Web phishing attacks stand out as one of the simplest, predictable but most popular approach deployed by cyber threats to gain foothold on enterprises and individuals.
Phishing like the word sounds is likened to fishing, and like traditional fishing, the cyber threats use baits to lure unsuspecting victims to its traps. Web phishing attacks are increasingly spreading, as cyber threats leverage on the fact that victims would usually fall for the traps set for them by taking the baits.
Phishing attacks make use of emails, messages, or malicious links and websites to lure victims into disclosing vital credentials hence exposing themselves to attacks. Cyber criminals like physical criminals have been profiled to be beneficiaries of situational crime conditions.
Cyber criminals exploit favourable situations to wreck more havoc on victims. This trend accounts for increased cyber threats incidents during periods of panic, chaos, uncertainties and crisis.
Phishing attacks like other forms of cyber incidents are seen to geometrically surge during these periods users face panic, fear, when they are grossly uninformed or unsure of what the future holds. This trend was observed during the BREXIT, the Australian bush fires and most recently, the COVID 19 pandemic lockdowns.
In Nigeria several situations have provided suitable situations leading to the proliferation of phishing attacks.
The Biometric Verification Number (BVN) policy of the Central Bank of Nigeria was one of such enabling situations exploited by cybercriminals.
Several other situations present like the COVID 19 government and civil society’s palliative schemes and most recently the National Identification Number linkage to mobile numbers.
Factors contributing to the proliferation and success of web phishing attacks include:
- Poor information dissemination; the citizens lacked adequate information on the modalities used in accessing and processing these tasks. This lacunae became an access point for cyber threats to launch attacks on unsuspecting victims.
- Lack of awareness of basic cyber safety hygienic best practices is a huge vulnerability exploited by cyber threats. Citizens lack fundamental knowledge and know-how with regards to cybersecurity do’s and don’ts. Victims have lost huge sums of money by clicking on malicious links, visiting malicious sites or disclosing login credentials to criminal elements passing off as legitimate personnel in calculated phishing attacks.
- Inability to deploy and use proactive and reactive security technologies is a factor creating more vulnerabilities in users. Spam and phishing emails and messages find their way into users’ devices.
- Poor conviction rates of cybercriminals create a near safe haven environment for cyber threats and incidents to thrive.
Combating web phishing attacks is very vital in the fight against cyber insecurities, this is hugely because web phishing attacks are a precursor to more severe crimes.
Credit card frauds, privilege escalation and advanced persistent threats are made possible when cyber threats are gain foothold via successful phishing attacks.
Cyber leverage on successful web phishing attacks as precursors because they understand that like fish in the water, victims will mostly take the baits. These baits could be masqueraded as malicious links to grants, give away, donations or links taking victims to fictitious pages.
Attempts have been made by experts and practitioners to provision prevention, detection, and mitigation strategies for web phishing attacks.
To achieve better results a collaborative approach is encouraged. These strategies include:
- Mass literacy programs on cyber safety hygienic best practices should be embarked upon by the government, civil society groups, organizations, agencies and individuals. These trainings should seek to educate the masses on the dangers involved in disclosure of authentication credentials, and visiting unverified sites.
- Online users should deploy the use of phishing detectors as a way of verifying sites before visiting them, as well as mail and message filters that fish out malicious mails.
- Security of online users should be improved by apprehension, and prosecution of criminals caught perpetrating these scams.
The watchword while transacting business online is to stay “Woke” at all times in the face of a rapidly evolving cyber threats and attack patterns.
Chioma Chigozie-Okwum indigenous to Imo State, Nigeria is a cyber-security researcher, content creator, educator, speaker, strategic planner and “tech-futurist”.
Chioma is currently a lecturer at the department computer science as well as the Director of Information and Communication Technology at the Spiritan University, Nneochi, Abia State, with interests in human factor security, indigenous solution development and persuasive cyber safety adoption.
She can be reached via: [email protected]