The words, ‘fraud’ and ‘phishing’ have become very common at this time due to the rise in fraudulent activities. Many organisations and businesses have been at the forefront of educating their customers and the general public about the tactics used by these criminals and how to safeguard themselves and their funds.
One of such organization, is Access Bank, a leading financial institution in Nigeria, who has demonstrated that the customers’ financial security is a top priority.
Attackers often turn to phishing tactics to get unsuspecting individuals to divulge sensitive information, pretending to be someone or something else to get them to take action. Phishing attacks can be difficult to stop as it relies on human curiosity and impulses, hence, individuals need to administer a good dose of self-restraint so as not to fall victim.
Here are some of the most common phishing attacks and how to avoid them.
An attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. In the email, there will be an attachment to open or a link to click which may send you to a legitimate-looking website that will require you to input sensitive information such as your password, to access an important file. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. In order to combat phishing attempts, understanding the importance of verifying email senders and attachments/links is essential.
Spear phishing emails are targeted towards a specific individual, government, or business with the intention to steal data for malicious purposes or install malware on a targeted user’s device. Before this can happen, the attacker will already have some of the victim’s information like their name, place of employment, BVN, POB, job title, Email address, and specific information about their job role. There’s a popular misconception that banks are the only ones who have such personal information, however, individuals may have at some point filled various forms for other purposes such as loaning and saving platforms, etc. One of the ways attackers get ahold of victim’s private information is by Data-mining them from databases from all kinds of sectors.
Attackers may camouflage as a senior player at an organization and directly target other important individuals of the organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes. For organizations not to fall, victim, staff members should maintain a healthy level of suspicion when it comes to unsolicited contact, especially when it pertains to important information or financial transactions. They should always ask themselves if they were expecting the email, attachment, or link? Is the request unusual in any way?
More and more organizations now maintain social media presence to relate with their customers and this has triggered a new type of attack known as angler phishing. Criminals clone these corporate social media accounts to obtain sensitive information from unsuspecting customers. An example could be a customer who posts a complaint about account-related issues. Fraudsters, through the clone accounts, may reach out to the customer masquerading as a customer care representative. The customer may fall, victim, when he or she divulges any of such information. Before you respond to anyone on social media when you request help online, check the account that’s responding to ensure they are verified (blue tick). You can also always take your customer service issues directly to the Bank’s website or contact center for a resolution rather than risk falling into an angler phishing trap.
Smishing and Vishing
Unlike other phishing schemes which involve emails, smishing and vishing involve telephone communication. In smishing, the attacker sends a text message, and vishing involves a telephone conversation. An example is an attacker posing as a customer representative from a bank and telling the victim his or her account has been blocked and personal information such as the BVN is required in order for it to be rectified. It is never a wise choice to give out your private banking information to anyone, whether you know them or not.
You need to stay vigilant so as not to fall victim to any of these phishing tactics. Remember Access bank will NEVER ask for your complete ATM card details, PIN, and One Time Password (OTP). Ensure you follow only the bank’s verified social media accounts, Facebook, Twitter, and Instagram, to stay updated on more ways to protect yourself from fraud.