WhatsApp Compromise and Insider Threats

also ft a corny opening joke

Olatunji Olaigbe

Noah Aderoju

, and

Olatunji Alameen

Feb 08, 2025

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Why do hackers like the Sahara Desert? Because it’s the perfect sandbox.

Reminder: Please take this two-minute survey to share your thoughts and help make CybAfrique better. We’d also love to chat with you, please leave your email in the survey if you’d love to talk.

— Olatunji

HIGHLIGHTS

Are Africans experiencing a disproportionate amount of WhatsApp compromise?

Much is being said about Paragon in Europe but this past week, Ugandan authorities were forced to issue a public warning to WhatsApp users after a notable surge in cases of WhatsApp compromised, done mainly by threat actors who would ask for the victim's verification code as a requirement to receive some form of social benefit or large grant.

Once in control, they send misleading messages to a victim’s contacts and groups, asking for money, loans, and plugging them to fraudulent schemes. They exploit the social standing of their victim, exposing them to financial losses and reputational harm.

Similar compromise have been on the rise across African countries like Ghana, where WhatsApp hack cases in Q1 2024 alone exceeds the total of 2023; in South Africa where MTN, the leading network provider in the country had to launch a campaign to warn and educate subscribers after a similar surge in cases; and Nigeria where several citizens and even prominent individuals like a serving state governor and federal minister’s WhatsApp account were hacked, forcing Nigeria’s National Information Technology Development Agency (NITDA) to issue a comprehensive advisory for WhatsApp users in 2024.

WhatsApp is the most popular instant messaging app in Africa – popular for its early arrival advantage.

The compromise, which employs basic social engineering tactics, is particularly effective on older people who are less tech-literate.

WhatsApp scams are generally reliant on social engineering. Some popular examples include business brand hijacking/cloning, where fraudsters pose as a legitimate business and trick supposed customers into paying for nonexistent goods and services; there’s also the romance scam, where scammers nurture romantic relationships with unsuspecting victims to exploit them.

Regular app updates, multi-factor authentication, good digital etiquette, and general cyber awareness are the best security against social engineering.

First Bank, Bank of Uganda, and the rise of insider threat

In May 2024, TechCabal published an exclusive detailing how a high-ranking employee of First Bank was on the run after diverting more than 40 billion naira ($29 million).

Earlier this year, the federal high court in Lagos ordered the final forfeiture of cumulative $1.2 million cash and other assets recovered from Muiz Tijani Adeyinka, the former employee of First Bank of Nigeria (FBN) who exploited his privileged position to defraud the bank.

He allegedly used his office to manipulate “settlement accounts by creating fictitious domiciliary inflows with which he immediately transferred the naira equivalent to himself and his cronies”. He was basically rerouting funds meant to settle reversals of customers’ transactions to merchant accounts he controlled through his wife and other cronies, and as the last line of authority in his team this went on for almost two years without detection. Adeyinka was also declared wanted by Interpol in June 2024

The discovery of the insider fraud of Adeyinka led to more scrutiny of staff by FBN leading to a chain of events involving the sack of over 100 staff of the bank. Adeyinka’s case is also rumoured to be the reason why First Bank’s CEO at the time, Dr Adesola Adeduntan, abruptly resigned in April, eight months before the end of his tenure and less than a month after the fraud was uncovered.

In a similar case, of the at least 17 officials being investigated in the insider probe relating to last year’s breach of the Bank of Uganda, nine have now been arrested including officials from the office of the accountant general and senior personnel from the Treasury Department. According to this report, those detained include the Accountant General, Lawrence Ssemakula – which followed a rigorous interrogation by the Criminal Investigation Department.

ICYMI: Seventeen under surveillance in relation to Bank of Uganda Breach

Insider fraud and employee malpractices are threatening financial institutions in Nigeria even as financial fraud cases continue to rise in the country. According to a Financial Institutions Training Centre (FITC) report, insider fraud cases surged from 47 in Q1 to 58 in Q2 2024. This is as the total amount involved in fraud cases skyrocketed by 1784%, jumping from N2.9 billion ($1.9million) in Q1 to N56.3 billion($37.6million) in Q2 2024. The report also states that at least 49 staff were terminated across Nigerian banks over insider fraud, revealing a 23.4% increase.

Funds lost to fraud in Nigeria surged by a staggering 8,993.04%, rising from N468.49 million($312,000) in Q1 to N42.6 billion ($28.4 million) in Q2 2024.

Do you find value in the CybAfriqué newsletter? Share to support the work we do.

As the popularity of Chinese AI DeepSeek continues to rise, fake DeepSeek websites are being used for credential phishing, cryptocurrency theft, and scams. Researcher Dominic Alvieri who has been tracking such websites detailed his findings to SecurityWeek in this report. He had seen well over 50 active sites as of Wednesday, as well as over a thousand domains that are likely being prepared for nefarious activities. Some of the fake DeepSeek sites are hosted on domains such as deepseek-login[.]com and their goal is to trick users into handing over their credentials. Other fake DeepSeek websites push cryptocurrency wallet drainers, while others promote token scams, Alvieri said.
The “Nigeria Cyber Threat Forecast 2025,” published by the Cyber Security Experts Association of Nigeria (CSEAN) has singled out Digital asset scams and attacks powered by artificial intelligence (AI) as the two most potent threats in the Nigerian cyberspace this year. The Cyber threats experts believe these two will pose the biggest threat this year. Especially with Nigeria being home to Africa’s biggest digital asset market, boasting of an estimated 10% of the population, equating to 22 million Nigerians, owning digital assets. Noting instances from 2024 where the report warns that sophisticated tactics will exploit trust and manipulate public opinion, posing severe risks to individuals and businesses.