Yesterday, I saw a post about someone who lost millions from one of the popular digital wallets around.
Many people are blaming the owners of digital wallet providers.
I am not here to take sides.
From time to time, people lose money to fraudsters via their bank account or digital wallets.
And in most cases, these losses occur due to the fact that many people are ignorant about a type of deadly scam method known as Phishing.
So, what is Phishing?
This is Wikipedia’s definition:
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.
I will explain better.
Phishing is how many big time online fraudsters start their operation.
They start by sending you an email, instant message or text message that is disguised as if it is coming from your email provider, your bank, a social media platform, the government or an authority site.
If you are a normal internet savvy person, you will easily identify this if it is done by amateurs.
But when done by professionals, many people (even well educated CEOs) easily fall for it.
Phishing emails and text messages often trick you into clicking on a link or opening an attachment.
– They may say they’ve noticed some suspicious activity or log-in attempts
– Claim there’s a problem with your account or your payment information
– Say you must confirm some personal information
– Include a fake invoice
– Want you to click on a link to make a payment
– Say you’re eligible to register for a government benefit
– Offer a coupon for free stuff
Here is a common example:
Let’s say you use GTB.
You may receive an innocent looking email from GTBank (fake).
The purpose of the email is to get you to do either of two things.
(1) Click a link
(2) Download an innocent looking document
If you click the link, you will be redirected to a site that looks exactly like GTBank where you will be asked to provide some important information like your password, PIN, BVN etc.
They probably won’t ask for it directly.
E.g. To get your password, they can tell you to change your password.
Once you supply those details, BINGO!
They got you.
In many cases, you won’t even know that you have exposed your details to scammers.
That is even the easy one.
The second format is more tricky.
This is the one where you are told to download an innocent looking document like a tax receipt, an invoice or bank statement.
These files can be in Jpeg, png, Pdf or zip formats.
But the file you are downloading in this case isn’t a normal document.
It is a hacking document (known as a keylogger) that collects all the passwords you type with your keyboard and sends it to the scammers who own the file.
With that information, they can easily log into your email box, your social media accounts, your bank accounts etc
I only used an EMAIL instance for illustration purposes and because it is the most common.
Again, the phishing messages can be sent to you via social media DMs, Instant messages, Whatsapp, text messages etc
Majority of people who lose the money in their digital wallets or bank accounts have mistakenly been exposed to phishing one time or the other without been aware of it.
For instance, scammers could have gotten access to the login information for your bank account 3 months ago and just waiting till when you have good money in the account before they strike
So, How Can You Protect Yourself?
ONE: The first thing you should do is to activate what is known as “Second factor authentication” for your emails, social media accounts, Whatsapp and every other platform where you need to login.
Second factor authentication is a two-step verification process in which you provide two different authentication factors to verify yourself before you can access your account.
The first verification is your login details (e.g username and password)
The second verification is a code sent to your email address or phone number.
I prefer receiving the code as a text message though. This is okay in case your email isn’t secure.
Don’t say it won’t happen to you.
Activate two or second factor authentication on all your accounts within the next 24 hours.
The information is available on Google.
Just do a search on Google for “How to activate two step verification or second factor authentication for Whatsapp/Twitter/Yahoo/Gmail etc”
TWO: Do not click any link or download any document coming from a bank, government etc for any reason.
Even if it looks safe, just don’t.
If you want to change your password or download your account statement or do anything, browse to the website of the bank or organization.
Anytime you are doing this, always ensure that there is a padlock showing on your browser which signifies you are on a secured site.
If your browser warns you that your information might be shared to a third party, close the window immediately.
Then try again on a different browser or try again later.
THREE: Use a good security software on your computer – Majority of people don’t use security software on their computers and that is shame.
You are just putting yourself out there as a prey to scammers.
A very powerful security software helps you to deal with old or new security threats.
There are many of them out there.
Just don’t use free security software.
The one I use and trust is known as ESET Internet Security.
The truth is there are bad people out there on the internet.
It is simple wisdom to protect yourself.
I know many will read this and do nothing though.
A word is enough for the wise.
I hope this helps.