In our circle of friends, Kila is known for his exaggerations, always making a mountain out of a molehill. But the Kila sitting opposite me today is a far cry from the bubbly and positive Kila I grew up with. Weeping uncontrollably and refusing any comfort, this Kila is the total opposite.

Earlier, Kila had called, his voice trembling, saying he was on his way to my house. The knocks on the door were so loud and scary that I shouted out, “Who is that?”

“It’s me, Kila,” he replied.

I let him in, but his demeanour was that of a completely shattered man.

After much persuasion, I managed to get the story out of him. He had been defrauded, all stemming from a compromised email account. Someone had gained unauthorised access to his email. From the email exchanges, the intruder learned of Kila’s land holdings in a prime estate and had impersonated him in an email to the estate’s admin office, authorising the transfer of the plot to one Mr Hyacinth Akeremi. While this happened about a year ago, Kila only became aware of it yesterday during a casual visit to the estate. It was then that he learned of the sale he supposedly authorised and that the buyer, Mr. Hyacinth, had subsequently sold the plot to a third party.

It gets worse. Whoever compromised the email had also been able to access Kila’s eBay account. Using the stolen information, over the course of six months, they ordered various goods – from exotic perfumes and wristwatches to iPhones – all delivered to different addresses while being charged to Kila’s PayPal account. Kila estimates that over $75,000 had been charged to his PayPal account through this scheme. Asked whether he wasn’t getting notifications of the charges, he explained that the culprit had changed the email addresses associated with both his eBay and PayPal accounts, effectively blocking any notifications.

In total, he estimates he has lost about $215,000 and sought my advice on recovering his lost money.

Well, this could be anyone’s story if you fail to embrace multi-factor authentication (MFA). All of Kila’s woes could have been prevented if he had locked down his email with MFA. With the rise of AI and coding-as-a-service, cybercriminals are constantly on the prowl, intent on stealing information to compromise identities and wreak havoc. There’s the story of an Australian man whose house was sold without his authorisation in a similar cybercrime event. Ransomware is a growing threat where the ransom you pay in bitcoins becomes very difficult to track. And then there’s the risk of blackmail arising from sensitive information in your email inbox being exposed… don’t tell me there aren’t any! These are just some few ways you can be harmed.

Moringa Cyber, conducted an analysis of attacks on a client’s email address spanning June 1st, 2024, to June 16th, 2024, and discovered some alarming information:

• There were 528 failed attempts to compromise the email account.
• The top five countries from which the attempts originated were the United States (129 attempts), Germany (67 attempts), Croatia (45 attempts), Russia (35 attempts), and Canada (33 attempts).
• The US, by far, accounted for 129 of the attacks, representing 25% of the observed 528 attempts.
• Europe, as a continent, harboured the majority of the criminals responsible for these attacks, with 292 attempts emanating from the continent. Other continents’ results were North America (165), South America (32), Asia (26), Africa (9), and Australia (4).

They did a similar evaluation for a file server protected by a basic router firewall and discovered 118 attempts with the following breakdown:

• The top three countries were Russia (34), Monaco (32), and the USA (17), followed by Panama (15) and Romania (8).
• Again, Europe dominated with 85 of the 118 noted attempts.
• Other countries included the UK (8), Germany (3), and Azerbaijan (1).
• Noticeably absent were countries from South America, Australia, and Africa.

The good news is that there are many countermeasures you can take to defend yourself, starting with cyber education. To secure your email, consider using strong passwords that align with NIST password standards (you can read more about this here). Obviously, avoid clicking on any link or opening any email that you are neither expecting nor know the source of.

The team at Moringa Cyber is at the forefront of vaccinating African cyberspace, building resilience against those who wish to do us harm. They offer their expertise, tools, and resources to safeguard you, your people, businesses, and the environment from cyber threats. Give them a call now, and you will be glad you did.