In the digital landscape of Nigeria, cybercrime has become a serious threat. In this article, JUSTICE OKAMGBA writes on tips to identify phishing websites
Among the myriad of online scams, phishing websites stand out for their cunning deception, designed to steal sensitive information such as login credentials, account numbers, and personal data.
The story of how these fraudulent platforms prey on unsuspecting users serves as a stark reminder of the need for vigilance in our online activities.
Digital trap
Imagine receiving an email promising a streamlined visa application process for the United Arab Emirates and a gateway to new opportunities. Then, the link directs you to a professional-looking website, documentverificationhub.ae, purportedly endorsed by Nigeria’s Minister of Communication and National Orientation, Mohammed Idris.
The website claims to offer a ‘document verification service’ for a hefty fee of N680,000, a necessary step, it says, to lift the UAE’s visa ban on Nigerians.
However, beneath the surface lies a web of deceit. An investigative journalist, David Hundeyin, peeled back the layers to reveal a series of red flags. This site ends with a simple “.ae” domain, whereas official UAE government sites follow the “.gov.ae” format.
Moreover, the registrar’s identity was hidden behind a paid proxy service, a common tactic used by cybercriminals to conceal their tracks.
Hundeyin’s investigation uncovered the proxy owner: Jean Geoffrion, a Canadian CTO at Global Voice Group, a Spanish IT company. Specialising in “RegTech and Govtech solutions”, this company operates primarily in Africa.
According to the journalist, the connection is unsettling – a hidden owner contracts an IT middleman to run a high-traffic regulatory website on their behalf, exploiting the trust of unsuspecting travellers.
Adding to the suspicion, the website is hosted on an Amazon AWS server in Ireland, whereas official UAE government websites are typically hosted in the Middle East.
Payments are processed through Flutterwave, and the exorbitant fee for the visa service raises further doubts about the site’s legitimacy.
Bigger picture
The Nigerian Communications Commission reported that Nigeria lost around $500m annually to various forms of cybercrime, including hacking, identity theft, cyber terrorism, harassment, and internet fraud.
For Latest News & Updates, Join Our WhatsApp Channel
https://whatsapp.com/channel/0029Va9qtzXHwXbIyBGtjk2o
The Cyber Security Experts Association of Nigeria predicted a rise in insider threats driven by the malicious use of artificial intelligence. It warned of surges in misinformation, ransomware attacks, crypto scams, and other cyber threats.
To combat these challenges, the Nigerian government has introduced initiatives like the central bank’s risk-based cybersecurity framework and guidelines for banks and payment service providers.
There is also the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024, which aims to strengthen the legal framework and deter cybercriminals from exploiting Nigeria’s digital space.
Tips
According to a Quora user, Ella Howard, several red flags can indicate a website or app is a scam. Howard highlighted suspicious domain names, excessive pop-ups, and a lack of Hypertext Transfer Protocol Secure (HTTPS) certification as clear indicators of potential scams.
“Scammers often use tactics like misspellings in URLs, too-good-to-be-true deals, and malicious content to lure users into their traps,” Howard warned.
She advised users to check for valid contact information and read reviews from other users before trusting a website or app.
On October 16, 2020, the website of the Central Bank of Nigeria was allegedly hacked by an anonymous online network.
While the CBN later denied the breach, stating its website was not compromised and was adequately protected, an error message displayed on the site suggested a glitch or internal server error.
This incident highlights the importance of robust cybersecurity measures and the potential impact of phishing and other cyber threats.
According to IBM’s 2022 Data Breach Report, breaches caused by phishing take an average of 295 days to identify and contain, making it one of the most persistent threats.
For Latest News & Updates, Join Our WhatsApp Channel
https://whatsapp.com/channel/0029Va9qtzXHwXbIyBGtjk2o
Phishing was one of the top attack vectors in cybercrime, accounting for 16 per cent of all attacks and resulting in an average of $4.91m in breach costs.
Cofense’s Q3 2021 phishing review showed that nearly 93 per cent of modern breaches involve phishing attacks.
Financial advisor Eduardo Pereira emphasised the importance of five key measures to ensure online safety:
Check for secure URLs: Ensure the website uses HTTPS, indicating a secure connection.
Verify contact details: Look for valid contact information to confirm the site’s legitimacy.
Review website content for authenticity: Scrutinise the site for poor design quality and broken English, which can be red flags.
Research the website’s reputation: Read reviews, testimonials, and ratings from trusted sources to gauge the website’s credibility.
Ensure secure payment methods: Only use websites that offer secure payment options.
Conclusion
The tale of the deceptive website targeting Nigerian travellers is a stark reminder of the importance of online vigilance.
For Latest News & Updates, Join Our WhatsApp Channel
https://whatsapp.com/channel/0029Va9qtzXHwXbIyBGtjk2o