Celebrating Cybersecurity Awareness Month: The Growing Social Engineering Trend in Nigeria’s Economy

Celebrating Cybersecurity Awareness Month: The Growing Social Engineering Trend in Nigeria’s Economy

By Benedict Joseph Oluwaseun

Opinion: Social engineering attacks are becoming more common in Nigeria’s economy, posing serious risks to corporations, government organizations, and individuals alike. These attacks, which rely on manipulating human psychology rather than exposing technological vulnerabilities, pose a severe challenge to the country’s cybersecurity.

According to the Financial Institutions Training Centre’s (FITC) latest report on Frauds and Forgeries in Nigerian Banks, the amount lost increased significantly from N472 million in the first quarter of 2023 to N5.79 billion in the second quarter. According to the same FITC, Nigerian bank clients lost a total of N2.72 billion to fraud in the first and second quarters of 2022.

Similarly, banks lost N3.5 billion to fraud-related occurrences between July and September 2020, according to the Nigeria Inter-Bank Settlement System Plc, a 534 percent rise over the same period in 2019, when it was N552 million.

Recognizing Social Engineering:

Social engineering is a type of cyberattack in which humans are manipulated into disclosing confidential information, granting unauthorized access, or doing acts that jeopardize security. These attacks frequently take the form of impersonation, deceit, and psychological manipulation in order to take advantage of human trust and gullibility.

The Nigerian Landscape: In Nigeria, social engineering attacks have gained prominence due to several factors:

Low Cybersecurity Awareness: Many individuals and organizations in Nigeria have limited awareness of cybersecurity best practices, making them susceptible to manipulation and deception.

High Internet Usage: Nigeria has one of the highest rates of internet and social media usage in Africa. Cybercriminals leverage these platforms to target a wide audience for their social engineering schemes.

Financial Motivation: Financial fraud is a common goal of social engineering attacks in Nigeria, where criminals aim to steal money from individuals and organizations.

Cultural Trust: Nigerian society values trust and community. Cybercriminals exploit this cultural trait to create a false sense of trust in their targets.

Common Social Engineering Attacks in Nigeria:

Vishing: is a form of social engineering attack in which an attacker uses a phone call to trick a victim to reveal sensitive information such as credit card number, pin code or detailed home address. The attack exploits voice over IP (VoIP) technology since it is cheap, and the attacker could be calling from anywhere around the world, with their identity concealed

Phishing: Phishing emails and messages impersonate trusted entities, such as banks or government agencies, to trick individuals into disclosing personal and financial information.

Advance Fee Fraud (419 Scams): Nigeria is infamous for 419 scams, where individuals are promised a large sum of money in exchange for a small upfront fee. Victims end up losing money with no promised returns.

Impersonation: Criminals impersonate government officials, business executives, or family members, using emotional manipulation to extract money or information from victims.

Business Email Compromise (BEC): BEC attacks target businesses by impersonating executives or suppliers, instructing employees to make fraudulent payments.

Fraudulent Websites: With this attack type, the hacker exploits a victim’s trust, leading them to access their fake website, which automatically downloads malicious files onto the victim’s computer. As with the Trojan horse attack, the downloaded file gives the attacker access to sensitive

Protecting Against Social Engineering: Education and Awareness: Increasing cybersecurity awareness through education and training is crucial. Individuals and organizations should learn to recognize social engineering tactics.

Verification: Always verify the identity of individuals or entities requesting sensitive information or financial transactions. Use trusted contact details, not those provided in unsolicited messages.

Cyber Hygiene: Maintain good cybersecurity hygiene by using strong, unique passwords, enabling multi-factor authentication, and keeping software up to date.

Suspicion: Be skeptical of unsolicited requests for money, information, or actions. Verify requests independently before taking any action.

Reporting: Report suspected social engineering attempts to relevant authorities or organizations. Timely reporting can help prevent further victimization.

Legal Measures: Governments and law enforcement agencies in Nigeria must enforce strict penalties for cybercriminals engaging in social engineering.

Business Practices: Organizations should implement robust security policies, conduct regular security awareness training, and employ email filtering and monitoring solutions to detect social engineering attempts.

To summarize, the growing tendency of social engineering attacks in the Nigerian economy poses a clear and present danger to individuals and organizations. Combating these cyber risks necessitates a multifaceted approach that combines cybersecurity education, awareness, and legal safeguards to protect both persons and the country’s economic interests. Nigeria can better protect against social engineering assaults by remaining watchful and aware.

 BENEDICT JOSEPH OLUWASEUN B.Sc., MBA, M.Ed, M.Sc. Information Security & Digital Forensic

Leave a Reply

Your email address will not be published. Required fields are marked *