Charlatans taking advantage of data security challenges to masquerade as professionals

  • 19 Oct 2023
  • 3 Mins Read
  • 〜 by Waceera Kabando

In the current era, technological advancements have yielded innovative solutions and numerous challenges. Some of these challenges are data protection infiltration, misinformation and disinformation and cybersecurity breaches. There have been instances where non-professionals access information with the intent to impersonate and steal their identity for financial and prestigious reasons.

One such example of this issue is the case of Brian Mwenda Njagi who breached the Law Society of Kenya portal and identified an account belonging to one of the advocates whose name was similar to his, manipulated the details and even changed the profile photo. This identity theft case highlights the vulnerability of professional accounts.

How did he do it?

Allegedly, the Kenyan ‘Mike Ross’, as he has been infamously dubbed, used a common (not so common) global fraud scheme called Business Email Compromise (BEC) also known as Email Account Compromise (EAC). This is a financially damaging crime that leverages the fact that email addresses are used to run most businesses or professional accounts.

There are about three ways in which such scams are carried out:

  1.       Spoof an email account or website – this is most probably what Brian Mwenda did, in that he slightly varied a legitimate address to manipulate the system into thinking the existing address was invalid and requested a change to a new system so that he could apply for his practising certificate.
  2.       Spear phishing emails – this is where emails are sent to an individual or organisation with the aim of gaining access to sensitive information. Usually, such emails may seem to look like they’re from a trusted sender when they are from cybercriminals.
  3.       Malware – this is basically malicious software that can get into a company’s network and gain access to legitimate email threads that may have financial information. Criminals may gain undetected access to victim’s data including passwords and financial accounts information.

How safe is your personal data?

This identity theft case raises questions about advocates’ personal data security on the Law Society of Kenya’s portal as per Section 29 of the Computer Misuse and Cyber Crimes Act. Key to mention is that advocates put up their images and contact information on the portal and these are classified as personal information therefore, the processing is governed by the Data Protection Act, 2019.

It is unclear how the masquerader found out that the rightful owner’s account was inactive. As this leaves many with more questions than answers as to what the protocols and processes are to prevent such breaches, an audit of the Advocates’ Search Engine should be conducted.

The victim, Brian Mwenda Ntwiga, should, if he has not already, lodge a complaint with the Office of the Data Protection Commissioner as required by law.

Twenty-six successful cases? Get your facts right

Fake news has become a pervasive element in today’s communication landscape. The influence of misinformation and disinformation is undeniable, and these twin forms of false information propagate rapidly, akin to a wildfire fueled by information overload. Researchers at Indiana University have uncovered how the finite attention span of users hinders social media’s ability to discern information based on its quality. These two types of falsehoods are distinguished by the intentions of the individuals or outlets disseminating them.

Misinformation has been defined as false or misleading content that aims to shape or change public opinion on a given topic. Disinformation on the other hand is created to deceive consumers of the information to increase traction on a given topic or page. These vices may be unavoidable but critical thinking is essential when sharing unverified information on social media platforms.

Social media has a rewards system that boosts its users to stay on their pages and keep posting and sharing. In a report by researchers at the University of Southern California, it was found that 15% of the most habitual news sharers in a pool of case study subjects were responsible for spreading about 30-40 % of the fake news. The habitual sharing of misinformation is part of a broader pattern of insensitivity to the information being shared.

Considering the time frame from Brian’s alleged admission date to the point of being busted, it is incomprehensible how he could have won 26 cases in a court of law. This is unrealistic and improbable, to say the least. However, for a couple of clicks, likes, reposts, and shares, this was the highlight of the most viral posts doing rounds on social media over the matter.

In as much as this was a good laugh to some, true to Kenyan culture to make clownery of most situations, it is unfortunate that such incidents that are detrimental to the profession can occur.