Having been listed as one of Forbes 100 Most Influential Young Africans 2018, Obinwanne Okeke (Invictus Obi) is a celebrated entrepreneur in Nigeria. Only for the news to break out that he has been arrested by the Federal Bureau of Investigation (FBI) for defrauding Unatrac Limited to the tune of $11 million.
If you convert that to Naira, at the rate of 360 Naira to a dollar, that’s over 4 billion Naira! The saddest thing about the whole situation is that the fraud happened under the nose of Unatrac Limited’s Chief Financial Officer (CFO).
15 illegal transactions within 8 days!
According to the affidavit released by Marshall Ward of FBI in supporting the arrest of Mr Obi, the illegal transactions were successful because the CFO fell for phishing. In case you are not aware, phishing is a hacking technique in which a hacker disguises as a staff of an account provider and persuades a targeted victim to click a link so as to resolve a problem with the account. The utmost aim is to steal the login details of the targeted victim.
Aside from falling for the phishing scam, it was also stated in the affidavit that Mr Obi and his accomplices changed the email settings of the CFO. Emails sent to the CFO from the members of the Finance Team were automatically marked as read and moved to a separate folder outside the inbox.
This means there was a slight change in the inbox settings of the CFO within the period; however, he didn’t notice. With all this information from the affidavit, it can be said that the CFO’s lack of cybersecurity knowledge cost his company millions of dollars.
If the CFO had been trained in cybersecurity, the situation might have been different. This is because, in cybersecurity classes, people are taught how to protect themselves from viruses, malware, phishing, and other online vices. If the CFO had attended a cybersecurity class, he would have known that the email sent to him was dubious.
He could have noticed the changes in his email inbox settings, too.
The lesson here for companies is that they should make cybersecurity training a must for their employees, both old and new. Besides, antivirus and antimalware should be installed on the companies’ servers, including the email servers.
Doing these would help prevent the case of identity theft and the stress of speaking to EFCC or FBI to help recoup your stolen money.