Friday, September 11, 2009

Equity Bank's Membership drive attracts unlikely members -- Nigerian Fraudsters!

“Hata wao ni members – (they too are members),” says Daniel Ndeti, a member of Skunkworks, an online forum through which tech experts discuss ICT related topics. Ndeti is taking cue from Equity Bank’s latest ad campaign that seeks to drive the bank’s membership.

In one of the ads the bank has been running over the past few months, a pastoralist, a very unlikely potential member of any bank, is seen wearing traditional regalia pointing to his cattle with a stick before saying “I am a Masai and I am a member.”

What makes this particular advertisement interesting is the fact that pastoralists base their wealth in terms of cattle owned. To them currency bills are just that, but here is one pastoralist endorsing a banking product. But it seems the ad served its purpose and also managed to attract a few fraudsters into the list of members.

Apparently, fraudsters have created a clone of Equity Bank’s website – complete with all the functionality such as checking account details – to take advantage of the bank’s growing success. The bank has won lots of coveted awards internationally including, Best Micro-finance bank in Africa, Euro money award among others.

Unfortunately for Equity Bank, the clone website (http://www.equitybanknig-plc.com) may appear real to unsuspecting ‘members’ because it looks exactly like the real Equity Bank website (http://equitybank.co.ke/) although the graphics on the clone appear odd. Only a keen eye can tell the difference or at least someone who already knows what the real website looks like. The information on the phishing site is also inaccurate.


“Seems weird to me, have you seen the board members section?” asks Phillip Musyoki another member of Skunkworks in a discussion thread on the forum. "They have just done a poor job copying from the Kenyan Equity Bank site. Look at the graphics. Jesus? What is this?”

Musyoki’s observations are right. The fake website erroneously [it seems] names Mr. Julius Kipng’etich, as the CEO of Nigeria Wildlife Service. The site also wrongly states that the current CEO of Equity Bank Dr. James Mwangi, holds a Doctor of Entrepreneurship degree from Jomo Nigeriatta University of Agriculture!

What a laugh. There is nothing like Jomo Nigeriatta University of Agriculture on this earth. Julius Kipng’etich is the CEO of the Kenya Wildlife Society (KWS) while Dr. James Mwangi attended Jomo Kenyatta University of Agriculture and Technology and not what the phishing site purports.

“It is so obvious [this is a] phishing attack. I can say [whoever did the cloning job] is not an experienced dude, by the fact that you can see all these [the] mistakes,” says Okechukwu from skunkworks.”

“That’s what happens. It is called phishing…when you fill in your details [in the fake website], for example passwords, they never reach the real bank; they end up in the fraudster servers. The fraudsters will then use the same information to log into the real account and steal your money or other valuables,” says Motobaridi also from skunkworks.

According to Murigi Muraya, another member of skunkworks, the fake site, created in March this year, is registered to Equity Bank Plc, Powell Maria, 3525 S. Nantucket Dr Arizona, United States US-85249. But the real Equity Bank website is registered through Kenic a local registrant for .co.ke domains and is hosted by Access Kenya, a tech firm based in Nairobi.

It seems quite easy for Murigi, Phillip, Motobaridi and Okechukwu to spot the difference between a phishing site and a real site. But what about the pastoralist that Equity Bank is trying to target through the “mimi ni member” ad campaign? Can they tell the difference?


HOW TO SPOT A PHISHING WEBSITE.

According to About.com, phishing scams are now a part of everyday life. It’s important that you know how to spot one and avoid becoming a victim.
It is easy to uncover a crude phishing scam. For example, if you get an email from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information. Now, if you actually have an account at the institution it gets more interesting.

You’ll want to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.

You should also examine the link provided. Does it really go where it appears to go? The best way to prevent this is to copy and paste the link (don’t click it) to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.

The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that “We will never ask you for your personal information via phone or email”. Source: About.com

5 comments:

  1. Although i am yet to be a member, thanks a lot for the information.
    It is my hope no one shall be duped into giving information.

    ReplyDelete
  2. Great Article!
    Thanks for highlighting this isssue.

    ReplyDelete
  3. Your report is very interesting indeed.
    Best wishes from an Estonian living in Italy!
    My site: http://pillandvetrina.blogspot.com (Police gallery about pirates on the road, Handicrafts gallery, Gallery of borders from all the world, Graphics and Local Police)

    ReplyDelete
  4. i think that cyber crime is here to stay. that dude may not be experienced but these hackers have ways of getting more skilled with time. i recently did a post on phishing scams and who to avoid them on my blog at. and i think that the readers will be interested. here it is
    http://kenyantykoon.wordpress.com/2009/09/12/how-to-keep-computer-hackers-at-bay/

    ReplyDelete