These scams leverage the ongoing distribution of customer assets following BlockFi’s 2022 bankruptcy, tricking victims into surrendering cryptocurrency wallet seed phrases, potentially leading to financial losses.

BlockFi, once a prominent provider of high-yield interest accounts and crypto-backed loans, announced bankruptcy in November 2022.

The company began disbursing repayments to affected clients in 2024 as part of its restructuring plan.

Kaspersky has detected fraudulent emails mimicking BlockFi’s official branding, which falsely invite recipients to “claim the payment” they are “entitled to.” After clicking on the link, users land on a phishing page and are prompted to “connect their wallet”.

The attackers suggest that users import their existing wallet by typing in the secret phrase – this grants attackers direct access to the funds in the victim’s wallet.

“Phishing attacks like this are widespread, capitalising on real-world events to build trust and urgency. Victims who fall for these scams risk exposing their crypto wallets to theft. It’s critical for individuals to verify any communications directly through official channels and to check the address from where the email originates for legitimacy,” comments Roman Dedenok, anti-spam expert at Kaspersky.

The phishing emails feature convincing logos, colour schemes, and language, making them difficult to spot at first glance.

Kaspersky recommends the following steps to avoid falling victim to this or similar scams:

• Do not click on links or respond to unsolicited emails.
• Protect Sensitive Information: Never share banking credentials, wallet seed phrases, or other private keys in response to an email or online form.
• Use Security Tools: Enable two-factor authentication (2FA) on all financial accounts, employ reputable security software and consider using a password manager to safeguard credentials.

With cybercrime on the rise across the continent, energy providers must modernise their systems while safeguarding citizen data and maintaining public trust.

Rebuilding digital trust starts with understanding the current landscape, especially within Nigeria’s energy framework.

The term “energy sector” is broad, so the focus should be on Energy Retail and Energy Service Provision, areas where customer interaction is most direct.

Like banking, energy services are essential and widely used, with both sectors increasingly reliant on digital platforms and exposed to growing cybersecurity risks.

Just as banks have built trust through secure, customer-centric systems, energy providers must adopt a similar approach.

In Africa, energy platforms are becoming prime targets by cybercrime, and even a single data breach can erode public trust. Security and transparency are no longer negotiable, they are the foundation of sustainable growth.

Modernising digital infrastructure is not just about efficiency; it is about creating a trusted environment where customers feel protected and engaged.

To achieve this, energy providers must invest in secure, reliable platforms that safeguard data, improve service delivery, and foster strong relationships with users, mirroring the success seen in the financial sector.

Rapid growth and transformation

However, unlike banks or e-commerce platforms, which often have the agility and infrastructure to respond swiftly to emerging threats, the energy sector is still in a phase of rapid growth and transformation.

This limits its ability to react quickly, making it particularly vulnerable to a wide range of cyber risks.

These risks include:

• Phishing and social engineering attacks targeting employees and systems
• Identity theft and data breaches, often due to internal actors or weak access controls
• Legacy systems that lack modern security protocols, increasing exposure to malware, ransomware and denial-of-service attacks
• Inadequate endpoint protection, particularly on end-user devices, which remain common entry points for malicious activity

Many of these vulnerabilities originate at the retail or consumer-facing level, where compromised devices or poor cybersecurity hygiene can expose core infrastructure.

Internally, how the sector safeguards devices, educates employees and enforces compliance, plays a critical role in either mitigating or amplifying these risks.

Without a proactive, layered approach to cyber resilience, the consequences could ripple far beyond operational disruption, impacting trust, reputation and even threatening national security. Systems such as Two-Factor Authentication (2FA) add a distinct layer of identity protection within the broader security stack.

Reinforcing trust, accountability and resilience

2FA verifies users through a second factor, often time-based and device-linked, making unauthorised access nearly impossible, even if passwords are compromised. It is not just a feature; it is a proactive safeguard that reinforces trust, accountability and resilience across digital environments.

For online organisations using apps or web portals, 2FA integration is now quicker and more flexible. Customer engagement platforms and communication service providers offer APIs that connect seamlessly with existing systems, eliminating the need for complex on-premises 2FA solutions.

By adopting these APIs, organisations can offer 2FA as either an optional feature or a standard part of their service. It provides a scalable, efficient way to enhance security while maintaining a smooth customer journey.

The customer journey lies at the heart of trust. Secure, multichannel engagement, makes this journey smoother, more responsive and reliable. Customers can send secure messages, receive real-time updates, and track every interaction, giving them both control and transparency.

Elevating customer experience

When unexpected activity occurs, instant alerts build awareness and provide peace of mind. Combined with a full engagement history, this builds trust, supports audits and strengthens accountability. In the end, secure digital touchpoints do not only protect, they elevate the customer experience.

Looking ahead, the adoption of Internet of Things (IoT) solutions will drive demand for detailed monitoring and proactive alerts.

This shift emphasises the importance of anticipating threats and instant responses. As digital services become more personalised, customers will expect seamless, automated experiences, requiring security measures to evolve beyond traditional 2FA to include biometrics, behavioural triggers or pre-authorised actions.

In fast-moving sectors like utilities, these trends will drive a need for robust, embedded cybersecurity frameworks that can adapt in real time.

The future of customer engagement will be predictive, frictionless and secured by intelligent, context-aware authentication mechanisms, designed not just to protect, but to empower.

One of the most effective tools in your arsenal against the rising tide of cyber threats is the implementation of two-factor authentication (2FA).

Ethan Bennet from Sonin explains why you should use 2FA for all your online accounts and transactions.

What Is The Threat From Cyberattacks?

Ethan explains, ‘The past few years have witnessed a staggering surge in data breaches and cyberattacks, with cybercriminals relentlessly targeting individuals and organizations alike.

From large-scale hacks of major corporations to the theft of personal information, the consequences of these malicious activities can be devastating.’

Some of the methods they use include:

• Automated Bots: Cybercriminals use fraudulent online bot services to make automated phone calls and bypass 2FA, targeting multiple countries.
• Social Engineering: Threat actors often send an email that is meant to look like it comes from a friend, family member, or trusted authority, trying to trick users into handing over credentials and granting organizational access.
• SIM Hijacking: Hackers can impersonate users and gain control of their phone numbers, allowing them to intercept any 2FA codes sent by text.
• Inundating Users: Cybercriminals overwhelm users with authentication request alerts, hoping they will eventually approve a fraudulent login attempt.
• Stealing Credentials: When targeting companies, once they have gained access details from just one employee, attackers can move laterally, stealing even more credentials, compromising servers and endpoints, and downloading sensitive organizational data.

Sensitive data such as login credentials, financial information, and confidential documents have become the prime targets of these digital predators, leaving victims vulnerable to identity theft, financial fraud, and other forms of exploitation.

The Power Of 2FA

Ethan says, ‘By requiring users to verify their identity through multiple methods, such as a password and a one-time code sent to their mobile device or through biometric authentication, 2FA significantly reduces the risk of unauthorized access.’

Even if a cybercriminal obtains a user’s login credentials, they would still be unable to access the account without completing the additional verification step.

Ethan’s Tips For Enabling 2FA

To enhance the security of your accounts in 2024, consider the following tips for enabling two-factor authentication:

• Identify Accounts and Devices: Make a comprehensive list of all your online accounts, including email, social media, banking, and other critical services, and enable 2FA on each one.
• Utilize Diverse Authentication Methods: Explore the various 2FA options available, such as SMS, authenticator apps, and biometric authentication, and choose the method that best suits your needs and preferences. Ethan says, ‘Authenticator apps and biometric methods are the most secure, so use these if you can.’
• Regularly Review and Update: Periodically review your 2FA settings and update them as necessary to ensure that your security measures remain effective in the face of evolving threats.
• Educate Yourself and Others: Spread awareness about the importance of two-factor authentication and encourage your friends, family, and colleagues to adopt this essential security practice.

[Featured Photo credit: Christin Hume on Unsplash]

However, as 2FA becomes more prevalent, cybercriminals are devising sophisticated strategies to bypass this security layer and gain unauthorized access to your sensitive information.

Trevor Cooke, the online privacy expert at EarthWeb, sheds light on some effective strategies you can use to safeguard your accounts.

How Cybercriminals Are Getting Around 2FA

Credential Harvesting Via Phishing

Cybercriminals start their schemes by crafting deceptive emails, messages, or websites that closely resemble legitimate platforms, luring unsuspecting users to enter their login credentials.

Once users fall for the phishing attack and input their username and password, cybercriminals swiftly harvest this information and attempt to access the victim’s account.

While MFA/2FA may prevent immediate access, cybercriminals are already armed with the victim’s credentials, allowing them to initiate fraudulent activities or further exploit vulnerabilities.

Social Engineering To Obtain Authentication Codes

Trevor states, ‘Once they have your login credentials, phishing attacks move to the next stage. They often employ social engineering tactics to manipulate individuals into divulging their MFA/2FA codes.

Cybercriminals may impersonate trusted entities, such as tech support agents or financial institutions, and create a sense of urgency or fear to coerce victims into providing their authentication codes.’

By exploiting human psychology and trust, cybercriminals trick users into willingly handing over their MFA/2FA codes, thereby circumventing this crucial security layer.

Fake Login Pages And Overlay Attacks

Sophisticated phishing campaigns utilize fake login pages or overlay attacks to intercept MFA/2FA codes in real time.

Victims are directed to fraudulent login pages that mimic legitimate platforms, where they unknowingly input their credentials and authentication codes.

Behind the scenes, cybercriminals capture these codes in real time, enabling them to bypass MFA/2FA protections and gain unauthorized access to the victim’s account before the victim realizes they’ve been compromised.

Account Takeover And Immediate Use Of Stolen Credentials

Once cybercriminals obtain both login credentials and authentication codes through phishing, they swiftly execute account takeovers and initiate fraudulent activities.

With access to the victim’s account, cybercriminals may conduct unauthorized transactions, exfiltrate sensitive data, or exploit the compromised account for further malicious purposes.

Trevor advises, ‘By acting quickly upon obtaining stolen credentials, cybercriminals minimize the window of opportunity for victims to detect the unauthorized access and take corrective actions.’

How To Protect Yourself And Your Business

To defend against these sophisticated phishing tactics and protect against MFA/two-factor authentication bypass attempts, individuals and organizations must adopt a multi-faceted approach:

User Education and Awareness

Educate users about the telltale signs of phishing attacks, including suspicious emails, unfamiliar senders, and urgent requests for login credentials or authentication codes.

Trevor advises, ‘Foster a culture of skepticism and caution, encouraging users to verify the legitimacy of requests and refrain from disclosing sensitive information without proper authentication.’

Advanced Authentication Methods

Implement stronger authentication methods, such as app-based authenticators or hardware tokens, which are less susceptible to phishing attacks compared to SMS-based codes.

Encourage users to leverage these advanced authentication methods to enhance security and resilience against phishing attempts.

Phishing Simulation And Training

Trevor says, ‘Conduct regular phishing simulation exercises and security awareness training to familiarize users with phishing tactics and empower them to recognize and report suspicious activity promptly.’ Provide practical guidance on identifying phishing red flags and responding effectively to phishing attempts, emphasizing the importance of vigilance and caution in the face of evolving cyber threats.

By understanding the specific techniques employed by cybercriminals to exploit MFA/two-factor authentication vulnerabilities through phishing, individuals and organizations can bolster their defenses and mitigate the risks posed by these sophisticated attacks.

Trevor says, ‘Through proactive education, advanced authentication methods, and ongoing vigilance, users can thwart phishing attempts and safeguard their accounts against unauthorized access and exploitation.’

[Featured Image Credit]

This concern increases exponentially with digital banking platforms as the suggested mode of banking.

News headlines such as “Electronic Fraud: I called my bank to block my account but the criminals still cleared my money” and “78,584 e-payment fraud cases recorded in one year” do not help the assertion that digital payments are safe and secure.

However, the truth is that your money is safer in a bank than it is hidden under your bed at home and safer with digital wallets like PalmPay, whose deposits are insured by the Nigeria Deposit Insurance Corporation (NDIC).

For your money to remain secure, aside from the security measures put in place by banks and fintechs, you owe it to yourself to take safety precautions by following these eight vital steps to enhance your bank account security.

1. Create strong passwords

Passwords should be complex but easy to remember. To prevent your bank from being hacked, use a complex password with a mix of uppercase and lowercase letters, numbers, and special characters, for example (GOdsent123@) and avoid using easily guessable information like birthdays, pet names, and names for passwords.

2. Enable Two-Factor Authentication (2FA)

Where applicable, enable two-step authentication for your online banking to ensure an extra layer of security.

Because this requires that a second form of verification is sent to your mobile device, it makes hacking your bank account difficult. Users of the PalmPay app can enjoy its built-in safety and security features.

3. Monitor your accounts regularly

Safety may begin with an ‘S’ but it starts with ‘U’. The human component of safety is as important as the technology side.

Bank security measures are not enough to protect your money; follow safety precautions to enhance your account security.

You are less prone to financial attacks when you keep an eye on your bank statements and transaction history and immediately report any discrepancies to your bank.

4. Protect personal information

Your PIN is called a Personal Identification Number for a reason. You must avoid sharing such and other sensitive information and be cautious about sharing your personal information online, especially on social media.

Thread carefully when using a bank or making payments through a point of sale (POS). Always stay vigilant and watch out for possible irregularities while patronising POS agents.

5. Regularly update banking apps

Failure to regularly update your banking app leaves your account open to fraudsters. This is because the latest bank app updates often include security enhancements like PalmPay’s auto-logout feature.

This security feature requires users to always input their PIN when they reopen the app after each logout.

6. Set limits for your bank account

Beyond having biometric features, many banks and fintech platforms like PalmPay have features that enable you to set account limits for specific activities such as large transactions.

Stay informed on your bank account activity and peg a withdrawal limit to serve as an alarm bell for unauthorized transactions on your account.

7. Beware of phishing attempts

There are going to be numerous phishing attempts during this period. Be cautious about emails, messages, or phone calls asking for personal information.

Do not click on links or download attachments from suspicious sources.

Legitimate financial platforms like PalmPay won’t call, text or email requesting your personal information.

8. Education, education, education

Educate yourself by staying informed about common scams and fraud tactics, and be cautious about clicking on links in emails or text messages, especially if they seem suspicious. We are big on financial literacy in PalmPay.

Take advantage of our Wallet Safety Workshops to educate yourself on best safety practices.

Let’s say that your bank’s safety measures are top-notch and you’ve done everything advised here to enhance your bank account safety but still get hacked by fraudsters, quickly report any fraudulent activity to your bank’s customer support to help you with quick resolution and recovery of stolen funds.