Open in app

Sign in

Write

Sign in

Phishing Scams: How to Identify Them and How to Avoid Them

Oludare Stephen Ayobami
8 min readSep 3, 2024

--

Phishing scams are among the most common and successful methods hackers and other cybercriminals use. These frauds entice people to reveal their passwords, credit cards, and other personal information. However, phishing is still very prevalent, and this is because the threat agents always continue to develop their strategies. In this article, you will learn how to identify phishing messages and what you could do to prevent yourself from falling prey to such cons. To ensure that the information is easy to understand, I have included some examples of real-life experiences in Nigeria to make the content more practical.

What is phishing?

The term ‘Phishing’ According to Kreitner and Palazzolo, phishing is a kind of cyber warfare whereby the enemy disguises himself/herself to get people to do something or perform actions that compromise their security. Such actions may involve a hacker sharing links for you to open, attaching files with viruses you download, or extracting sensitive information that you disclose.

Some phishing scams are executed in emails, while others can be through text messages (SMiShing), social media, or even phone calls (vishing).

Common Signs of a Phishing Scam

While phishing tactics can vary, several red flags can help you identify a potential scam:

  1. Unusual Sender Email Address

Example: You are sent an e-mail by “support@paypa1.com”, although it can be noticed that ‘1’ is used instead of ‘L’ It says your PayPal account is in trouble.
Tip: Always check and look at the sender’s email address closely. Fraudsters frequently invent addresses that are almost identical to genuine ones with only slight differences.

2. Generic Greetings

Example: An email begins with the universally used ‘Dear Customer’ instead of using your name. For example, when you communicate with most Nigerian banks, such as GTBank or Fidelity Bank, they always call you by your full name.
Tip: Phishing emails may contain greetings such as ‘Dear customer or member’ while genuine organizations usually refer to you by your name. One might be wary of any email that is addressed to “dear customer” or the like because credible businesses employ salutations more specific to the recipient.

3. Urgent or Threatening Language

Example: An SMS received appears to have been sent by your bank and informs you that your account will be suspended provided you do not enter your details within the next few minutes.
Tip: Fear is frequently the tool employed by phishers to ensure that the victim acts impulsively without being able to properly evaluate the situation. Avoid messages that appear to be urgent.

4. Suspicious Links or Attachments

Example: A hyperlink, such as “Click here to verify your account,” looks deceptively innocent at first sight, but the CTA leads to a link that is a disguised phishing link, which, for example, may read as “bit.ly/3QfJXyz.". It may be in the form of an email received from the Nigerian Communications Commission (NCC) asking you to click on a particular link because you need to update your registration details.

Tip: When the cursor is placed on a link, a popup appears with information on the actual location the link leads to. Do not open attachments, especially if the sender’s identity is unknown. It is also advisable not to click on the link if it appears corrupt or unknown to you.

5. Requests for Sensitive Information

Example: “Please enter the last four digits of your social security number to verify your identity.”In Nigeria, “Please enter your BVN (bank verification number) to verify your identity.”

Tip: Any organisation that you do business with will NOT request you put in your password or credit card details in an email.

6. Spelling and Grammar Mistakes

Example: “Your account has been blocked because of some suspicious activity."Please click the link below to unblock the account.”
Tip: Some of the common aspects of phishing emails include incorrect spelling, grammar, punctuation or even layout. Professional companies use communication profiles that do not contain any errors. Avoid using emails that contain spelling and grammar mistakes, as they are usually fake.

Some real-life examples of Phishing Scams

Example 1: The fake invoice.

Scenario: You get an email from a reputable organization like Apple or probably Amazon informing you that you have been billed for the products or services purchased. This is usually in the body of the email accompanied by an attached invoice, and a clickable link that translates to ‘dispute the charge.
The Phish: When you follow the link, you end up at a copy of the actual website where you are prompted to enter your credentials.
How to Spot: The first step towards determining the authenticity of the message is to examine the email address and the URL of the website mentioned in the message. Secondly, think about whether you have ever made such a purchase. If in any case you are still in doubt, it is advisable to log in to the account directly from the website, not the email.

Example 2: The Social Media Phish

Scenario: A friend sends you a direct message on Instagram saying, ‘Hey, this is nuts, you have to watch the video’ and there is a link directing you to the video.
The Phish: The link leads you to a fake login page of Instagram that takes your login details once entered.
How to Spot: Friends do not typically text such messages without proper context. Before clicking the links, confirm the authenticity of the message with the friend using another method of communication.

Let’s explore some scenarios that are particularly common in Nigeria:

Example 1: The Fake Bank Alert

Scenario: You are given an SMS from what seems like your bank informing you that your account has been used to transact a large amount of money and a link to ‘undo’ the transaction.
The Phish: It links you to a fake banking website where it asks you to input your account details, and as expected, your login details are compromised.
How to Spot: Don’t forget to check the sender’s phone number. Nigerian banks do not send alerts from random phone numbers; they always use acronyms such as "GTBank”. Secondly, be aware that banks will never contact you requesting you to reverse a transaction through a link.

Example 2: The Fake Job Offer.

Scenario: You are invited for an interview for a position that pays very well and with an international company that has a subsidiary in Lagos. The email directs you to an application form where you are required to provide intimate details, such as your bank account number.
The Phish: Basically, the form serves as a means of collecting your information that may be used to conduct fraudulent activities such as identity theft or other unlawful purchases.
How to Spot: Do not trust notifications of instant employment opportunities that request personal details in advance. For more information, look up the company on your own and send applications through their channels.

Example 3: The Fake Charity Scam.

Scenario: In this case, you get an email or a message from a social networking site begging for your donation for victims of a particular disaster. It contains a link to a payment page that appears to be legitimate, more so when it uses the name of the company.
The Phish: It leads the victim to a bogus page where the hacker steals the payment information.
How to Spot: Avoid donating to charities that may seem too good to be true; be sure to verify their authenticity. To avoid charitable scams in Nigeria, you should select organizations that are legally recognized by the Corporate Affairs Commission (CAC) and avoid making donations if the request is not coming from a credible source.

Example 4: The SIM Swap Scam

Scenario: You get a call from a person identifying himself/herself as staff of your SIM card service provider (such as MTN, Glo, Airtel and others) informing you that your SIM card requires an upgrade. They further request your SIM details for the next step.
The Phish: This information is used to do a SIM swap where the scammer takes control of the number and use the OTP sent to the phone to take over your accounts and carry out transactions.
How to Spot: It is important to note that no mobile provider in Nigeria will ever request such details over the phone. If you find yourself subjected to such prompts, do not engage but instead, end the call and dial the official customer service number of your provider.

How to Protect Yourself from Phishing Scams

Educate Yourself and Others
Be aware of the latest trends and patterns of phishing scams. In your way, spread this information to friends, family, and coworkers to safeguard oneself.

Enable Two-Factor Authentication (2FA)
Even if your credentials are compromised, 2FA adds an extra layer of security by requiring a second form of verification. Most Nigerian banks and other services, including email providers, have this option, and it makes sense to enable it.

Use Anti-Phishing Software
Most modern antivirus solutions come equipped with anti-phishing features that are capable of identifying and preventing phishing attacks. Ensure all your software is updated, as this is the first line of defence.

Think Before You Click
Always take a moment to consider the source and content of an email before clicking on links or downloading attachments.

Verify Suspicious Requests
If you get an unsolicited message asking you to disclose sensitive information, especially one that is framed in the form of an emergency, do not respond to the message but look up the official contact information of the organization in question through the internet or through a number you know, Contact the organization and inquire if the message you received was legitimate.

Report Phishing Attempts
 Every email client has a feature allowing you to report phishing attempts to the provider. Such emails should be reported to avoid the same happening to other individuals. This means that you can report phishing attempts to your bank, mobile service provider, or any other competent authority in Nigeria. Reporting such scams can prevent more people from falling prey to such cons.

Conclusion

Phishing scams remain one of the biggest threats, but knowing the risks, you are unlikely to fall for the trick. Whether it is a fake bank notification, an irresistible employment opportunity, or an urgent appeal for a contribution, always check before you tap, and do not forget that genuine businesses will never demand your identification details. Learning the various signs that portray phishing and embracing good security practices will put you in a position to avoid these cons. Reminder: When it comes to phishing attacks, it is always better to be more cautious than to fall right into the trap.

Stay safe online, spread the word to help others protect themselves too, and always think before you click!

Click here to connect on LinkedIn

Phishing Awareness
Cybersecurity
Cyber Security Awareness
Organizational Culture
Information Security

--

--

Oludare Stephen Ayobami

Written by Oludare Stephen Ayobami

43 Followers

Data Analyst | Cyber Security | Technologist: Innovation | Future| Leadership | I write on Data Science, Artificial Intelligence and Cybersecurity

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams