The Cyber Security Authority (CSA) has discovered a growing trend in scams involving the impersonation of well-known brands and service providers.

These include Pizza Hut, Pizzaman/Chickenman, Hisense, Bel Aqua, Papaye, Burger King, etc.

Using Google Map and Google Search, the Authority noted that cybercriminals create fake business profiles or manipulate search results to trick the public into engaging with fraudulent phone numbers, websites, or addresses.

Modus Operandi

These cybercriminals create or alter Google Maps business listings of popular companies, banks, hotels, airlines, courier services, and government agencies. The fraudulent listings include fake phone numbers, emails, and websites.

The CSA noted that when users search for a company's contact details or service information, they are presented with the fraudulent listing usually at the top of Google results, leading them to contact the cybercriminals instead of the legitimate business.

"The cybercriminals pose as customer service agents of the brands they represent and trick victims into sharing one-time passwords (OTP) or PIN's, which are used to withdraw funds from their mobile money wallets or make payments for goods and services they never receive," a statement issued by the CSA added.

As such, the CSA has recommended members of the general public to always cross-check contact details, including phone numbers, from the official websites of institutions instead of relying solely on Google Search or Maps.

Also, "treat top search results with caution; fraudulent listings may appear above legitimate ones, particularly paid "Ad" results. Scammers pay to have their fraudulent links appear at the very top."

Furthermore, the CSA entreated citizens to stop sharing sensitive information, including PINs and OTPs online.

"If you encounter fake business listings or contacts on Google Maps, report them directly through Google's reporting tools and notify the CSA," the statement added.

To institutions, the CSA advised a regular search for their brand online, including Google and Google Maps to identify fraudulent listings or fake websites.

"Proactively share verified contact details on official websites, social media, and other trusted platforms. Monitor reviews and comments online, especially on social media handles for mentions of fraud, as this is often a sign of impersonation," the statement added.

Institutions are encouraged to acquire official toll-free numbers that can be centrally managed and mapped to their various branches, ensuring consistency and trust.

Alternatively, organisations may acquire dedicated number ranges and actively publicize them to the public as their official contact lines.

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Point of Contact (POC) for reporting cybercrimes and for seeking guidance and assistance on online activities; Call or Text - 292, WhatsApp - 0501603111, Email - report@csa.gov.gh.

Digital lending cyberbullying incidents between Jan. and May 2025

The Cyber Security Authority (CSA) has recorded an exponential surge in cyberbullying incidents associated with digital lending mobile applications this year.

Between January and May, the Authority received 377 reports, marking a sharp increase compared to the 228 cases reported throughout the entire year of 2024.

The apps that have been identified include Miniloan, Mix Loan, Devtage loan, Ozzy money-cash, Plus Cash Arrow, Fundscredit, Getloan, Kcash, Bestloan, Gcash, Daraloan, Loan Base, Tap Loan, Gh Loans, Sune credit, Urgent Money, Sparkloan, Skyloan, Loancloudgh, Pea Money, Cash Arrow.

The rest are HastyCredit, Lever credit, Molo credit, Sunloan pro, Nina loan, Upper loan, Wohia loan, Morloan pro, MumuMoney, Credit bag, Lever credit, Get loan, Ozzy credit, Molocredit, Soarcredit, E+money, Taploan, Dream Fund, Swftcredit, RocketLoan Turbo, DEVTAGE Financial, Vinvedo Wealth, Credit well, Newgry, Easy Buy, Sika Sika, WePay.

According to Bank of Ghana (BoG) Notices BG/GOV/SEC/2022/10 and BG/GOV/SEC/2023/07, these apps violate the provisions of the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930).

In addition, the owners of the apps have not met the compliance obligations of the Data Protection Commission (DPC), and thus their access and use of the data and PII of users violate the Data Protection Act, 2012 (Act 843).

The CSA has therefore advised the public against subscribing to these mobile applications as they are not sanctioned by the Bank of Ghana (BoG) and the Data Protection Commission.

"Individuals who patronise these services do so at their own risk," the authority warned.