HUMAN DEFECT
I lost three endorsement deals due to hackers, feel free in this comfort zone then digesting all the information, provided in this article from Mr. XYZ lost endorsement.
Fraud/Scam victims think every show-off attack goes through hackiing, sometimes it is a HUMAN DEFECT through Greediness, Curiosity, Helpfulness, Fear, Trust, and Urgency that let the adversaries to exploit attack. I will give you some scenarios have encountered before:
This message is from the Federal Government of Nigeria we hereby plead you to submit your account details in other to receive your COVID-19 allowance else you call this contact for more info: +23480548……” — — Curiosity
Central Bank of Nigeria is giving out a stipend to undergraduate students based on the ASUU strike claim your stipend with the provided link — — Greediness
Hi Janet, Jennifer dad was in a horrific car accident along Lagos Ibadan Expressway and have been rushed to the nearest hospital which they requested for #500,000 naira please help to support in donations with these links — — Trust
Bola please help me to forward #10,000 into my account right now I got raped all my cash has been left out with me, so that I’ll run out of the premises right now.. — — Urgency
Mr. XYZ we’ve been starving for over 3-days no hope for food and 200 orphans are here in our auditorium please make donations to the orphans, and feed a soul with the provided links — — Helpfulness
All the scenarios may appear to you one way or the other. This form of scenario is called PHISHING.
PHISHING is one of the most widespread forms of online fraud and this is how it appears to you through human feelings.
The Anti-Phishing Working Group (APWG), which was formed in 2003, defines phishing as “a criminal method that uses both social engineering and technological tricks to gain credentials from victims.”
Also, Phishing is a form of sending emails or web pop-ups that falsely claim to be legitimate enterprises attempting to scam or surrender your PII(Personal Identifiable Information)such as BVN(Bank Verification Numbers), Driving License, NIN(National Identity Number), Medical Information, and Other Critical Information (CI) such as Password, Passcode to enter building rooms, Email Address, Financial Data e.t.c
Social media profile is a goldmine of information for potential adversaries(Hackers, Competitors, Insiders, Terrorist).
Social Engineering is the act of obtaining or posing to obtain your vital information and its attack is split into three(3):
1. Deceptive Phishing Attack
2. Spear Phishing
3. Whaling Phishing
Deceptive Phishing is a form of attack that posed to hijack an enterprise’s email or institution. This kind of attack occurs by receiving emails from the bank requesting your credit account information by clicking on the links issued likewise receiving emails from unsolicited potential requesting your Medical Information. This kind of attack is sent to a large group of individuals.
Spear phishing is an attempt to gain unauthorized access to sensitive information by targeting a specific organization or individual(Tonasobe — Nokia 3310 users, Smartphone users, Food Hawkers)e.t.c. sometimes people that appear to be Mr. XYZ might come with this phase.
Whaling Phishing, You’ll be wondering about what is whaling this is a slogan used by LAS VEGAS Casino Gamblers who are a willing risk to gambling with large sums of MONEY. these attacks are for those big MEN IN politics, Highly employees, CTO(Chief Technology Officer), CEO (Chief Executive Officer), and Celebrities whose motivations are to compromise Business Emails. This is the kind of attack that appears on Mr. XYZ
COUNTERMEASURES
1. MFA/2FA: MFA(Multi-Factor Authentication) is a form of receiving multiple codes after the password has been input to authenticate the authorized user’s access likewise 2FA(Two Factor Authentication) is also a form of passcode sent to email or phone primary key to authenticate the authorized users you learn more about social media account that have 2FA/MFA (Authy.com).
2. Password Manager: This is a software application that helps to generate strong passwords and save, and helps to manage the password and weed out reused passwords with notifications to avoid data breaches. Examples of password managers are Lastpassword, 1password, Kaspersky password manager, and Keepass. e.t.c.
3. Consult security experts about challenges you encounter over your critical information.
4. Don’t reuse your password different passwords for different accounts simply because if one password breaches other accounts are at risk.
5. Last but not least, Think before you click on any links be they from legitimate sources, this is the hole we have in every society if it is found say every time “I’ll Shred Unsolicited Links and I’ll Think Before I Click”.
Yahoo Boys / Internet fraudster doesn’t claim your data, sometimes they test your psychology about the levels of security in you before they attack.
If Technology Increase by 5%, Security Awareness should Increase by 10%.
Author: Abdul Basit Rotimi
