Risk:
| high |
Damage: |
|
Platform(s): |
WhatsApp Google |
Advisory ID: |
|
Version: |
|
CVE: |
|
Published: |
|
Summary
ngCERT’s attention has been drawn to increased phishing campaigns within Nigeria's cyber ecosystem. These campaigns involve spreading fraudulent, deceptive calls or messages aimed at stealing Personally Identifiable Information (PII) and bank account details of unsuspecting individuals. These phishing messages are usually spread through, emails, SMS, WhatsApp, and other social media platforms mimicking reputable organizations. Successful phishing attacks could result to financial losses, identity theft, and possibly reputational damage among other negative impacts. In this regard, the general public should be mindful of various forms of phishing attacks, particularly during the Yuletide season, while taking proactive steps to stay safe.
Description & Consequence
Generally, phishing campaigns have been identified as the first stage in most cyber-attack chains, with messages or voice calls crafted to deceive recipients into taking actions that are against their best interest. These phishing attacks typically take the following stages:
-
Message Distribution: The phishing messages are sent in bulk to numerous social media users, often appearing to come from trusted sources.
-
Content of the Message: The message typically includes a link to a fake website or form, asking recipients to provide personal information such as their name, address, bank details, and other sensitive data.
-
Deceptive Tactics: The message may use urgent language, promising quick financial aid to entice recipients to act without verifying the information. These attackers also impersonate trusted organization initiatives as a ploy to lure unsuspecting persons into opening malicious links and downloading harmful content.
-
Malicious Links: Clicking on the provided link may lead to the installation of malware on the user's device, further compromising their security.
Falling prey to these phishing attacks could potentially lead to:
a. Device compromise.
b. Unauthorized access to sensitive data.
c. Loss and theft of sensitive data.
d. Financial loss.
e. Reputation Damage.
Solution
ngCERT recommends the following:
a) Always verify claims of support schemes by checking official sources of relevant organizations.
b) Avoid clicking on web links and opening attachments received unexpectedly from trustworthy users or unreliable sources.
c) Never share your personal or financial information with persons or sites you don’t know and can’t verify.
d) Refrain from sending unconfirmed social media messages disguised as an organization circular.
e) Administrators of social media groups, like WhatsApp should screen for criminal elements by sanitizing their various groups.
f) Educate friends and family on the recent phishing campaigns by cyber criminals.
g) Report any suspicious activities or scam attempts to ngCERT.
Reference
Revision
