A report by Kaspersky, a cybersecurity company, has revealed in its new spam and phishing report for Q2 2020, that over 299,000 Nigerian Small and Medium Enterprises (SMEs) were subject of phishing attacks in the second quarter of 2020.
“Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication” Wikipedia
It is a type of social engineering attack often used to steal user data, including login credentials and card numbers. It occurs when an attacker, disguised as a trusted entity, deceived a victim into opening an email, instant message, or text message.
The Kaspersky’s report which detected 2,023,501 phishing attacked in 6 African countries namely: South Africa, Kenya, Egypt, Nigeria, Rwanda and Ethiopia also revealed a number of new phishing tricks used by phishers. Some of which are resultant effect of the Covid-19 pandemic includes: HR dismissal emails, Delivery delay notifications, Online financial services by banks and Postal services.
South Africans had the highest phishing influence of the 6 countries with 616,666 phishing attacks detected in the 3 months period, while Ethiopia had the lowest phishing attack of 31,585 according to the report. Other are: Kenya 514,361 with phishing attacks; Egypt 492,532 with phishing attacks; Nigeria 299,426 with phishing attacks and Rwanda 68,931 with phishing attacks
Phishing is a strong attack method because it is done at such a large scale, by sending massive emails or text mesaages under the name of legitimate institutions or promoting fake pages to increase their chances of success in the hunt for innocent people’s credentials. The first six months of 2020, however, have shown a new aspect to this well-known form of attack largely because of the Covid-19 lockdowns.
To attract attention, a phisher also forged emails and websites of organisations with perceived potentials and once a phisher gains access to the mailbox of an employee of their target, they use it to carry out further attacks on the rest of its staff, business associates, banks and its contractors.