Unfortunately, Nigeria has become notorious for email scams. As people are less likely to fall for the now well-known “advance fee fraud” most effectively used in the late 90s and early 2000s, con artists have to be more innovative in their email fraud techniques. Email phishing is one such scam carried out online by IT-savvy fraudsters and identity thieves. 

It is a way hackers con unsuspecting members of the society into divulging key personal information, i.e., the con artist pretends to have a legitimate cause/ reason or entity (this includes government agency) which enables the victim to build trust and release the requested information. Once this information is released, the con artist exploits it by way of identity theft, stealing, etc. also, they can install malware and other harmful viruses on the device of the victim to enable the obtaining of some key information.

How does the phishing scam work?

These con artists use spam, fake websites made to appear identical to legitimate sites, fake email addresses similar to those of legitimate businesses or government agencies, etc. to trick unsuspecting members of the public into divulging personal and sensitive information like- bank details, passwords, PIN, credit/debit card information, etc.

This type of scam is widespread and prevalent, due to the ease associated with perpetration and the ability to lure victims into sharing the required/ requested information. Once this information is obtained, the identity is stolen and used to perpetrate a crime, or where banking information is gotten, money is stolen from the account of the original identity owner.

This is done by sending emails to victims requesting, e.g. “verify account”, “redirecting” etc. usually these links contain c]malicious viruses, malware, etc., which can cause harm to the electronic device and aid in gaining access to obtain the personal information.

It can also be done by requesting the victim to update information for a website, application, online store, coupons for online purchases, etc. 

Things to look out for:

Phishers often pretend or clone existing legitimate companies, while making their message intelligent and genuine. They also make their websites, links, forms, and other connected pages appear so real and similar to the original, that telling the difference is almost impossible. However, some tell-tale signs to know a phishing scam include:

  • Personal and confidential information is sought via mail, instant message, and other inappropriate means.
  • Watch out for words like “verify” and “confirm”. They may appear as; “we have noticed a suspicious login on your account, verify your identity by clicking on the link below”.
  • Be wary of urgent demands. The desire of every scammer is to put you on the edge, thus making you act fast and think later.
  • Beware of threats and emotional blackmail
  • Misspelled URLs, spelling mistakes, or the use of sub-domains
  • Look for illegitimate links. Beware of emails that contain links, oftentimes, they are viruses and malware and can be harmful if downloaded into the victim’s device. Also, where the link seems genuine, place the mouse arrow over it, without clicking; this will reveal the actual URL and when the two are different, then it is not legitimate.
  • Lack of a personalized greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, usernames, or passwords.
  • Misspellings and typographical errors in the body of the mail.
  • Suspicious and unwarranted/unneeded attachments.

What to do when you suspect you have fallen victim to phishing:

Scammers have almost perfected that act of phishing, it goes without noticing most of the time. But, when you find yourself being a victim, below are some steps to take to protect your device, money, identity, and information:

  • Do not provide personal or confidential information to any unsolicited requests for information
  • Where necessary, only provide personal information on sites that have “https” in the web address or have a lock icon at bottom of the browser. This signifies encryption- security of the website.
  • If you suspect a mail is an attempt at phishing or you have clicked on such, contact the legitimate organization to confirm the legitimacy of such message and where it is found to be illegitimate, request that all transactions be placed on hold temporarily.
  • Change login details. 
  • Type in a trusted URL for a company’s site into the address bar of your browser to bypass the link in a suspected phishing message
  • Use complex combinations ad passwords for all your accounts
  • Continually confirm the accuracy of personal details on websites requiring them and deal with any discrepancies right away
  • Avoid questionable and suspicious websites/links
  • Do not open messages from unknown or unrequested senders and immediately delete messages suspected to be spam or fraudulent.
  • Install antivirus software and a firewall. Ensure the device is fully scanned regularly.
  • Install good antispyware software on all devices.