Smishing in Nigeria
Smishing in Nigeria
Smishing, a form of phishing that uses SMS (Short Message Service), has become increasingly prevalent in Nigeria. Scammers use deceptive text messages to trick individuals into providing personal information, clicking on malicious links, or transferring money. According to a 2019 survey, Nigeria ranked 7th worldwide for spam message activity, with an average of 65 spam messages received monthly.
Here are some of the most common smishing attacks in Nigeria.
Examples of Smishing Scams in Nigeria include:
Smishing attacks related to banks are often designed to create a sense of urgency, prompting you to click on a link or call a number to prevent an alleged issue. Scammers frequently mimic real banks to appear legitimate, aiming to steal your information or commit fraud.
In this kind of scam, you receive a text claiming you've won a prize or money and need to click a link, provide some information, or call a number to claim said prize.
This was very rampant during the COVID-19 period. Fraudsters sent messages claiming to offer government relief funds, asking you to click a link or dial a number to claim funds.
This type of smishing attack equally creates a false sense of urgency claiming that your account or service will be disrupted unless you take immediate action, typically by clicking on a link, or providing personal information.
People are constantly waiting for packages and checking on the status of their deliveries as a result of the rise in online shopping. A lot of users don't hesitate to open a text message containing a tracking link because so many websites and delivery services provide text message updates. Certain delivery companies use links that take customers to their websites and use SMS to keep their customers informed. Be watchful of these scams, which usually use URL shorteners or mimic authentic domain names.
Red flags to look out for in a smishing scam
Receiving an unexpected message claiming to be from your bank, a delivery company, or any other company, especially if it urges immediate action.
Messages that do not address you by name and instead use generic terms like "Dear Customer."
Links that seem off, especially those that don’t match the organization’s official website URL.
- The message comes from a suspicious phone number or email address that doesn’t match the organization they claim to be from.
Any request for sensitive information, like your PIN, BVN, or passwords, through a text message.
Legitimate institutions usually send well-written messages. Be wary of those with spelling or grammar mistakes.
Promises of rewards or gifts in exchange for clicking a link or providing information.
Logos, colors, or layouts that do not match the bank’s usual branding.
How to Protect Yourself from a Smishing Scam:
If you receive a suspicious message, do not click any links. Instead, directly contact the institution to verify the message.
Install Truecaller on your mobile device to detect and block malicious links.
Stay informed about the latest smishing tactics and share this knowledge with friends and family.
If you receive a suspicious message, contact your bank directly using a trusted number to verify its authenticity.
Enable two-factor authentication on your bank accounts for an added layer of security.
Never share personal or financial information through text messages.
Notify your bank, and report the message to your mobile service provider and on Truecaller.
Frequently check your bank statements and account activities for any unauthorized transactions.
How Scammers Operate a Smishing Scam in Nigeria
- Communication Channels: Scammers use SMS messages to contact victims directly. These messages often appear to be from legitimate organizations such as banks, government agencies, or service providers. They may use phone numbers that mimic organizations or official-sounding sender names to enhance credibility.
- Urgency and Deception: The scam typically starts with a message claiming that urgent action is required due to an alleged issue with your account or personal information. Scammers create a sense of urgency by threatening account suspension, fines, or other consequences if the recipient does not act quickly. They also create FOMO (fear of missing out), by sending out “limited-time offers” to get you to act without thinking.
- Phishing Links and Phone Numbers: While some smishing messages include malicious links, others provide phone numbers that victims are encouraged to call. These phone numbers may connect to scam operators who impersonate legitimate customer service representatives and solicit personal or financial information.
- Malware Installation: In cases where a link is included, it may lead to a phishing site designed to capture login credentials or install malware on the victim’s device. For phone-based scams, the scammer may attempt to extract sensitive information directly during the call.
Psychological Tactic
- Fear and Panic: Scammers exploit fear by claiming immediate action is needed to avoid severe consequences, such as losing account access or facing legal repercussions. This tactic induces panic, leading victims to act quickly without verifying the message’s legitimacy.
- Greed and Enticement: Some smishing scams offer rewards, prizes, or exclusive benefits to lure victims into providing personal information. This tactic appeals to the recipient’s desire for easy gains.
- Official-Looking Communication: Scammers use official-sounding language, logos, and branding to make their messages appear legitimate, thus lowering the victim’s defenses and increasing the likelihood of compliance.
- Impersonation: By posing as trusted entities, like banks or service providers, scammers exploit the victim’s trust in these organizations to bypass skepticism and prompt immediate action.
Impact on Victims
- Financial Loss: Victims may incur financial losses if they provide sensitive information or make payments based on false claims. Scammers can misuse stolen financial details for fraud or unauthorized transactions.
- Identity Theft: Information collected through smishing scams can be used for identity theft, leading to further financial harm and damage to credit.
- Unauthorized Access: Victims may face unauthorized access to their bank accounts, email, or other sensitive accounts, which can lead to additional risks and financial consequences.
- Emotional Distress: The realization of being scammed can cause significant emotional distress, including anxiety, embarrassment, and frustration.
Where to report phishing scams in Nigeria?
- Police Special Fraud Unit (PSFU)
Email: report@specialfraudunit.org.ng, pro@specialfraudunit.org.ng
Whatsapp: 08127609914
Voice Call/SMS: 07082276895
Social Media: Facebook - Economic and Financial Crimes Commission (EFCC)
Email: info@efcc.gov.ng
Phone number: +234 8093322644, +234 (9) 9044751
Social Media: Facebook, Twitter, Instagram - Independent Corrupt Practices Commission (ICPC)
Email: info@icpc.gov.ng
Phone number: 08076369259, 08076369260
Social Media: Instagram, Twitter, Facebook - The real organisation needs to be informed of such a scam as well so that if not advertised, they can do so on their official websites and social media accounts that fraudulent job offers are circulating in their name.
You can also report the phone number of the fraudster on Truecaller. This could protect the whole community from future fraud attempts!
Conclusion
Smishing scams in Nigeria continue to evolve, preying on individuals' trust and emotions to extract personal and financial information. These scams exploit the familiarity of SMS communication and the authority of trusted entities, making it crucial for individuals to stay vigilant. By recognizing common smishing tactics—such as unexpected messages, urgent requests, and suspicious links—people can better protect themselves. Leveraging tools like Truecaller, educating oneself and others, and reporting suspicious activities to local authorities and service providers can collectively reduce the impact of these scams. Staying informed and cautious is the best defense against falling victim to smishing, ensuring that personal and financial security remains intact.