How Not to Fall Victim of Common Phishing Attacks

Fraud and Phishing have become very common at this time due to the rise in fraudulent activities. Many organisations and businesses have been at the forefront of educating their customers and the general public about the tactics used by these criminals and how to safeguard themselves and their funds. One of such organisation, is Access Bank, a leading financial institution in Nigeria, who has demonstrated that the customers’ financial security is a top priority.

Attackers often turn to phishing tactics to get unsuspecting individuals to divulge sensitive information, pretending to be someone or something else to get them to take action. Phishing attacks can be difficult to stop as it relies on human curiosity and impulses, hence, individuals need to administer a good dose of self-restraint so as not to fall victim.

Some of the common phishing attacks include: Email Phishing, Spear Phishing, Whaling, Angler Phishing and Smishing & Vishing

With Email Phishing, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. In the email, there will be an attachment to open or a link to click which may send you to a legitimate-looking website that will require you to input sensitive information such as your password, to access an important file. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. In order to combat phishing attempts, understanding the importance of verifying email senders and attachments/links is essential.

Spear phishing emails are targeted towards a specific individual, government, or business with the intention to steal data for malicious purposes or install malware on a targeted user’s device. Before this can happen, the attacker will already have some of the victim’s information like their name, place of employment, BVN, POB, job title, Email address, and specific information about their job role. There’s a popular misconception that banks are the only ones who have such personal information, however, individuals may have at some point filled various forms for other purposes such as loaning and saving platforms, etc. One of the ways attackers get ahold of victim’s private information is by Data-mining them from databases from all kinds of sectors.

With Whaling, attackers may camouflage as a senior player at an organization and directly target other important individuals of the organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes. For organizations not to fall, victim, staff members should maintain a healthy level of suspicion when it comes to unsolicited contact, especially when it pertains to important information or financial transactions.

With Angler Phishing, more and more organisations now maintain social media presence to relate with their customers and this has triggered a new type of attack known as angler phishing. Criminals clone these corporate social media accounts to obtain sensitive information from unsuspecting customers. An example could be a customer who posts a complaint about account-related issues. Fraudsters, through the clone accounts, may reach out to the customer masquerading as a customer care representative. The customer may fall, victim, when he or she divulges any of such information. Before you respond to anyone on social media when you request help online, check the account that’s responding to ensure they are verified (blue tick). You can also always take your customer service issues directly to the Bank’s website or contact center for a resolution rather than risk falling into an angler phishing trap.

Unlike other phishing schemes which involve emails, smishing and vishing involve telephone communication. In smishing, the attacker sends a text message, and vishing involves a telephone conversation. An example is an attacker posing as a customer representative from a bank and telling the victim his or her account has been blocked and personal information such as the BVN is required in order for it to be rectified. It is never a wise choice to give out your private banking information to anyone, whether you know them or not.

Customers need to stay vigilant so as not to fall victim to any of these phishing tactics, Access bank advised, adding that the bank will never ask customers for their complete ATM card details, PIN, and One Time Password (OTP). The bank further advised that customers should always ensure that they follow only the bank’s verified social media accounts, like Facebook, Twitter, and Instagram, to stay updated on more ways to protect self from fraud.

Related Articles