“Phishing” is the process of using emails and/or websites that appear legitimate to improperly obtain personal information such as usernames, passwords and financial information from unguarded/unsuspecting individuals.
Under the Nigeria’s Cybercrime (Prohibition, Prevention, etc.) Act 2015, phishing means the criminal and fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details via the Internet. This is done by masquerading as a trustworthy entity in an electronic communication through emails or instant messaging either in form of an email from what appears from your bank asking a user to change his or her password or reveal his or her identity so that such information can later be used to defraud the user.
A malicious user sends out millions of fraudulent email messages that appear to come from popular websites or from websites that seems trustworthy, like your bank or Credit Card Company. The email messages and websites often look so official that they deceive many people into believing that they are legitimate. Believing that these emails are legitimate, unsuspecting people often respond to the emails requesting for their credit card numbers, passwords, account information or other personal information.
A scam artist might put a link in a fake email that appears to go to the legitimate website, but actually takes you to a scam site or even a pop-up window that looks exactly like the official site. These copies are often called spoofed websites. Once you get to one of these spoofed sites or pop-up windows, you might unwittingly enter even more personal information that will be transmitted directly to the person who created the spoofed site. That person can then use this information to purchase goods, apply for a new credit card, or steal your identity.
There are several ways online users are advised to protect themselves:
- Never respond to requests for personal information via email – Legitimate organizations will never ask for passwords, credit card numbers, or other personal information in an email. If you do receive an email requesting this kind of information, IGNORE/DELETE SUCH EMAIL, DO NOT RESPOND, DO NOT REPLY, DO NOT CLICK ON LINKS OR IMAGES and DO NOT OPEN ANY ATTACHMENTS with the message. If you think the email is legitimate, contact the company by phone or through their website to confirm.
- Visit websites by typing the URL into your web browse Do not follow links to the website from an email message. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site.
- Beware of IMITATION WEBSITES!
- Check to make sure the website is using encryption. Check to see if the website uses encryption to transmit personal information.
- Routinely review your passwords, credit card and bank statements.
- Report suspected abuses of your personal information to the appropriate authorities.
- Use anti-virus software and maintain security settings on your devices