Claim: A WhatsApp message claimed that the EFCC has issued a warning not to receive calls of certain foreign numbers when called on phone as they could steal their contact lists.
Verdict: The claim is false. A search on the internet indicated that the message was not from the EFCC.
Full Text
A message shared on WhatsApp claimed that fraudsters using certain phone numbers originating from Latvia, Serbia, Belarus and Tanzania have the tendency to have access to the contacts list of those who called the numbers after a deliberate missed call made to their victims.
The message claimed to have originated from Nigeria’s anti-graft agency stating that account details of victims could be copied when saved on their phone.
It read, “FROM EFCC DESK. Please pass this message to your family and friends NOW. People have been receiving calls from Tel: +375602605281, Tel: +37127913091, Tel: +37178565072, Tel: +56322553736, Tel: +37052529259, Tel: +255901130460, or any number starting from +371 +375 +381.”
“These guys only ring once and hang up. If you call back, they can copy your contact list in 3sec and if you have a bank or credit card details on your phone, they can copy that too.”
“+375 code is for Belarus. +371 code is for Latvia. +381 Serbia. +563 Valparaiso. +370 Vilnius. +255 Tanzania. Don’t answer or call back. Also, don’t Press #90 or #09 on your Mobile when asked by any caller to do so. It’s a new trick which is used to access your SIM card, make calls at your expense and frame you as a criminal.”
“URGENTLY FORWARD this message to as many friends as you can to stop any intrusion!!! Note that these numbers are owned by fraudstars (sic) == 07043434863 and 08104591930 and 08069096422.”
“Copied from EFCC HELP DESK HEADQUARTERS JABI – ABUJA”
Verification
A search of the message using google search engine brought up similar messages posted on different social media platforms and websites.
One of it was posted on X, formerly Twitter, by an account, @xach_1, on January 5, 2021 while a website, Cater and Merger, posted it two days later.
In 2022, another website, The Ideal posted the same information and a recent one was in August 2023 by Arewa Talent.
While all these claimed the message was from the EFCC, a fact-checking platform, Check4Scam in India had debunked a similar message in 2017.
However, the claim had a little alteration which stated that the perpetrators were terrorists instead of the fraudster’s narrative in the one circulated in Nigerian cyber space.
Can fraudsters access phone contacts through picking of calls?
While the sophistication of technology has made individuals prone to hackers stealing private information on their phone devices, there is no evidence to back the claim that access to mobile phones can be simply done by merely picking phone calls of unknown numbers.
Activities of hackers over the years have become a major issue globally to the safety of private information and data on smartphones. A report by a US based media organisation, NBS News, stated that they can gain access to Malicious apps downloaded from websites or messages instead of an app store.
The report also identified operating system that could be vulnerable to attacks by hackers and the use of unsecure Wi-Fi connections “in public places, such as cafes and airports and could let malicious actors view everything you do while connected.”
To protect your phones, a cyber security expert with Code for Africa, a civic media organisation, Samaila Atsen Bako, adviced on the need to always updates applications on phones as they are modifications used to improve the performance, add new features, and fix security issues.
He said this is important because “when weaknesses are found in devices and applications, these updates are the fastest way for the device and application creators to address the issue on a global scale.”
He noted that people should always get their applications and updates only from legitimate sources such as Apple store, Microsoft store, Google play store, and the authentic website of the application vendors and not from random websites or through a link sent via SMS, email, or social media.
He also called for the use of strong passwords and to adopt a password manager to make the process safe and seamless.
“Turn on 2-factor Authentication (2FA) where possible in order to make it more difficult for anyone to gain unauthorised access to your accounts. Ensure that your OTP is generated via an authenticator app, not received via SMS. Watch out for emails that attempt to trick you into taking risky actions. Install updates in a timely manner and enable automatic updates where possible.”