According to experts in the financial sector, Nigeria loses about N200 billion per year to cybercrime. Today, more and more purchases are made through digital channels, especially online payments. The Internet offers the convenience and ease of buying goods or paying for services via your computer, tablet, or mobile phone. However, the use of online payments is not without its risks. Examples of threats piercing the Digital Financial Services (DFS) in Nigeria can be insider fraud or phishing.
Insider Fraud
Insider fraud involves an individual who works in the organization and has access to all vital information within the organisation. Such individuals use this privilege to steal private information such as bank account numbers, identity cards, etc to adopt peoples’ identities and engage in fraud.
Tips
1. Never give your sensitive/confidential information such as account number, debit card, credit card, insurance number, etc over the phone or via email.
2. Reconcile your bank account monthly, and notify your bank of any discrepancies immediately.
3. Report unauthorized financial transactions to your bank as soon as you detect them.
Phishing
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy. Phishing has a simple approach like an email that redirects the victim to a malicious site that captures and steals information used to authenticate funds transfers out of the victim’s account.
Tips
1. New phishing attack methods are being developed all the time, but they share commonalities that can be identified by knowing what to look out for. For example, a malicious website most likely would appear as http://www.xyz.com instead of https://www.xyz.com. An internet user should pay attention to the letter (s) at the end of the domain name, indicating that a website is secure and safe to use.
2. Do not click on a link in an email or instant message even if you know the sender. Hover over the link to double-check if the destination is the authentic domain.
3. Do not give your information to an unsecured website.
4. Do not be tempted by pop-ups.
