We’ve all either heard about it or perhaps even received an email from a ‘Nigerian Prince’ ourselves. It’s a notorious phishing scam that has made its way into urban lore.
The scam is simple. The scammer sends an email claiming to be a deposed prince or a wealthy foreigner. They tell a story about having a large sum of money that they need help moving out of the country, often millions of dollars. They promise that if you help them by providing your bank account details, you’ll get a significant portion of this money as a reward.
The catch is that you need to pay some form of upfront fee (for taxes, legal fees, banking fees, etc.) to release the funds. If a victim pays this fee, the scammer might disappear, or they might come back asking for more money for additional unexpected fees.
The Nigerian Prince scam has been run everywhere, from South Africa to Canada. It’s one of the original phishing scams.
The problem is that like all cyberthreats, phishing scams have become increasingly sophisticated, which is why they are still the primary way that hackers access sensitive information.
Phishing attacks are a kind of digital deception where hackers send emails, create websites or send other forms of online communications pretending to be from legitimate businesses, such as a bank, an insurance company or even the local revenue service. The goal is to trick individuals into divulging confidential details such as passwords, login details, banking details, or other personal identifiers. They rely on a sense of urgency or fear to lure victims into clicking a link, opening a suspicious attachment, or revealing sensitive data.
Successful phishing attacks can have far-reaching consequences, from individuals suffering financial losses, to hackers gaining the information they need to enter a business’s digital network and launch a malware attack, potentially accessing the personal information of customers.
Financial profit: By using stolen financial details, cybercriminals can make unauthorised purchases or fund transfers.
Identity fraud: Cybercriminals can misuse personal identifiers to create new identities or exploit the victim’s identity for fraudulent activities.
Corporate espionage: Phishers might target specific individuals or businesses to access confidential details like trade secrets or sensitive data.
Organisational disruption: Cybercriminals might also use phishing to interfere with an organisation’s operations, deploy malware to steal data and hold it ransom, or damage the business’s reputation. In South Africa, businesses can face large fines if the personal data of customers is stolen and exploited as well.
Successful phishing attacks can be highly profitable for cybercriminals if they manage to gather sensitive data from multiple victims.
While phishing emails can arrive at any time, they are usually sent when individuals are more prone to distraction or susceptible to manipulative tactics. For example, phishing attempts could be more frequent:
The most important thing to remember is that cybercriminals pay attention to local events and news and will use seemingly legitimate ways to try and trick individuals into believing their communications are real.
There are many different types of phishing attacks, but they all have one thing in common – the goal is to get an individual to believe the communication is real and to follow the requested steps. Simply receiving a phishing email or text is not enough – the reader must take action. That’s when the phisher gets what they want. Here are a few common phishing techniques:
The best way to defeat phishing scams is through a human firewall. In other words, phishing scams are designed and carried out by people – and it’s people who can defeat them. Here are the top ways to protect yourself, your personal information and the companies you work within:
Always question unsolicited emails or messages: Be wary of emails or messages from unknown sources or any communications you were not expecting. Even if the message seems to be from a reliable source, validate its authenticity before proceeding. When in doubt, double check.
Look for spelling and grammar mistakes: Phishing emails often contain spelling or grammatical errors. If an email looks doubtful or has errors, it’s safer to delete it. You can also double check the email address or any websites listed – if the phishing scam is trying to look like a legitimate and well-known organisation, the email or website may be similar but with one or two telling differences.
Confirm the sender’s authenticity: Check the sender’s email address and compare it with the verified email address of the entity or individual. Phishers often use spoofed or counterfeit email addresses to deceive victims.
Implement two-factor authentication: Two-factor authentication (2FA) enhances account security by requiring a second form of verification, such as a code sent to your mobile phone or a biometric scan, in addition to your password.
Use anti-phishing software: There are many anti-phishing software tools available that can help identify and block phishing attempts before they reach your inbox.
Keep software and antivirus updated: Ensure your devices are equipped with the latest software updates and up-to-date antivirus protection. This can help prevent malware infections and other security threats.
Create strong, unique passwords: Using a unique password for each account increases security. A strong password should be a minimum of 12 characters long and contain a combination of uppercase and lowercase letters, numbers, and symbols.
By employing these simple strategies and remaining vigilant, you can minimise the risk of becoming a victim of a phishing attack and enhance the protection of your sensitive information.