The widespread use of Emails (electronic mail) and SMS (short message service) has given opportunity to cyber criminals to defraud unsuspecting users with various techniques of Email and SMS phishing and spoofing.

Recent findings show that 30% of all email phishing attacks in Nigeria target bank account holders, 5% of recipients of these emails call their account officers to verify the emails while a whopping 25% believe the email actually originated from their bank and do not verify them. They end up being defrauded, losing all funds from their accounti.

Phishing is an online theft technique used in stealing users personal information such as ATM card information, bank account information, usernames, passwords and other personal data. The major means used in this attack is fraudulent Emails. The fraudulent Email which usually contains cloned company brands, logos and counterfeit websites URLs, is sent by cyber criminals to trick users into exposing personal information. Some of the various types of phishing message come in the following forms:

Emails received from the bank or other institution asking users to provide or update their personal details.

Emails received from well-known companies for winning lottery or jackpot asking users to provide personal details.

Emails received with an attachment asking users to unzip, install or download to increase system performance or win shopping points e.t.c. These attachments mostly contain malicious files which scans users’ system hard drive and try to extract saved passwords, IDs and other personal information without users suspecting.

The consequence of these attacks is usually loss of huge sums of money and sensitive information. The Nigeria Interbank Settlement System Plc (NIBSS) estimated that a total of N6.2 billion naira was lost to electronic fraud alone in 2014ii.

Spoofing on the other hand is a form of theft technique where users get phone calls or text messages (SMS) from what appears to be legitimate sources. Example of sources used are impersonating the banks, telecommunication companies, fraudulent short codes or phone numbers and details of people users know, love and respect. The content of SMS used in defrauding unsuspecting users vary from messages claiming a lottery win of huge amount of money, deactivated bank accounts, offer for jobs, help for a relative, spiritual guidance and in some extreme cases actual calls requesting for user ATM card and pin numbers.

Guarding against Email and SMS phishing and spoofing

Never click on hyperlinks within suspicious looking emails e.g containing spelling mistakes, grammatical errors or offers looking too good to be true.

Do not trust email attachments, even if they come from a trusted source. Unless you’re expecting an email with an attachment, call the sender and confirm they sent it. Their computer might have been compromised and could be sending emails without their knowledge, or their email address could have been spoofed.

Never download files from un-trusted websites.

Never reveal personal or financial information in response to an email or SMS request, no matter who appears to have sent it.

Terminate any SMS message that request cash to process lottery wins or job offers.

Ensure you have updated Anti-Virus Software on your devices.

Use legitimate operating systems and software. Keep them updated regularly.

Always look for "https" and a green padlock on websites that request personal information or shopping sites that request bank account and ATM card payments. 

Report phishing and spoofing Emails and SMS.

Avoid acting on all suspicious looking SMS and Emails. If something just doesn’t look right, then there might be a good reason why.

References

Skye Bank PLC Executive.

http://guardian.ng/technology/how-phishing-emails-target-banks-accounts-e-payment-channels/

http://www.govtech.com/blogs/lohrmann-on-cybersecurity/What-To-Do-About-Phishing.html