Phishing is the number one cyberattack used against individuals, businesses, and institutions in Nigeria. Whether it’s through emails, SMS, WhatsApp, calls, or social media, phishing attacks are responsible for most cases of:

• Bank account theft
• Social media hijacking
• Identity theft
• Fraudulent transactions
• Business compromise
• Data breaches

This article breaks down what phishing is, how it works, real examples in Nigeria, and how you can protect yourself.

What Is Phishing?

Phishing is a cyberattack where scammers trick you into giving them:

• Your passwords
• BVN
• Banking details
• OTP codes
• Email login
• Social media login
• Personal information

They usually pretend to be:

• Your bank
• A government agency
• A delivery company
• A recruiter
• A company you trust
• A friend or relative
• A customer care representative

The goal is to steal information, money, or access to your accounts.

Common Types of Phishing Attacks in Nigeria

1. Email Phishing

Scammers send emails that look like they came from your bank, office, or a known company.

Examples:

• “Your GTBank account has been flagged, update now!”
• “MTN prize reward: click here to claim.”
• “Your parcel is pending delivery, pay ₦500 to release.”

These emails contain:

• Fake websites
• Downloadable malware
• Urgent warnings

2. SMS Phishing (Smishing)

This is extremely common in Nigeria.

Messages look like:

• “Your account will be blocked in 24 hours. Call this number.”
• “You have been credited with ₦120,000 from CBN loan.”
• “Congratulations! You won ₦50,000.”

Once you call back or click the link, the scam begins.

3. WhatsApp & Social Media Phishing

Hackers pretend to be:

• Banks
• Brands
• Friends
• Family
• Sellers

They send:

• Fake giveaways
• Investment opportunities
• Job offers
• “Free data/airtime” links

Many Nigerian WhatsApp groups have been used to spread phishing links.

4. Voice Phishing (Vishing)

Scammers call pretending to be:

• Bank officials
• NIMC staff
• SIM registration officers

They ask for:

• BVN
• ATM details
• OTP code
• Personal info

Legitimate institutions never ask for these details.

5. Website Phishing

They build fake websites that look like:

• GTBank
• UBA
• Zenith
• NIMC
• WAEC
• JAMB
• NIPOST
• CAC

Victims enter their credentials and the scammers steal them instantly.

6. Business Email Compromise (BEC)

This targets companies.

A scammer hacks a company email and tricks the staff into:

• Sending money
• Changing bank accounts
• Approving fake invoices

This has caused millions in losses in Nigeria.

How Phishing Works (Step-by-Step)

1. Scammer pretends to be a legitimate organization

They use:

• Fake email addresses
• Fake caller IDs
• Fake websites
• Fake WhatsApp profiles

2. They create urgency

Examples:

• “Your account will be blocked.”
• “Payment required immediately.”
• “Your package is delayed.”

Urgency prevents victims from thinking clearly.

3. Victim is tricked into clicking a link or giving information

The scammer might get:

• Login info
• Card numbers
• OTP codes
• Personal data

4. Scammer logs into your account and steals money

This often happens within minutes.

5. They lock you out by changing your password

This is why recovery becomes difficult.

Real Examples of Phishing in Nigeria

Bank Phishing

People receive emails claiming:

• “Your BVN is compromised”
• “Your ATM will be blocked”

Victims click the link → lose their savings.

NIMC / SIM Registration Phishing

Someone calls:

“We need to update your NIN or your SIM will be blocked.”

Victims give their info → identity theft.

Delivery Scams

Fake dispatchers ask for:

“₦500 delivery confirmation fee.”

Victims pay → no delivery.

Loan App Phishing

Fake loan apps that steal:

• Contacts
• Gallery
• Messages

Then blackmail victims.

Warning Signs of Phishing Messages

🚩 1. Urgent or threatening messages

Example: “Act now or your account will be closed.”

🚩 2. Bad grammar or spelling mistakes

🚩 3. Suspicious links

Often shortened with:

• bit.ly
• tinyurl
• unknown domains

🚩 4. Requests for personal information

🚩 5. Unofficial email addresses

Example:
gtbankservices@gmail.com
mtncustomersoffice@yahoo.com

🚩 6. Calls asking for OTP codes

OTP = One Time Password
If you give it out, scammers can access your account.

How to Protect Yourself from Phishing

1. Never click suspicious links

Go directly to the official website.

2. Do NOT share these details:

• BVN
• NIN
• ATM PIN
• Card CVV
• OTP
• Password

3. Enable Two-Factor Authentication (2FA)

Prevents unauthorized access even if your password is stolen.

4. Check email sender carefully

Look for spelling errors or suspicious domains.

5. Set your social media to private

Prevents scammers from gathering information.

6. Verify phone numbers

Banks and government agencies don’t call randomly.

7. Use strong and unique passwords

8. Update your phone and apps regularly

9. Educate family members

Most scams succeed because victims are unaware.

What to Do If You Fall Victim

✔️ Immediately change all your passwords

✔️ Enable 2FA

✔️ Contact your bank and freeze your account

✔️ Report to:

• Nigeria Police Cybercrime Unit
• EFCC
• Your bank fraud desk

✔️ Warn friends & family

So nobody else falls for the same scam.

Conclusion

Phishing is becoming more sophisticated, but with awareness and vigilance, you can protect yourself. Remember:

👉 Your bank will NEVER ask for your OTP.
👉 No legitimate company will ask for your password.
👉 Do not click unfamiliar links.

Your safety depends on your awareness — and NoToYahoo is here to help you stay secure.