between banks is also a bane in the fight against this menace, while the bottlenecks of law and enforcement further complicate the matter. Developments like these highlight the importance of the push for regulatory compliance like the mandatory KYC for all fintechs by the CBN which is now aiding investigation, prosecution, and recovery.

Ghana 2024 Elections and the usual pattern of online misinformation

Ghanaians just voted in a not-so-new leader, ex-president John Dramani Mahama in a tightly contested election which eventually saw power transitioned to the opposition party.

While the Ghana 2024 election took a different turn for the choice of candidate voted in, there isn't much difference in the pattern of online mis and disinformation campaigns during the elections.

A pre-election assessment of Ghana’s information ecosystem done by Dubawa in 2024 revealed that while the citizens are still vulnerable to mis and disinformation campaigns, analysis of content between the previous election and now reveals an increase in volume and sophistication especially in this age of AI-enhanced misinformation.

Factchecks published in the build-up to and during the election confirmed that many of the campaigns aim to discredit the opposition or push false narratives to increase the chances of a candidate by proliferating out-of-context claims or even outright false facts and figures.

Some of the campaigns posed more threat than the usual falsehood proliferation as they incorporated cyber attacks, stressing increasing sophistication of these campaigns.

Sophos warns of new sophisticated Quishing (QR Phishing) target at organizations

Principal researcher at Sophos X Ops, Andrew Brandt in a recent warning for organisations revealed the exploitation of QR Codes in PDFs sent in imposter emails to perpetrate phishing attacks against organizations in the new attack vector called “quishing” short for QR code phishing.

The compromised QR codes are embedded in imposter legitimate PDF documents like payroll, employee benefit information, and other organizational documents claiming to come from internal departments like HR or finance for unsuspecting employees to scan which then put them in the hands of the bad actors.

Employing social engineering tactics in well-crafted emails the attackers utilize sophisticated technology to bypass corporate filters and make the attachment not readable on computers forcing unsuspecting employees to open it with their mobile phones which have less security infrastructure.

According to the researcher, the pattern of the attack shows that the targets have all been employees of organizations, and not private individuals, to gain access to companies’ networks using stolen credentials. Organizations are further advised to be more vigilant and invest in advanced email filtering and security frameworks while employees are to share less information about their work in the organization online.

Do you find value in the CybAfriqué newsletter? Share to support the work we do.

This article by Adebayo Benedict Soares and Suleman Lazarus examines fifty case files of cybercriminals that the Economic and Financial Crimes Commission (EFCC) convicted for online romance fraud. Their Findings reveal that most offenders were university students who use Facebook as their primary platform for engaging victims. These offenders also have a preference for Apple’s iPhone and usually present themselves as Caucasian American males or military personnel, with some adopting Caucasian European male identities.

This article details findings from a study on how employees' internet habits expose companies to attacks. Employees who visit gambling and adult content sites are at more risk of certain attacks than others.
Showing a recurring pattern of lack of transparency in how financial institution deals with fraud incidents, First Bank, the oldest bank in Nigeria has denied report of a fraud incident leading to 7 billion naira loss of customers’ money. Tech Cabal reported the incident on Friday, December 13 while noting the bank did not respond to their call for comment.