Photo by Christian Wiediger on Unsplash

By Arthur Moses Opio

Key Points

• App Fraud also known as bank transfer fraud involves tricking individuals or businesses into authorizing the transfer of funds from their bank accounts to fraudulent accounts.
• App Fraud typically involves impersonation, phishing, malware and hacking, Insider Fraud.
• APP fraud poses a significant threat in the digital age, exploiting vulnerabilities in technology and human behavior.

The ease of doing business has been made easy with technology. Today you no longer need to queue in the line to do a bank transaction. Banks have decided to use technology to bring convenience. Whatever is made convenient comes with challenges. 

Bank Fraud has been on the rise and reports are clearly there to show what's at stake. In an article posted on the Uganda Police Force website titled, "9 SUSPECTS INCLUDING TWO BANKERS CHARGED TO COURT WITH BANK FRAUDS, OF MONEY LAUNDERING AND CAUSING FINANCIAL LOSS".

The police spokes person SCP Enanga Fred said and I quote, "In coordination with the Investigations Department at Stanbic Bank, Uganda, has in custody 9 suspects who are scheduled to appear before the Anti-Corruption Division in Kololo, after they fraudulently accessed a client’s account, and made unauthorised transfers of funds, worth USD1.8M, into other bank accounts, established solely for the purpose of receiving the stolen funds"

Fraudulent access can happen at different levels, this can be within the bank or through the use of applications. 

So what is APP Fraud?

APP (Authorized Push Payment) fraud, also known as bank transfer fraud, is a type of cybercrime that has been on the rise in recent years. It involves tricking individuals or businesses into authorizing the transfer of funds from their bank accounts to fraudulent accounts. This form of fraud takes advantage of the speed and convenience of digital payments, often exploiting vulnerabilities in the payment systems or exploiting human vulnerabilities through social engineering tactics.

APP fraud typically involves sophisticated techniques and can be executed through various means. Common methods include:

1. Impersonation: Fraudsters may impersonate legitimate individuals or organizations, such as a bank representative, a supplier, or a trusted authority figure. They use various channels, including phone calls, emails, or text messages, to convince victims to transfer funds urgently, often citing emergency situations or urgent business needs.
2. Phishing: Fraudsters may send deceptive emails or messages that mimic legitimate organizations, tricking recipients into clicking on malicious links or providing personal information, including banking credentials. This information is then used to authorize fraudulent payments.
3. Malware and Hacking: Cybercriminals may exploit vulnerabilities in computer systems or infect devices with malware to gain unauthorized access to banking information. They can intercept payment requests or manipulate transactions to redirect funds to fraudulent accounts.
4. Insider Fraud: In some cases, APP fraud may involve collusion with individuals who have authorized access to financial systems. Insiders may abuse their positions of trust to manipulate payment requests or override security measures to facilitate fraudulent transfers.

APP fraud can have devastating consequences for individuals and businesses. Victims may suffer significant financial losses, and the recovery of stolen funds can be challenging. Furthermore, the reputational damage caused by falling victim to such fraud can be long-lasting, affecting both personal and professional relationships.

To mitigate the risk of APP fraud, it is essential to adopt robust security measures:

1. Educate and Raise Awareness: Individuals and businesses should be aware of the risks associated with APP fraud. Regular training and awareness programs can help users identify common fraud techniques and develop a cautious approach to suspicious requests. As DICTS we always publish information about cybersecurity in our knowledge base. 
2. Verify Requests: Always independently verify the authenticity of payment requests, especially if they involve significant amounts or unexpected changes in payment instructions. Use verified contact information obtained through reliable sources and avoid relying solely on information provided in unsolicited emails or messages. DICTS will only use official communication channels and no one will ask for your password via links to make any changes, most password reset options are done by self. For email, always use the link sso.mak.ac.ug
3. Implement Strong Security Measures: Maintain up-to-date antivirus software and firewalls on your devices to protect against malware and hacking attempts. Regularly update software and operating systems to address security vulnerabilities. Software updates will always come, the onus is on someone to ensure the update is done. A delay could lead to something catastrophic.
4. Utilize Two-Factor Authentication (2FA) - (Phone or email address): Enable 2FA for online banking and payment platforms. This adds an extra layer of security by requiring a second verification step, such as a unique code sent to a registered device. For most password changes especially on the student and staff portal. A token is sent to your email address or your phone number, while using the system for authentication purposes. For the email password reset, a token is sent to your secondary email that you registered while signing up for SSO.
5. Monitor Accounts Regularly: Keep a close eye on your financial accounts and transaction history. Promptly report any suspicious activity to your bank or financial institution. Most of us have bank accounts and also use bank apps, it is of great importance to keep a keen eye and report any suspicious activity.
6.  Report Incidents: If you fall victim to APP fraud, report the incident immediately to your bank or relevant authorities. Timely reporting improves the chances of recovering funds and helps law enforcement agencies track down the perpetrators.

APP fraud poses a significant threat in the digital age, exploiting vulnerabilities in technology and human behavior. By staying vigilant, implementing robust security measures, and fostering a culture of awareness, individuals and businesses can better protect themselves against this evolving form of cybercrime.

With increased automation of services at Makerere, we need to use such information to raise awareness and keep alert and also ensure we do the steps shared above.

For all students and staff, endeavour to use this knowledge to the best of your ability. Technology waits for no one and hackers are always planning even when vendors are planning to mitigate and patch up vulnerabilities. 

Be Cyber Alert and remember you are better off safe than sorry.