What is phishing and how can you protect yourself from phishing attacks?

Phishing is a cybercrime in which targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure the targets into providing sensitive data such as personally identifiable information banking and credit card details, and passwords. 

Sometimes it is a fake website put up to look entirely like a genuine website, tricking users to insert their details and passwords to log-in, thereby making it possible for the site creator to get the user’s information from the back end. Other times it is a request through mail, text, or even phone calls by someone posing as a financial institution or a customer care representative of an organization the target has a deal with.

Under Nigeria’s Cybercrime (Prohibition, Prevention, etc.) Act 2015, phishing means the criminal and fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details via the Internet.

Despite this law, however, electronic scam popularly known as ‘yahoo-yahoo’ is popular among Nigerians. The ‘yahoo-boys’ usually deploy phishing tactics on their prey, by sending fake business emails and online dating among others.  Numerous arrests have been made in Nigeria and of Nigerians abroad. Yet, phishing does not seem to be slowing down

Although phishing is usually used to hack accounts, harvest passwords and credit card details, it can be used to do more than that.

In 2019 alone, $3.5billion was lost to Fraudsters through Cybercrime including phishing, according to the 2019 Internet Crime Report published by the FBI Internet Crime Complaint Center (IC3).

In the report, Donna Gregory, the chief of IC3, admitted that “Criminals are getting so sophisticated…It is getting harder and harder for victims to spot the red flags and tell real from fake.”

In its Q2 2020 report, Kaspersky, a cybersecurity company, found that Nigeria has 7.01percent of Kaspersky users attacked through Phishing.

In 2019, Microsoft called for a safer online community in Nigeria for improved economic growth. It said the call became necessary because phishing attacks increased by over 250 percent in Nigeria and other parts of the world.

Research has shown that Webmail, Financial Institutions, and Payment systems are the most targeted. 30% of Reported Phishing Attacks are to webmail, 19% on Financial institutions and another 19% on Payment systems, according to APWG’s Phishing Activity Trend Reports.

Users of Microsoft, Facebook, and Paypal are the most vulnerable to Phishing Attack, according to the Phishers’ Favorites report for Q1 2020

Apart from the financial scam, Phishing could also propel conspiracy theories. It has happened before. In 2016, during the electioneering process in the U.S, a phishing attack was launched against John Podesta, the campaign chairman of Hillary Clinton, Democratic presidential candidate. His emails were leaked. Some of it mentioned words like ‘pizza’ and ‘hot dogs’ which sparked a widespread conspiracy theory, Pizzagates, that Democrats are involved in Child Trafficking. It has since been debunked.

Phishing Attacks have continued to surface on several Fact-Checks by Dubawa.

  • In June, 2020, claims surfaced that Nigeria’s Federal Government is disbursing 30,000 naira to citizens as Covid-19 lockdown funds. The claim turned out to be false and the site found to be a data phishing website.
  • In August, 2020, a claim that N-Power has shortlisted applicants for its second stage surfaced. It turned out to be false and the site’s request for user details passed for a phishing attack.

All mobile phone users need to protect themselves from phishing attacks, but the greatest challenge is identifying a potential phishing attempt. Here are some red flags:

Check the Website URL: Oftentimes, people do not take note of a website URL as far as they can see the content, especially when it is forwarded to them. But the URL is as important as the content of the website. Check the spellings, hyphens etc.

Companies do not request sensitive information: Be aware that companies do not request sensitive information such as passwords from users. Also, banks do not request ATM Pin or complete credit card details.

Multiple Confirmation: If sensitive information is requested, reach out through a different medium to confirm, especially when you know the officials in person. There are times a deal is signed and sealed virtually, but when suspicious targets reach out through other mediums such as phone calls.

Spellings, Grammatical Errors: No company will send you a mail filled with spelling and grammatical errors. Look out for such. They are a red flag.

Too Good To Be True: This is elementary but often overlooked. If the offer seems too good to be true and eye-catching, check again. 

The researcher produced this fact-check per the Dubawa 2020 Fellowship partnership with Vision FM to facilitate the ethos of “truth” in journalism and enhance media literacy in the country.

Show More

Related Articles

Leave a Reply

Back to top button