Increasing Cyber Fraud Cases: How citizens can identify and respond to them | The Probe

  • last year
The Probe with Emefa Apawu | Increasing Cyber Fraud Cases: How citizens can identify and respond to them

#JoyNews
#TheProbe
#MyJoyOnline

https://www.myjoyonline.com/ghana-news/

Subscribe for more videos just like this: https://www.youtube.com/channel/UChd1DEecCRlxaa0-hvPACCw/

Follow us on: Facebook: https://www.facebook.com/joy997fm
Twitter: https://twitter.com/Joy997FM
Instagram: https://bit.ly/3J2l57

Click this for more news:
https://www.myjoyonline.com/
Transcript
00:00 Good evening and welcome to tonight's edition of The Probe.
00:02 Well, the month of October is special for many, many obvious reasons,
00:06 including breast cancer awareness, International Day of the Girl Child.
00:10 We have World Food Day and many, many more all in the month of October.
00:14 But tonight we shall zoom our lenses on cyber fraud
00:16 because the National Cyber Security Awareness Month is this month.
00:20 That's October.
00:21 In Ghana, internet penetration we know has seen remarkable growth,
00:25 surging from 2.31 million users in 2012 alone to 17 million users in 2022.
00:33 Well, in the first half of 2023,
00:35 cyber fraud activities led to direct financial losses of 4.32 million US dollars,
00:42 translating to 49.5 million Ghana cities in Ghana.
00:46 While the reported cyber fraud activities represent only a fraction
00:50 of the cases brought to the attention of government organizations,
00:53 we are told that 41,285 contacts from members of the public
00:58 was received by the CSA between October 2019 and July 2023,
01:03 all complaining about cyber crime and other related activities.
01:07 Guess what? Identity theft, online extortion, romance fraud,
01:13 and shopping fraud accounted for 41% of the total fraud cases.
01:18 Well, there are all kinds of names for these activities.
01:21 Once we put it out there, I heard all kinds of names,
01:24 apart from the Sakawas and the others that we know.
01:27 There are a lot more that people describe it when it comes to the cyber fraud.
01:30 But our focus tonight is on how to get ahead of these fraudsters.
01:35 My guest tonight is the lead in National Computer Emergency Response Team
01:39 at the Cyber Security Authority, Stephen Kujo-Seshi.
01:43 Stephen, welcome.
01:44 - Thank you. - I hope you're ready for this discussion.
01:47 Of course, because there are a lot of questions that have come in.
01:50 Once we put it out, we are live on Joy News.
01:53 We are live on Joy 99.7 FM and affiliates across the country,
01:57 myjoyonline.com and all our social media platforms.
02:00 On DSTV, we are on Channel 421. On GoTV, it's 125.
02:04 I am Mmefa Apau and this is The Probe.
02:08 Please do stay with us. A quick turnaround, then we get talking.
02:10 You're welcome back to The Probe here on Joy News.
02:17 We are also on Joy 99.7 FM together with affiliates dotted across Ghana's 16 regions,
02:22 myjoyonline.com and all our social media platforms.
02:25 All you have to do is to send us a message with a hashtag #theprobe.
02:29 Tonight, we are focusing on cyber security and it is the Awareness Month
02:33 and we are starting October with cyber security awareness.
02:38 And Stephen Kujo-Seshi, like I told you, is my guest tonight here on The Probe.
02:42 I'm pretty excited about this discussion because I get to know all about it.
02:46 So welcome once again.
02:48 Okay, well, let's talk about the Awareness Month itself.
02:52 I know that since 2017, your authority has been leading this particular Awareness Month.
02:58 Really, what does it entail?
02:59 Right, thank you Mmefa.
03:00 So the Cyber Security Awareness Month is one of our flagship programs.
03:05 And basically, it's a month where we focus on all things awareness around cyber security.
03:11 So if you look at our history, how we've evolved to where we are,
03:16 we identified the capacity of our citizens to recognize cyber security threats as a weakness.
03:22 So in 2018, we completed a survey with the University of Oxford and the World Bank,
03:29 which basically did an assessment of our entire ecosystem.
03:33 We spoke to private sector, public sector, looked at the general interviews,
03:37 and basically identified that Ghanaians, we trust a lot.
03:40 And therefore, our ability to respond to cyber security threats was a bit low.
03:44 So they put it down as an improvement point.
03:48 So based on that, in 2018, we launched a strategy around awareness.
03:52 So we identified four pillars.
03:53 We talked about government, businesses, children, and then there's one more.
04:00 There's a fourth one.
04:02 So around those elements, in October, we tried to focus on all these.
04:08 We have several kinds of programs, awareness creation programs,
04:12 there are workshops and the like.
04:14 So that's what October is about.
04:15 Tomorrow, we launch for 2023.
04:18 We're going to have distinguished ministers, sector minister,
04:23 Ministry of Communications and Digitalization will be there,
04:26 Minister of Information, Minister of National Security,
04:28 and some distinguished external guests will be there to kick it all off.
04:32 The whole month is busy.
04:34 Yes, every week there's something happening across different sectors.
04:37 So we're touching government, we're touching private sector,
04:39 we're dealing with children, all that.
04:41 Well, but children, I'm very interested, at least government, business, children.
04:46 I see that there's a lot of questions around government and businesses,
04:49 at least individuals, but children really, how is it looking like?
04:53 Okay, so children are an important part of our strategy as a cybersecurity authority.
04:59 In fact, if you look at the Cybersecurity Act, Act 1038 of 2020,
05:03 there's a whole section that speaks to protecting children online
05:07 in terms of sharing of indecent images or intimate images of children and the like,
05:12 and there are very stiff penalties around it.
05:15 In the authority, we have a whole division that's devoted to
05:18 what we call child online protection.
05:20 So they do work around the awareness creation,
05:25 going to schools to engage them, to educate them on cybersecurity best practice,
05:28 what they should do, what they should not do.
05:31 They also interact with, so when there are cases that are reported
05:34 to the authority through our point of contact,
05:36 they work to resolve those cases.
05:38 They need to investigate if their prosecutions required
05:41 the championing to the necessary evidence.
05:44 So it's really important.
05:45 Are we having more and more children falling prey to this cybersecurity fraud
05:50 and activities over the period, you would say?
05:53 Well, you hear it now and then.
05:56 You probably see more of the other types, but it comes,
05:59 we've seen a lot of instances where in schools,
06:04 unfortunately maybe a young lady gets convinced by someone
06:08 who she thinks she likes, the person takes photos of her,
06:12 she's a minor, then the next thing you know,
06:14 they're either sharing it with other people or they've posted it somewhere.
06:17 We've seen some instances of such cases
06:21 and each time we are deeply involved in trying to resolve such.
06:24 Okay, but what's the data looking like over the period
06:29 when it comes to cybersecurity fraud in Ghana?
06:32 Okay, so we just ended a quarter, so I can look back a year
06:36 from quarter three all the way one year back.
06:39 We've had about 14,000 engagements.
06:41 So our point of contact, let me talk about that before I move on.
06:45 So our point of contact is a mechanism that is mandated by our Act
06:49 that allows us to interact with the public,
06:51 basically offer them a service in terms of reporting cyber crimes.
06:54 We offer a voice line, 292, SMS, also 292,
07:00 a WhatsApp line, 050-160-331,
07:04 an email address report@csa.gov.gov.
07:06 These channels are available for anyone in the public to report issues.
07:11 And when those reports come, we have a team that responds to it.
07:15 24/7 we are there, we'll pick your call, we'll respond.
07:17 Now from those interactions in the past year,
07:20 14,000 calls have come in.
07:25 Out of that, around 1,200 of them are actual incidents.
07:28 So that means something has actually happened that we need to look into.
07:32 So that's about 9%.
07:34 The rest turn out to be what we call advisories.
07:37 So you might call us and say,
07:39 "Well, I see this so-and-so link, it says this, should I click it or not?"
07:44 We'll take your info, we'll take the link, we'll analyse it,
07:46 and come back and tell you, "Okay, MFR, please stay away from this."
07:49 Well, there was one link, for instance,
07:50 that was going around about getting free BA tickets and all that.
07:55 I don't know if that was also brought to your attention.
07:57 Like, when we see such links, what are we supposed to do with it?
07:59 So there are a few things you can do.
08:00 If you are that savvy, there are links, there are services online
08:06 that you can use to check whether that link is malicious or not.
08:09 So there's one offered by Google called Virus Total.
08:13 We can take a link, go and paste it in the form there.
08:15 They have a series of tests to run against it,
08:19 and then tell you, "Okay, MFR, this is malicious, don't continue."
08:21 But if you're not sure, just call us.
08:23 We'll do the work for you and give you an answer.
08:25 Okay. Well, one key one, I'm sure you're not new to this,
08:28 MUMU, MUMU fraud in particular.
08:31 There are concerns about whether the cybersecurity authority
08:35 is very much alive to the increasing cases of MUMU fraud,
08:39 and what exactly the authority is doing about it.
08:42 Okay. So MUMU fraud, so let's say it's a multifaceted problem.
08:48 But the key challenges around us, the users of the service,
08:56 it's a system, it's helping our digital growth
09:02 or facilitating payments and stuff like this.
09:05 But then what you've got now are people who are in the system
09:08 and they try to manipulate you,
09:10 will use your PIN or authorize things that you did not actually go for.
09:16 So we tend to, as an authority, we tend to focus on the education part.
09:20 Because the systems have been designed,
09:23 there's procedures for how you do transactions,
09:26 you must protect your PIN, don't give your PIN to people.
09:29 But you find that someone who can call an individual,
09:34 give them some storyline, somehow they get lost in the story
09:37 and they hand over the PIN, then the person is gone.
09:40 Or in some cases, you know, some of the service providers,
09:44 they can send you a prompt for you to accept by entering your PIN.
09:51 They call the people, give them some storyline,
09:53 "Oh, we are authorizing this, just check this and then please enter our PIN,
09:58 we are fixing this problem," something like this, they give you a story,
10:01 and then you release your PIN.
10:02 So there's the human side of it, and we call it social engineering.
10:05 So basically they are playing on your helpfulness
10:12 or you want to help somebody out, and then they trick you.
10:16 So it's not so much that it's a system issue,
10:19 but it's more on how we are using it as users.
10:22 But as an authority, we work with the service providers a lot,
10:26 where we see there are any system or technical issues,
10:29 they look into it, but we need to be focusing on ourselves as the users.
10:34 But as an authority, you're not clothed with any powers
10:37 to be able to make sure that these telcos
10:40 and anyone that falls victim to this or whatever it is
10:44 that can be done to prevent it in the first place.
10:46 There's nothing like that.
10:47 Well, we actually have some control in the sense that
10:52 that service area, because it's so critical to digital,
10:55 falls under what we call critical information infrastructure.
10:59 So that big term, or we call it CIF for short,
11:03 basically just means that there are infrastructures within the ecosystem
11:08 that are deemed critical to the functioning of the country.
11:11 So either if there's an outage to those systems,
11:14 there might be a national security issue,
11:17 or it might impact socioeconomic status of the country.
11:21 So the MOMO system or the ICT infrastructure
11:25 falls under one of those categories.
11:27 So we have a team that's focused on protection of those infrastructures.
11:32 So they do that by issuing directives,
11:35 conducting audits, checking for compliance to best practices.
11:39 So if you say you're offering a MOMO service,
11:41 OK, there are best practices for building such a system.
11:44 There are best practices for, let's say, validating your users.
11:47 We do all, we look into all that together with people like the NCA
11:51 that directly after the sector.
11:52 So we do have some control.
11:54 Well, we have a number of audience questions that we'll be getting into.
11:56 I see that Yao is whispering about us going into the audience questions,
12:00 but there's this one that I'm hoping that we could get some clarity to
12:03 before we get into the questions.
12:05 The issue about the new initiative to register,
12:08 Lionsense and Accredit, cybersecurity service providers.
12:11 What does it really mean to achieve?
12:13 All right. So we've just been talking about how important
12:18 communication infrastructure is to us or other critical infrastructure.
12:22 Now, cybersecurity is important in that space
12:27 because if you have a service provider that's doing some work in that space,
12:33 they're touching very sensitive systems.
12:35 A lot of the work they are going to do is very intrusive.
12:37 So let's say you hire someone to come and look at your network
12:41 and put in certain infrastructure to protect it.
12:44 Necessarily, he must get into your network,
12:47 know where all your devices are connected,
12:50 and then now recommend a solution.
12:52 Now imagine that that person is not very principled.
12:55 He comes and he knows that, oh, Joy FM, they have this type of equipment.
12:59 This is the version, it's from this vendor.
13:01 And he goes back to go and check, okay, this is a weakness,
13:03 this is a weakness, and then this guy wakes up.
13:05 Your network is down.
13:07 So what we are trying to do there, the law act tells us that we need
13:12 to make sure we are licensing the service provider in that space
13:15 to make sure that they are using best practice standards.
13:18 We are finding out, we are doing background checks.
13:20 So if company X says, "I'm a cybersecurity service provider,"
13:23 we know who the owners are, we know their registration status,
13:27 they've complied with things like data protection,
13:30 they are engineers or they are staff, accredited professionals,
13:34 background check has been done,
13:35 so that you are essentially sanitizing the space,
13:38 you know who is operating there.
13:40 Similar thing applies to the professionals themselves.
13:42 So even if I work for myself,
13:46 but I do this kind of cybersecurity stuff, I need to be accredited.
13:50 That accreditation also goes through a rigorous process.
13:53 We check your credentials.
13:54 If you say you can do something like what we call vulnerability assessment.
13:59 So I want to check what weaknesses you have in your network.
14:01 I should go to validate that you actually have the skills,
14:04 do the right job, you have the right certifications,
14:06 you are going to follow the right standards.
14:08 And when you do it, you also protect information.
14:10 You're not finished the work at Joy FM and go and sell it
14:13 to someone in Russia next week.
14:16 So that's the purpose behind that whole exercise.
14:19 But have we had them at least, those service providers complying?
14:23 Oh yes.
14:23 We've had a number of them registering so far?
14:26 We've got a number going.
14:27 We are actually in the process of issuing the accreditation.
14:31 Right now it's provisional, but after a certain period,
14:35 a grace period, they will be fully,
14:37 they will have the full licensing or the full accreditation,
14:40 depending on which category they are in.
14:42 Okay.
14:42 Let's get into the first batch of questions.
14:44 And now let's not leave our audience out.
14:46 If you're ready, let's go.
14:48 So we have the first one from Abna.
14:49 How does the CSA go about its work in identifying cybersecurity threat trends?
14:53 He says.
14:54 And Xavier says, what are the top incidents
14:56 that the point of contact handles?
14:59 And Hashmin says, what are the top prevalent forms of cyber fraud?
15:05 Teria says, how can people identify that they are about to fall victim
15:08 to the more prevalent forms of cyber fraud and how they can respond to them?
15:13 Okay.
15:14 So that's the first batch.
15:15 I would now take some responses, Mr. Seshi, on this.
15:19 So you were talking about point of contacts earlier.
15:22 So Xavier wants to know what the top incidents are that they've handled.
15:26 And then maybe we can add it to Abna's question,
15:28 how the CSA goes about its work in identifying cybersecurity trends.
15:32 Right.
15:33 So it starts with the POC.
15:35 Like I mentioned earlier, it's mandated by the Act.
15:38 And it's run by a team called the Computer Emergency Response Team,
15:42 which I lead.
15:43 And the Act tells us or mandates that we should provide a means for the public
15:50 to be able to report incidents to us.
15:53 So those channels I mentioned, the phone, SMS, both of them are 292.
15:57 If you call 292 from any network, you will be able to reach us.
16:00 Yes.
16:01 Or you can WhatsApp us on 050-160-331.
16:07 Or you send an email to report@csa.gov.gh.
16:10 So those channels are like funnels to us.
16:14 So once people call us, we take down very detailed information
16:19 about each case that they are reporting.
16:21 As the period goes on, we've been building a database of cases,
16:27 how the malicious actors are operating,
16:30 or what we like to call modus operandi.
16:32 That's how we get the data we are about to share.
16:35 So the top incidents so far.
16:38 So I have them categorized in five.
16:41 So these five account for about 90% of all the cases we record.
16:47 The top of that list is online fraud.
16:50 Online fraud has subcategories.
16:52 So we can talk about shopping scams, job scams, romance scams,
16:57 investment fraud, advance fee fraud.
16:59 There are different types.
17:00 If you want, we can break them down a bit.
17:03 Yes, let's talk about your favorite more.
17:05 Online shopping scams are, the commonest example is,
17:10 you see something on Instagram.
17:13 It tells you I'm selling, my favorite is Crocs.
17:16 We are selling Crocs.
17:18 They give you a very nice looking price.
17:21 Let's say it's 300 CDs.
17:23 It's a number there for you to pay,
17:25 and then they tell you, when you pay, we'll deliver.
17:28 You send them the 300 CDs,
17:31 and then after one, two hours, you want your Crocs,
17:34 it hasn't arrived, when you try to call the number back,
17:36 the 300 CDs is gone.
17:40 So in a case like this, if you see the beautiful Crocs
17:43 you want to buy, what then do you have to do
17:45 before you start the payment process?
17:47 So a few things you can do.
17:49 So because it's online, you can't see who is behind it.
17:51 You have to do what you call due diligence.
17:54 Because typically, if it was a physical shop,
17:56 you can walk.
17:58 Now, the bidding is now on you, the buyer,
18:03 to then be sure that that outlet is genuine.
18:08 So some of the things we recommend you can do
18:09 is you can pick the number they've got there.
18:12 You call, verify where they are, verify physical location,
18:16 and be sure you can actually, if possible,
18:19 check out that that physical location actually exists.
18:22 Now, most of them don't have physical location.
18:24 Most of these online shops, they are just online shops.
18:27 You say they are online.
18:28 Like the thing is, okay, assuming we bought a Crocs
18:31 and it's a stone, how would you return it?
18:35 So let's say a repeatable online shop would say,
18:40 okay, well, I don't have a display shop,
18:43 but if you need to interact with me, come to this address.
18:46 So that's what you are looking for.
18:49 The other things you can also do is,
18:50 on most of these online portals, you might see reviews.
18:54 Other users that have used that particular portal,
18:56 check, read through and see.
18:58 Are people complaining that they didn't get the items?
19:01 When you see something like that,
19:03 it becomes a warning flag to use, a red flag that potentially
19:06 this shop you are looking at may not be notified.
19:10 So those are some of the simple things you can do too.
19:12 Okay. So you talk about shopping, online shopping,
19:15 where we have top incidents.
19:17 Which other ones were we going to talk about?
19:18 Job scams.
19:19 Okay.
19:20 You know, a lot of our colleagues or brothers, cousins,
19:24 some are out of school, looking for jobs.
19:26 So you have people that will go around and craft something.
19:29 Typically, they would impersonate someone important.
19:32 It could be a government official,
19:33 it could be an agency,
19:35 "Oh, these jobs, please apply."
19:39 But the catch usually is, they'll tell you,
19:41 "Pay us X amount to give you protocol attention
19:44 or to get the form."
19:46 But you pay and that's it, they are gone.
19:49 So they play on your vulnerability that you need a job.
19:54 They take money off you and then they run off.
19:57 Advanced fee fraud comes in where people would say,
20:01 "Okay, we need to deliver, for example,
20:03 we are delivering something to you,
20:05 but you need to pay us first for it to be delivered."
20:09 So there's one scenario which has happened a few times.
20:14 So someone makes a friend online,
20:18 seems to be going well,
20:19 and the person says, "Oh, I have some iPhones
20:21 I want to send to you, but they are a lot.
20:24 I can give you some to sell.
20:26 So I'll package it and send it to you in Ghana."
20:31 Okay, then a few days later,
20:32 "Yeah, I've sent 10 iPhones.
20:36 They've arrived at, let's say, DHL.
20:39 So please check it out."
20:41 So when you go to DHL, they want to go,
20:43 they say, "Ah, the package you sent, there's money inside.
20:48 There's not supposed to be money inside
20:49 because apparently you cannot put money in such packages."
20:52 So they pin you and say, "Actually, you need to pay
20:57 some money so that that is not taken against you."
21:00 So they take money from you for that.
21:02 They also tell you, "Oh, in terms of the delivery,
21:05 you need to pay this and that as well."
21:07 So they just find a way to pick money from you,
21:09 but whatever you are looking for,
21:11 you actually never get it.
21:12 - These are very intelligent people.
21:13 - Yeah.
21:14 - Are they always a step ahead of us
21:16 or we have them under control, you would say?
21:19 - Well, it's up to us as the users.
21:21 If they engage you and you allow them,
21:24 you are likely to fall victim.
21:25 So some of these tips we are giving us
21:29 is for you to be aware, pay attention
21:32 when someone calls you, especially people you don't know,
21:33 people you just met online.
21:35 You don't know the person physically.
21:37 You have to be careful when they are giving you stories
21:39 about delivering you something or sending you this
21:41 or help me to pay for this or that.
21:43 You have to be really careful.
21:45 - Interesting.
21:47 Well, let's talk about the top prevalent forms
21:48 of cyber fraud.
21:49 I think that's what we've been touching on as well, Hashim.
21:52 And then how can people identify
21:54 that they are about to fall victim
21:55 to the more prevalent forms of cyber fraud?
21:58 I think you've been speaking about it.
22:00 And then regarding businesses,
22:01 what are some of the cyber issues businesses experience
22:04 and how they can handle them?
22:05 I think that's in the second batch.
22:06 That's a loose answer.
22:07 Maybe we should take more from the second batch
22:09 then we can take responses.
22:11 So we go on to the next one.
22:13 Where do I go or who do I talk to
22:15 if I fall victim to cyber fraud?
22:18 Ase is asking, and why do we wait till October
22:20 to educate the public on cyber fraud?
22:22 Jennifer is asking.
22:24 And Lily says, what are the current top
22:26 cybersecurity threats or trends
22:28 that individuals and organizations should be aware of?
22:31 I think we've been giving you some.
22:32 Kekeli says, how can individuals protect themselves
22:36 from common cyber threats like phishing
22:39 and ransomware attacks?
22:41 Okay.
22:42 Which one shall we start with?
22:43 So we can start with Ousmane Sasson regarding businesses.
22:46 What are some of the cyber issues
22:47 some businesses experience and how they can handle them?
22:49 So businesses are not immune.
22:53 I think one of the common ones we are seeing now
22:55 is around impersonation.
22:56 So for example, MFR has a fashion design shop.
23:02 You've opened, you know you have your shop
23:05 and then you put an online segment on Instagram
23:09 so people can find you.
23:10 The next thing you know, someone else,
23:12 let's say it's called MFR Designs.
23:15 Few months later, you see someone else
23:16 has created MFR Designs.
23:18 Sometimes they even copy the same picture.
23:20 Same logo.
23:21 Everything put in there and they change the number.
23:23 So when someone searches for MFR Designs,
23:27 there's something we call a search engine optimization.
23:31 So basically you're able to design your site
23:34 in such a way that when you Google or you search for it,
23:37 it comes to the top.
23:38 So these guys are smart enough to manipulate those algorithms
23:41 and they should be on top of yours.
23:44 So your end user can tell.
23:47 So they call that number,
23:49 so yeah, I want to order a dress.
23:51 So nicely answer, issue an invoice.
23:54 When the person pays, they are gone.
23:57 Then your name is in disrepute
24:00 because they think you have scammed them.
24:02 Actually somebody has copied your brand
24:06 and it's impersonating you.
24:07 So that's one common thing we see.
24:10 And how to deal with it is basically
24:12 you need to monitor your presence online.
24:14 So long as you have presence online for your business,
24:17 you need to be monitoring it.
24:18 You need to intentionally check.
24:20 Someone using my name, someone using my logo,
24:23 if it's not that person, then you need to take action.
24:25 And if you see it on a site like Facebook or Instagram,
24:29 they have channels for reporting it.
24:31 If you're not sure what to do,
24:32 you can engage us, we can give you a guide.
24:35 - And that takes us to Asiye's question
24:37 about where to go and who to talk to
24:39 if you feel that you're falling victim to cyber fraud.
24:41 - Our POC contacts, 292,
24:44 the WhatsApp line 050-160-331,
24:47 or email report@csgo.com.
24:49 - In the event that maybe they took my phone at a time
24:52 and I'm not able to reach you via WhatsApp, 292--
24:55 - Have someone else call on your behalf,
24:58 we'll speak to you.
24:59 - What will happen?
24:59 What would be the process that I'll go through
25:01 once I call?
25:01 - So typically we'll take your name, your details,
25:05 where are you, then we take specifics about the case.
25:07 When did it happen?
25:08 What exactly happened?
25:09 Who did you engage with?
25:11 If you have evidence, perfect.
25:12 Hopefully you have noticed the phone.
25:13 So we might want to take evidence
25:15 of the conversations you've had,
25:18 screenshots of any evidence you might have
25:21 of what I have experienced.
25:23 Then we analyze it.
25:24 If we find, once we put that together,
25:27 we have in-house what we call
25:29 a law enforcement liaison unit,
25:32 like to call it.
25:34 These guys are investigators.
25:36 So once we determine it's a case
25:38 that needs to be investigated,
25:40 this set of evidence will go to them
25:42 to analyze and look at it.
25:44 And then where necessary,
25:45 maybe engage the external bodies
25:49 that have arrest powers,
25:50 like the police or CID, IOKO,
25:53 all those people.
25:53 Work with them and then eventually
25:55 you might get redress.
25:56 I need to caution though that
25:58 we can't chase every 100 CD case, for example,
26:01 just to set the expectation.
26:03 But then that's how the process typically works.
26:05 - Have we had any arrests over the period
26:08 through these reports and investigations
26:10 that has been done by the authorities?
26:12 - A second point, a major one.
26:14 I'm sure you'd have seen the release
26:16 where we arrested about 400 suspects
26:19 that were involved in what we call cyberbullying.
26:20 So these guys were running a scheme
26:23 around loan applications.
26:27 So when you go to the play store,
26:28 they advertise the loans.
26:30 Okay, install this application,
26:32 give you small, small loans.
26:35 So I need 300, I need 1,000 CDs.
26:37 All looking fine and good.
26:40 But when you are registering,
26:41 they take a lot of your personal details.
26:43 They take your Ghana card,
26:44 they've taken all your personal information.
26:48 But then they tell you,
26:49 "Okay, fine, you can pay this back
26:50 "in less than a month or three months."
26:52 But usually in seven days,
26:54 someone calls you and tells you,
26:55 "MFR, you owe us."
26:57 And then all of a sudden the interest is very high.
26:59 So let's say you borrowed 200 CDs.
27:02 Call MFR, you owe us, let's say 350 CDs.
27:07 You need to pay up in seven days
27:10 or we are going to plaster your face
27:11 on social media as a thief,
27:13 you've stolen our money.
27:15 So they were going around threatening.
27:16 So many people failed.
27:18 We recorded well over 270 such reports to us.
27:22 So what then kicked in was,
27:25 because if you are doing anything financial,
27:28 it has to do with the BOG, right?
27:30 BOG released a letter that said,
27:31 "Look, we have not licensed anybody to do this."
27:35 Between us, BOG, and Yoko, and even the NCA,
27:39 we formed a task force.
27:41 And that culminated in that arrest.
27:43 400 suspects, and we even had about,
27:46 if I'm not mistaken, there were a handful of foreigners
27:48 that were also behind it.
27:50 That's the clearest example of us tackling cybercrime
27:55 and being successful at it.
27:57 - I know some people, at least some in the newsroom,
27:59 I won't expose them,
28:00 but it appears that they always get those kind of messages,
28:05 at least the ones that you describe as efficient,
28:09 you do this and you win this,
28:11 send to 100 people or send to these people,
28:14 and then you get it.
28:15 How does people like that become targets?
28:18 How is it that you would just be there
28:20 and you get those messages and you're asked to share?
28:24 Sometimes even emails now, you get it.
28:27 What do you do before you get it?
28:29 Is it that the assessment size that you visit?
28:32 What exactly makes you susceptible to these people?
28:36 - Well, there are a number of factors.
28:39 Definitely one of the things is the sites you visit.
28:41 And if you visit sites that are not so reputable
28:45 and you are leaving your personal information
28:46 or personal details there,
28:48 that's how some of these messages may come through.
28:51 You definitely need to be careful
28:53 the kind of sites you visit.
28:54 Popular thing is a lot of people are into betting
28:59 and stuff like this.
29:00 The sad truth is not all those betting companies
29:04 are run by reputable companies.
29:08 They are one of those,
29:09 and they happen to be feeding your data
29:11 to their brothers that are running rackets.
29:14 - They say they are not betting, they are investing.
29:16 - Investing.
29:17 - Yes, they say they are investing.
29:18 - So you need to be careful who your investment broker is.
29:21 - Okay.
29:22 - That's one thing.
29:23 And some of these things, when they come on your phone,
29:27 they are offers, and so fill this form out,
29:29 fill this form out.
29:30 Actually, you're actually handing them your data.
29:33 This loan app thing I spoke about, for instance.
29:36 For the most part, what they were doing,
29:38 they're actually sucking data off even the handsets
29:41 that were there.
29:42 So what would happen is they actually would be able
29:44 to pull up all the contacts on your phone
29:47 and send messages to them.
29:49 That's how they even try to shame you.
29:51 And then they can follow up and then target those people
29:54 because they have their numbers.
29:55 You can send them such strange, strange messages as well.
29:59 If you are fortunate enough to select them
30:01 and you are part of the pool, they'll keep.
30:03 - Well, I'm one of those who always wonder,
30:05 for mobile fraud, for instance,
30:06 you have them call you randomly
30:08 and you wonder how they got your number.
30:11 And it's like every time you load up money
30:13 or there's money that comes on your phone,
30:15 that's when you start getting these calls.
30:17 Is there a way they know?
30:19 How are you protecting us as consumers, you'd say?
30:23 - Well, the protection mechanisms technically
30:27 can only work to a limit.
30:29 - Okay.
30:30 - And unfortunately, you might have
30:31 what we call insider threats.
30:35 People that may be part of the ecosystem for the top apps
30:38 that are not so reputable.
30:41 So maybe you bought your last credit at your corner shop.
30:46 You may have taken your number.
30:48 Actually works with these people.
30:49 So they hand your number over.
30:51 So the next time you want to answer top app, they know.
30:54 That's one.
30:55 So what we can, we always come back to the bit
30:59 about your due diligence and being alert.
31:01 You, the user, must be the one in control.
31:03 Technical controls only work to a certain point.
31:06 Technology in itself is not evil,
31:08 but it's the users that are making it evil.
31:11 So you have to be alert.
31:12 - So that's for mobile money, at least.
31:14 If you're using mobile money, you have to be alert.
31:16 But Jennifer wonders why we wait till October
31:18 to educate the public on cyber fraud.
31:20 I guess it's not just October.
31:21 - It's not October.
31:22 Actually, one of the key things we do with the data
31:25 we gather at the PUC is actually release alerts.
31:28 So if you go to our website
31:30 and if you monitor our social media channels,
31:32 you see alerts.
31:33 At the minimum, there'll be one a month.
31:36 And how do we do that?
31:37 We analyze the cases we've got for the period
31:39 and we say, "Okay, well, this month,
31:41 "it is impersonation of government figures."
31:44 Write you a short alert, usually one-pager,
31:48 to describe what the issue is,
31:50 to tell you how the fraud or what the right is
31:54 or the issue is perpetrated.
31:56 And then we'll give you recommendations at the end.
31:59 So if you go to our site, you see all of them.
32:01 So it's not only October.
32:02 October just happens to be when we want to
32:05 put the limelight on cyber security.
32:07 Yes, that's it.
32:08 - And that's why Yao was asking me to ask you,
32:10 why October?
32:11 Why is the awareness in October in particular?
32:14 - I think it's an international convention
32:16 that was selected around the world.
32:18 We are not the only one celebrating.
32:19 There are several countries also doing the same.
32:21 So we sort of, once we decided we want to make awareness
32:25 part of our strategy, we also started.
32:27 - Okay.
32:28 So I'm sure you touched on Lily's question,
32:30 the current of cyber security threats or trends.
32:32 We've been talking about online fraud.
32:34 We'll talk about pornography and then also the cyber bullying
32:37 that you've been talking about.
32:38 But Kelly was also asking how individuals
32:40 can protect themselves.
32:42 You've been talking about it from phishing and ransomware.
32:44 But we'll go into the next part.
32:46 I see John's question, what are some of the best practices
32:49 for securing personal devices and accounts
32:53 against cyber threats?
32:54 That's John's question.
32:55 Solomon says, what steps can organizations take
32:57 to strengthen their cyber security posture
33:01 and protect sensitive data?
33:03 And that's Solomon's question.
33:05 And then we have one from Xavier.
33:06 How important is cyber security awareness training
33:10 for employees within an organization?
33:12 Jojo says, what are the key elements
33:15 of a strong cyber security policy
33:17 for businesses and individuals alike?
33:21 And then the last one for this match,
33:23 Kweku says, how can individuals and businesses
33:25 stay updated on the latest cyber security news
33:28 and developments?
33:30 So practices securing personal devices and accounts
33:33 against cyber threats.
33:34 - All right, so let's start with the simple ones,
33:37 your passwords.
33:38 So you might be surprised, in this day and age,
33:42 people still use password as their password.
33:44 (laughing)
33:45 So you want to start with--
33:48 - Maybe they just capitalize the P and then--
33:50 - They capitalize the P, you can change one at.
33:52 But we have very advanced computers now
33:55 that can crack simple passwords in seconds, in minutes.
33:59 So starting from there is to make sure
34:02 you're setting fairly long passwords,
34:05 nothing less than 12 characters at least.
34:07 Make sure of uppercase characters, numbers,
34:12 special characters.
34:13 - And I'll forget.
34:14 - Well, there are tools to help you.
34:16 We have what we call password managers.
34:18 So a password manager is like,
34:20 you can think of it as your wallet or your purse
34:22 with a padlock on it.
34:24 So anytime you create a password,
34:27 you store it in there.
34:28 And that wallet or manager--
34:32 - That can be cracked.
34:33 - You should have one after password.
34:36 You need to remember just that one.
34:38 So you can sit down and craft one very good password
34:43 and use that to manage your password manager.
34:46 But anything else in other services--
34:47 - Password manager, is it an app or something like that?
34:50 - It's an app, so you can get it on your phone,
34:51 you can get it on your browser
34:53 or as a separate app on your laptop.
34:55 So with that, any site you need to create,
34:58 whether it's your Gmail or your Instagram account,
35:00 when you create any account,
35:02 make sure you store the credentials
35:04 in that password manager.
35:06 Make sure that one is maintained.
35:08 - Not write it in your diary.
35:09 - Don't.
35:10 - The diary you have, people just write.
35:11 - Don't stick it to your--
35:13 - To the diary.
35:14 But how about people like Raymond Nakua
35:16 who uses one password for everything?
35:19 It's a huge risk.
35:21 It's a huge risk.
35:22 So assuming one of the sites you are using is compromised,
35:27 you have what you call password spraying.
35:30 The criminal says, "Well, we've compromised,
35:35 "let's say, xyz.com.
35:38 "We've stolen all the user data there."
35:40 Okay, well, we saw Raymond Nakua in there.
35:44 This is his password.
35:45 Now they'll throw it at any other service
35:48 that is out there.
35:49 They'll take the user name and pass it right out there.
35:51 So God forbid they hit some service
35:53 where you have used that.
35:55 If it's your email, they're in.
35:56 If it's your--
35:58 - Your bank app and everything.
36:00 - So it's not advisable.
36:02 We understand that it's difficult
36:04 to remember several passwords.
36:05 That's where the password manager would help you.
36:07 In fact, the password manager,
36:08 most of them would have a password generation feature.
36:12 They'll be able to generate complex passwords for you.
36:14 And because you don't need to remember, it's fine.
36:16 You copy it, you paste, account is created,
36:18 it is stored there, you are done.
36:19 You don't need to remember xyz, funny characters.
36:23 The password manager is doing that for you.
36:26 - Well, that's interesting.
36:27 But the steps organizations can take
36:30 to strengthen their cybersecurity posture
36:31 and protect sensitive data
36:33 is what Solomon is also asking.
36:35 I'm sure you've been touching on it.
36:35 - I think I should add a few more on the device protection.
36:39 So aside the passwords also,
36:40 not all of us protect our devices
36:46 as well as we do our laptops.
36:48 Let me ask, do you have antivirals on your phone?
36:50 - On my phone?
36:52 Do I need antivirals on my phone?
36:54 - Your cell phone is, right?
36:56 - Yes.
36:57 - How different is it from the browser in you?
37:01 - Because this is a, okay, that's interesting.
37:04 No, I've never thought about it.
37:07 So you need antivirals on your phone.
37:09 It's an iPhone, I thought iPhone,
37:10 nothing can happen to it.
37:11 - I think it's breakable.
37:14 If they breach, most of your iPhones
37:16 are linked to your online accounts, right?
37:18 So imagine you download something that breaches your phone.
37:23 You have access to every account,
37:25 everything you do online.
37:27 So you should consider it.
37:29 So most of us, and they're not that expensive.
37:32 I like to copy one of the examples my boss uses.
37:35 You ask the ladies, how much did you spend on your hair?
37:38 - Actually, I don't spend any money.
37:40 - You don't spend any, you're a natural.
37:42 - Yes, I'm free.
37:43 - People think you do a--
37:45 - Barbering.
37:46 - No braids, right?
37:48 Certainly in the 200s or 300s, that they go, right?
37:52 In a year, you can spend barely 50 CEDs on antivirus.
37:55 - 50 CEDs.
37:57 Well, I thought it was more expensive than that.
37:59 Okay.
38:00 - You have full protection to scan anything,
38:02 to even warn you if you are getting on the site
38:03 that it's malicious.
38:04 I think that's a key thing as users we need to adopt
38:08 to protect our devices.
38:09 Other basic hygiene things is definitely be careful
38:13 what sites you are visiting, right?
38:15 If you are dabbling in malicious sites, granted you,
38:21 so you have to watch your habits online.
38:24 That's one way to protect your devices as well.
38:27 And your, the software on the devices.
38:31 They send updates from time to time.
38:33 Some of us see this, ah, this thing is going to
38:35 chew my data.
38:37 - Yes.
38:39 (laughing)
38:40 - Why they send us updates are because they've discovered
38:43 that, oh, this piece of software, it's a vulnerability.
38:48 Nobody can use it to compromise a device.
38:50 So they sent an update.
38:51 So you reject it.
38:53 Like leaving your door and the keys,
38:56 you left the key inside.
38:57 So when it comes open, no comment.
38:58 So updates are crucial for your operating systems,
39:02 for the applications that you install.
39:04 I'm sure some of you might wake up some days
39:07 and you see that the line up, 15 applications,
39:10 update all of them.
39:12 The same as data, but it's your safety.
39:17 So let's not be cancelling them.
39:18 They are crucial.
39:19 And the same translates to devices, laptops.
39:24 So from there I can transition to the question
39:26 around the office.
39:27 The devices we are using in the office
39:29 need to be kept up to date.
39:31 So if your staff are using machines
39:34 that are not running antivirus, you're asking for trouble.
39:38 If you are using online systems software,
39:40 those of us that like to go and take pirated copies of Office
39:44 and be using, you're asking for trouble.
39:48 Those are things.
39:49 So in an organisation as well, you
39:51 may have public-facing services.
39:55 You may have a website.
39:56 You may have other web applications
39:58 that your customers use.
40:00 The underlying infrastructure, the service operating system,
40:04 whatever software you are using to offer the service,
40:07 you need to make sure they are all up to date.
40:08 It's the same philosophy.
40:09 If there's a vulnerability in there,
40:11 you've not dealt with it, you are exposed.
40:14 So as an organisation, you need to have policies,
40:18 procedures for doing this.
40:20 So you might need to have a policy that says, well,
40:23 every week we are running a check.
40:26 Your vendor will probably be releasing patches and updates.
40:29 You need to have a process that says, well,
40:31 maybe every last Thursday of the month,
40:35 we can show that all the patches that need to install
40:38 have been done.
40:39 I mean, we understand that doing that,
40:41 there's likely to be downtime.
40:42 That's what people fear.
40:43 They won't do, oh, disrupt my service,
40:45 my website will go down.
40:46 But you need to be able to plan it out.
40:49 Maybe you need to do it at 3 AM when MFIs are asleep.
40:53 So those are best practices.
40:55 Well, I must say that, to save your question,
40:58 the cybersecurity awareness training for employees
41:00 within an organisation, they do it a lot here at Multimedia.
41:03 Sometimes you don't want to join the Zoom
41:06 when they are doing the training and all that.
41:08 But I think you need to highlight why it's important
41:11 that these awareness and training is done by organisations.
41:15 So earlier I mentioned that technology in itself
41:20 is not really evil, it's the users that are behind it.
41:24 In any system, usually we'll talk about people,
41:26 processes and the technology.
41:28 Let's say your technology is fine.
41:30 You can't tell your processes are fine.
41:32 But if your people are doing the wrong things,
41:36 the whole set is useless.
41:37 Something will go wrong, something bad will happen.
41:40 So the thing about human beings is,
41:43 you tell them one, a week later they forgot.
41:46 We need to keep reminding them.
41:50 Aside that, the IT space evolves very quickly.
41:55 There are new services, there are new features,
41:57 there are new applications.
41:59 And it's not all the time you can really understand
42:01 whether this is good to do or this is not good to do.
42:04 We need to refresh, OK, what's new out there
42:07 that potentially could harm my users or harm my staff?
42:12 And you use these sessions to do that.
42:14 That's why it's important.
42:16 Keep hammering home the best practices.
42:18 We've been talking about passwords for years,
42:20 but people are still making the same mistakes.
42:23 Update your antivirus.
42:25 Sounds very nice in the ears, but people don't do it.
42:29 So you have to keep doing it.
42:30 Sometimes in organisations, you may even have to run tests.
42:36 So let's take the phishing, we mentioned it.
42:38 So phishing, someone sends you an email
42:41 pretending to be someone else.
42:43 They are usually malicious links, you click on it,
42:44 you get infected with something.
42:47 - Whole system. - Like that.
42:48 OK, how would someone recognise a phishing email?
42:52 You have to show them some characteristics to look for.
42:54 - What should I look for? - OK, so...
42:57 Some of the simple ones is you need to...
42:59 So someone says, "I'm sending an email from Microsoft."
43:03 Check the spelling of the Microsoft, the domain.
43:06 Maybe they left out an O or they made a double T.
43:10 So...
43:11 But then in the title, the message title,
43:12 they say, "This is an email from Microsoft."
43:15 You need to check the email.
43:16 Sometimes they can even manage to mask the actual email address.
43:21 So you need to go and put your cursor there
43:23 and see what actually comes out.
43:24 You may find it is actually some gibberish at some site in China or North Korea.
43:32 So how would people know this if you don't run those?
43:37 That's when you can...
43:38 So in some organisations, you take it a step further.
43:42 After doing the training, next time it's a simulation.
43:45 We'll send a dummy email and see how many people click it.
43:50 So then you test.
43:51 So people will know that, "Hmm, I need to be alert."
43:54 It's not, "Let's join the thing."
43:58 We join it and then we go and sit somewhere and all this.
44:01 We test it.
44:02 Some organisations, if they find that you're actually not paying attention,
44:05 it can be an issue.
44:06 So you need to make sure people pay attention.
44:08 Yeah.
44:09 Well, I think Chuchu's questions should have been answered.
44:12 It's the key element of a strong cybersecurity policy
44:15 for businesses and individuals alike.
44:18 You want to add more because I think you've basically touched on it.
44:21 And then Kwaku also says,
44:23 "How can individuals and businesses stay updated
44:25 on the latest cybersecurity news and developments?"
44:28 OK.
44:29 For sure, you can keep an eye on our website and social media handles
44:32 because we'll be releasing alerts and advices.
44:35 We'll release technical advice.
44:36 So sometimes when we see something that is quite urgent
44:41 in terms of what might impact businesses.
44:43 So we know people use web servers, they use maybe Office.
44:47 Sometimes we pick up from our threat intelligence activities
44:50 that, "Oh, this specific vulnerability now exists.
44:54 You need to patch it now."
44:56 We'll release an advice, we'll put it out there.
44:58 So if you monitor as you see it.
44:59 As an IT professional,
45:02 you may also want to subscribe to other external feeds as well.
45:06 OK.
45:07 That will also help you to keep up to date.
45:08 Well, we'll do another batch at this point.
45:12 I think I see Lauwe's question.
45:13 "Are there specific tools or resources you recommend
45:16 for enhancing cybersecurity awareness and protection?"
45:20 And also, Malcomo says,
45:22 "What role does encryption play in safeguarding sensitive information online?"
45:27 And then this one from Nixon,
45:29 "How can individuals and organisations
45:31 respond effectively to a cyber incident or breach?"
45:34 I'm sure Nixon is looking for free consultancy at this point.
45:39 So let's start from Nixon's question.
45:41 "Individuals and organisations responding effectively
45:44 to a cyber incident or breach?"
45:46 OK, all right.
45:47 So, responding to an incident starts from your preparation for it.
45:52 And that preparation includes some of the stuff we've touched on.
45:55 So, for example,
45:56 you have policies around how you manage your software,
46:01 the versions, your updates.
46:03 You have policies around how users are even onboarded into your organisation.
46:09 So some organisations exist where,
46:11 if we hire you, just walk in,
46:14 then we give you a machine.
46:16 Nobody actually would register you in a system.
46:20 You came in this date, these are your details,
46:23 this is the machine you've been assigned,
46:24 it is properly logged into a system that actually has your credentials.
46:28 It's left...
46:30 If something happens, if, let's say, my system here
46:33 is not registered in my name properly,
46:35 something infects it,
46:37 IT people have no way of knowing the source of where the breach is happening.
46:43 I think I must commend our IT team here at Multimedia.
46:45 They do that very sharp.
46:48 Those are some of the preparatory steps.
46:50 You've got your antiviruses in place,
46:52 you've got such policies running.
46:54 Now, another thing you need to top it up is what we call an incident response plan.
46:57 Now, that plan simply says,
46:59 "OK, if XYZ happens, let's say we have a...
47:06 mission attack,
47:07 what are we supposed to do to respond to it?"
47:09 So that document is, "OK, well, step one, do A.
47:12 Step two, do this. Step three, do that."
47:14 So you sort of need to think through it,
47:17 but you don't need to create everything new.
47:19 There are good resources out there.
47:21 Most of the vendors have it.
47:23 But the better part of it is to customise it to your environment.
47:26 What happens in JFM and news organisations
47:28 may not be the same as a bank or a savings and loans company.
47:32 So you need to look at it as, "Well, my business is savings and loans.
47:37 This is how my business operates.
47:39 Therefore, if this incident happens, these are the steps you need to take."
47:42 You may not have all the same people that will respond,
47:45 but you need to know who will respond and who will do what at what time.
47:50 And then you need to then go one more step.
47:53 You've got a plan for responding.
47:56 You need to test it.
47:57 We do what we call simulations or cyber exercises.
48:01 So we pretend that 2nd October, when we came to the office,
48:05 there was an email blast.
48:07 "We have a phishing attack. What do we do?"
48:09 So you sit your team down, "MFR, what will you do?"
48:14 I would call the helpdesk with this and that.
48:16 "Helpdesk, what will you do?"
48:18 We look at it. "It's coming from MFR.
48:20 We've got 20 other incidents. We'll call the IT."
48:23 You've drilled everybody to understand.
48:25 - Everybody is alert. - Yes.
48:27 - That's how... - You go about it.
48:29 OK, thanks. And you have it there.
48:30 "Encryption. The rule encryption plays in safeguarding sensitive information online."
48:35 Malcolm was asking.
48:36 All right, so encryption is a big word for just how you can hide the data
48:42 from people that are not authorised to see.
48:45 So there are various algorithms that do the job.
48:48 So we'll not go there.
48:50 But then in terms of...
48:52 If you classify anything as sensitive,
48:54 then definitely you need to consider encryption.
48:56 Encryption can be applied in different levels.
48:59 You can look at it in terms of data that you are keeping,
49:01 let's say, just on your hard drive.
49:03 Let's say it's at rest.
49:04 The data is not moving anywhere.
49:06 But you need to encrypt it so that if somehow that drive gets in somebody's hands,
49:10 they can't see or read what it is.
49:13 You can then look at also in transmission.
49:16 So let's say you are using a website.
49:18 You want to send your payment card,
49:21 your credit card or your debit card information to pay for a service.
49:25 That data, your PIN, your CV at the back, is crucial information.
49:30 Someone has it, they'll shop in your name.
49:33 If you are shopping online,
49:34 that data must be able to reach your shopping outlet securely
49:38 for you to do your payment and close the transaction.
49:42 Now you need a means to protect that path, that virtual path.
49:47 So there's another level of encryption there that you need to be aware of.
49:51 So it's definitely important for using digital services safely.
49:57 Encryption is important.
49:58 My horizon has really been broadened this evening,
50:00 but there's one on revenge, pornography and the sharing of other explicit materials online.
50:06 We're told it's become a source of concern for many.
50:09 Is it on the radar of a cybersecurity authority?
50:11 -Nobuya wants to know. -Good.
50:13 The actual fact is in the law.
50:15 Section 66 and 67 speak specifically to exposing someone's intimate images
50:22 or videos without their consent.
50:23 And the punishment is quite hefty, a minimum of 10 years if you are convicted.
50:29 And we've actually seen some cases, I think the latest one is in June,
50:34 someone in the Volta region did that to his girlfriend.
50:37 He got 10 years for doing that.
50:40 So it's something we take seriously.
50:41 The law actually addresses it.
50:43 So if you happen to experience it, call the CSA immediately.
50:47 The law is there to back you up.
50:50 Well, piracy of other people's intellectual properties like music, movies, football matches,
50:55 and on their ascendancy also,
50:57 is it a phenomenon that cybersecurity authorities are actually paying attention to
51:01 and what are the measures to deal with them?
51:03 Well, this one is more on a content side.
51:06 It's really in our mandate to control.
51:09 So if it comes to attention, what we typically do is maybe engage a partner agency
51:13 that is in that space in terms of, let's say, intellectual property protection to handle it.
51:20 It's not something we would deal with directly, unless maybe it involves,
51:23 maybe the person may have breached a certain system to actually perpetrate it.
51:28 In that case, we'll do the case around what you've done wrong in breaching that system
51:33 to support the overall thing, but not the content.
51:36 It's not really our mandate to do so.
51:38 Well, do we have a crackdown on romance fraud?
51:42 Is it still there, really?
51:45 Maybe some of us are akin, we may not know,
51:47 but there's the concern that it's still thriving.
51:52 Do we have a hold on it?
51:54 Well, we can deal with what is reported to us.
51:59 So if you tell us, we'll know.
52:01 Are we still having people report it?
52:03 We get it. We get it from time to time.
52:05 I think in the past quarter, we have had three such reports at least.
52:09 So it's still out there.
52:12 But again, it's about being alert to the kind of signals
52:17 that would indicate that potentially you're in a frenzy.
52:22 So your typical romance fraud will start somebody out of the random,
52:28 pick you up on Facebook, and say, "Oh, hi, MFR.
52:31 "Like your pictures."
52:33 Give you nice compliments.
52:34 Come back a few days later, give you more compliments.
52:37 So basically, gradually, they're warming themselves up to you.
52:39 Then it becomes a conversation.
52:40 We are chatting, we are chatting, we are chatting, we are chatting.
52:43 And eventually, it's, "Okay, I like you.
52:47 "Can we start dating?"
52:50 So it's going on.
52:52 Then one day, they'll get up and say, "You know what?
52:54 "I have an emergency. My mum is sick."
52:56 She said, "Kaswa, can you send her some money to sort it out
52:59 "because I'm outside the country."
53:01 And because you've built some emotional attachment...
53:04 But there's money transfer from our reachers.
53:07 For some reason, his is not working.
53:09 MFR's new friend, who is kind-hearted, will send it for him.
53:15 The other thing you can feature is,
53:18 typically, people never want to meet physically.
53:21 Maybe you've been chatting for six months, nine months.
53:23 "Let's meet there."
53:25 A few minutes later, "I have an emergency. I'm sorry I can't make it."
53:28 So you never get to meet the person.
53:30 There's a photo online, all right.
53:32 But you've never physically met the person.
53:34 The thing is, how sure are you that that photo you see there is...
53:37 - Yeah, it's actually the person. - ...actually the person.
53:40 You don't know.
53:41 And if, God forbid, you make the mistake of giving them intimate pictures,
53:46 and you've opened a new door,
53:48 those extortions can also be used against you.
53:52 Well, we are wrapping up this.
53:53 I was hoping it wouldn't end, but we have to wrap it up.
53:57 So, Awareness Month, everything kick-starts tomorrow.
54:01 It's a whole month-long awareness creation.
54:05 Finally, what really would you want us to take away
54:08 as we start the Awareness Month,
54:11 ruling out all the things we need to know from tomorrow?
54:14 I think the key point I would like to stress is
54:19 cybersecurity is not something done by one agency alone.
54:23 The cybersecurity authority will not be able to solve all...
54:27 cannot single-handedly solve all cybersecurity issues.
54:31 It's a collaborative effort. It's a teamwork.
54:34 We work with other agents.
54:35 We actually need you, the public, to work with us.
54:40 So, aside the...
54:42 So, if you look at the awareness we are giving you,
54:44 it's to equip you to be better than you are now.
54:48 So, work with us to make Ghana a more secure
54:52 and resilient digital society.
54:54 Okay. Thank you very much, Mr. Steven Sese.
54:56 We are grateful.
54:57 And doors are always open to the cybersecurity authority.
55:01 292 is the number that you need to call,
55:04 and then also 050 160 3111.
55:09 Anytime you feel that you're under a cybersecurity attack,
55:12 there's also on their website...
55:15 I was going to say myjoyonline.com on their website.
55:17 CSC.gov.gh.
55:18 CSC.gov.gh.
55:20 You can also send them a message.
55:21 Mr. Sese, thank you, and we wish you all the best.
55:24 Thank you so much for joining us.
55:26 I'll be away for some time,
55:28 and we'll still take care of you here on the probe.
55:31 I am Mehmet Fapao.
55:33 There's more when you log on to myjoyonline.com.
55:35 Radio audience, we have a walk with Jesus.
55:37 Right here, we'll have Familie Wah
55:40 bringing us a lot of show business.
55:43 You'll want to stay for that.
55:44 Thank you. Have a good evening.
55:46 (Music)
55:49 (upbeat music)
55:52 you

Recommended

11:47
I
Up next
Latest news bulletin | October 10th – Morning
euronews (in English)
1:41
Penrith Panthers continue celebrations with fans after fourth straight NRL Premiership
ABC NEWS (Australia)
2:43
Market power of retailers like Ikea, Bunnings and Petstock being scrutinised by Senate inquiry
ABC NEWS (Australia)
1:27
Hurricane Milton makes landfall in Florida as a Category 3 storm
euronews (in English)
1:19
Woman in critical condition after mauling by three dogs in Melbourne
ABC NEWS (Australia)
0:48
Panda Cubs at Berlin Zoo Open Their Eyes for the First Time!
Buzz60
0:50
Bear Hunt! Paddington statues pop up across 23 locations in the UK
euronews (in English)
0:59
Many Americans Are Not Honest About Their True "Body Count"
Buzz60
18:44
Hassan Ayariga's Third Attempt at the Presidency: What's New? - The Big Agenda on Adom TV (13-3-24)
The Multimedia group
0:58
Weird But Well-Paying Jobs That No One Knows About
Buzz60
1:06:53
The Art of Love Making - Odo Ahomaso on Adom TV (12-3-22)
The Multimedia group
11:24
Nsoroma Herbal Clinic- Badwam Afisem on Adom TV (7-01-22)
The Multimedia group
31:55
Adom TV News (13-3-24)
The Multimedia group
18:59
Electricity Supply Cuts: Can 91 hospitals pencilled by ECG for exercise be saved last-minute? - The Big Agenda on Adom TV (13-3-24)
The Multimedia group
22:08
The Great Queens
The Multimedia group
30:18
Adom TV News (11-3-24)
The Multimedia group
28:13
The Great Queens Chat Room on Adom TV (11-3-24)
The Multimedia group
20:12
Chaos in Parliament: Was majority leader justified in Naana Agyemang critique that caused furore? - The Big Agenda on Adom TV (11-3-24)
The Multimedia group
46:07
Obra on Adom TV (11-3-24)
The Multimedia group
46:53
Adom TV News (9-3-24)
The Multimedia group
1:36:44
Nnawotwi Yi on Adom TV (9-3-24)
The Multimedia group
34:08
Adom TV News (8-3-24)
The Multimedia group
36:31
Otan Nni Aduro Chatroom on Adom TV (8-3-24)
The Multimedia group
46:14
Obra on Adom TV (8-3-24)
The Multimedia group
28:26
Adom TV News (7-3-24)
The Multimedia group