Cybercrime rises as phishing hits 174% in Nigeria, 438% in Kenya

•Scammers target travelers seeking cheap flights

Menace of cybercrime in Africa sustained a huge rising profile in the first six months of the year with phishing and scams hitting 438 per cent and 174 per cent in Kenya and Nigeria respectively.

Kaspersky, which revealed this, in its new analysis yesterday, said attacks related to data loss threats (phishing and scams/social engineering) increased significantly in Africa in Q2 2022 in comparison with the previous quarter. Kaspersky says its security solutions detected 10,722,886 phishing attacks in Africa in Q2.

The report noted that this type of threat affected Kenyan users the most. During the period, there were 5,098,534 phishing attacks detected in three months, a growth of 438 per cent when compared to the previous quarter. It was followed by South Africa (4,578,216 detections and a growth of 144 per cent) and Nigeria (1,046,136 detections and a growth of 174 per cent).

Kaspersky said social engineering, which is sometimes called “human hacking” scams, are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information. It stressed that the latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts. In the wrong hands, this opens doors to various malicious operations, such as money being stolen, or corporate networks being compromised.

According to the security firm, phishing is a strong attack method because it is done at a large scale. It stressed that by sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.

It explained that phishers deploy a variety of tricks to bypass email blocking and lure as many users as possible to their fraudulent sites, adding that a common technique is HTML attachments with partially or fully obfuscated code. It stressed that HTML files allow attackers to use scripts, obfuscate malicious content to make it harder to detect, and send phishing pages as attachments instead of links.

Kaspersky said while vacation season is high across the globe, scammers are trying to lure travelers, who are looking for interesting places to go, cheap places to stay and reasonably priced flights. Kaspersky researchers have observed intensified scamming activities, with numerous phishing pages distributed under the guise of airline and booking services. The number of attempts to open phishing pages related to booking and airline services in the first half of 2022 was 4,311 in the Middle East, Turkey and Africa (META) region.

Security Expert at Kaspersky, Mikhail Sytnik, said: “Planning a vacation is not easy. People can spend weeks, even months, looking for the perfect place to stay and the tickets to get them there. Fraudsters use this to lure users that have grown tired of searching for great deals. After two years of flight restrictions imposed by the pandemic, travelling is back. But so are travel scams – with intensified scamming activity targeting users through fake booking and rental services. Such attacks are totally preventable, which is why we urge users to be skeptical about overly generous offers. If an offer seems too good to be true, it probably is.”

To keep users protected from phishing and scams, Kaspersky experts recommended that people should carefully look at the address bar before entering any sensitive information, “such as your login details and password. If something is wrong with the URL (i.e., spelling, it doesn’t look like the original or it uses some special symbols instead of letters) don’t enter anything on the site. If in doubt, check the certificate of the site by clicking on the lock icon to the left of the URL.

“Not clicking on links that come from unknown sources (either through e-mails, messaging apps or social networks).

“Visiting the business’ official website if you see a giveaway offered in e-mail or on social media by a travel company or an airline to confirm the giveaway exists. You should also carefully check the links the giveaway ad leads you to.”