In early November, I began noticing unusual posts related to forex trading on my friend's Instagram page. The posts were also being shared in my inbox.
The messages claimed that she had made Rwf4 million through online forex trading and were attempting to persuade me to join in to achieve similar financial gains. She even sent me screenshots of mobile money messages, supposedly proving her earnings.
I was suspicious. The tone of the messages and the text pattern were unfamiliar as they differed from the usual conversations with my friend. She usually added emojis to her texts and rarely composed complete sentences within a single message.
Since I had her phone number, I decided to contact her. It was then that she informed me that her account had been hacked.
I was shocked, but not really surprised.
ALSO READ: Let’s prevent phishing at any cost
She told me that it started when someone (a scammer) texted her and informed her about forex trading and how she could make a lot of money with it.
The scammer persuaded her to enter her information into a page that resembled an Instagram page. After inputting her information to access the purported trading account, she faced difficulties and persisted in attempting to log in for a while.
Upon returning to Instagram (the real page) to ask the person they were chatting what the issue was, a notification popped up informing her that she had been logged out.
Attempting to log in again, she was informed that the password was incorrect, indicating that the scammer had successfully changed it.
My friend had totally lost access to her account, which is now being used by someone else to promote forex trading while illegally using her pictures and deceiving other clueless people into joining.
Fortunately, my friend created a new account and reached out to most of her former Instagram friends to share her experience, cautioning them that it wasn’t her using that account and that they had to avoid falling victim to the scammer's tactics.
Unsurprisingly, the screenshots the scammer was sharing were also fake.
ALSO READ: Over 30% Rwandans targeted by online fraud, money scams
That is one of many social media scams or phishing, which refers to an attack executed through platforms like Instagram, LinkedIn, Facebook, or X. The purpose of such an attack is to steal personal data or gain control of one’s social media account.
According to a report by Get Safe Online, people under 25 are more likely to fall for social media phishing scams. Those include Instagram forex scams promising lavish payouts through forex trading or other investment schemes.
Speaking to The New Times, Amos Kamugabirwe, the Chief Technology Officer at the National Cyber Security Authority (NCSA), said phishing is one of the most common cyber threat in Rwanda.
He explained how it occurs.
"The attackers send messages to as many people as possible, with the aim of tricking them into clicking the links without due consideration. Once someone clicks on these links, they are taken to a webpage that may resemble their bank's official site or another legitimate source,” he said.
"Victims are then prompted to enter their personal information, such as their name and password. After submitting this information, the page may appear to malfunction, but in reality, the attackers have successfully collected the victim's data.”
ALSO READ: NCSA discuss major cyber threats, mitigation strategies
Jean-Pierre Niyodusenga, an information security expert, said there is a prevalence of social engineering as a deceptive technique targeting individuals, especially young people. He highlighted the importance of scrutinising any online link before clicking to avoid falling for phishing attacks.
"Many people are prone to attack not because they want to be attacked but because they are tricked,” he said. "One of the ways we can advise people is to first scrutinize. Look at what you want to click, but before you click it, think twice.”
Niyodusenga also stressed the need for careful validation, especially in response to requests for sensitive information or unexpected messages.
ALSO READ: Cyber fraud cases on the rise as scammers steal over Rwf280m in 2020
He advised against acting independently to avoid scams and urged reporting incidents promptly to relevant authorities or security teams in case they occur.
"Unless you are willing to cooperate with others, you will be scammed,” he said.
"The more you keep quiet, the more it takes another stage, and the more they attack other different people whom you are attached to. And then, it becomes a scandal."
Niyodusenga called for continuous initiatives to educate and collaborate in the fight against cyber-crimes, emphasising the collective responsibility of ensuring online security.
To avoid social media phishing, people are also advised to refrain from providing personal financial information, including their social security number, account numbers, usernames or passwords, over the phone or the Internet if they did not initiate the contact.