“The 12 billion dollar scam”

That’s what the FBI nicknamed phishing in 2018; a name that reflected the estimated amount of money lost to the cyberattack globally between 2013 and 2018. In 2018 alone, about $1.2 billion was lost to phishing and in 2020, phishing scammers made over $1.8 billion— more than via any other type of cybercrime.

According to RiskIQ, businesses across the world lose about $17,700 every minute to phishing attacks and top companies lose $25 per minute to cybercrime.

Phishing, also called email-scam, is a method of trying to gather personal information by sending deceptive e-mails to target recipients. Phishing is one of the oldest internet scams, dating back to the ‘90s, and perhaps remains one of the most prevalent cybercrimes. 

The goal of phishing is to fool victims into believing that the message is something they want or need. For instance, the message can be an invoice from a vendor, payment or account update request from the victim’s bank; it could even be a grant/scholarship offer. But one thing phishing emails have in common with other forms of cyberattack is that every phishing email comes with a call to action that prompts recipients to download a link or file. 

Once the victims supply their personal data, the attackers have unfettered access to their identity and proceed to engage in malicious activities such as making purchases with the victim’s credit card or cleaning out their accounts. 

Get the best African tech newsletters in your inbox

Phishing is also widespread in Africa

Across the world, Nigerians are stereotyped as the highest perpetrators of internet scams —especially email scams — and series of recent events and reports somewhat justify this stereotype. But this doesn’t mean Africans aren’t susceptible to phishing attacks.

Phishing attacks are prevalent in the continents and individuals and businesses across Africa have fallen victims to phishing scams. Cybercriminals have become even smarter with their tactics, adapting to changing economic situations and embracing more sophisticated technology to lure people into clicking on things they should not. 

For instance, the COVID-19 vaccine rollout throughout Africa has given rise to ample opportunity for cybercriminals to carry out several attacks that are hidden in what, at first glance, may appear to be relevant information. 

Scammers, posing as WHO or other trusted health organizations, now send phishing emails to unsuspecting victims to offer things like a COVID-19 kit, Coronavirus relief package which include food and cash benefits, or Medicare benefits; then ask them to verify personal information like bank details. Google also said in April 2020 that scammers are sending 18 million hoax emails about Covid-19 to its 1.5 billion Gmail users every day. 

An example of COVID-19 phishing email asking for a bitcoin donation
Another example of COVID-19 phishing email sent in disguise as the UK government

According to Kaspersky, a global cybersecurity company using its deep threat intelligence and security expertise to protect over 400 million and 250,000 corporate clients against cyberattacks, spam constituted almost 30% of email traffic in South Africa and close to 35% in Kenya in H1 2021. 

Over a million phishing attacks were recorded in South Africa in the first half of 2021. In Kenya, over 600,000 phishing attacks were recorded, and its around 400,000 in Nigeria. That’s a combination of over two million attacks in the first half of the year from the three biggest African markets.

This shows that phishing is also a significant threat in Africa. But the company said these numbers represent a reduction from the cyberattacks that were captured within the same period in 2020. South Africa witnessed a 17% decline; Kenya saw a 48% decline, and Nigeria recorded an 18% decline from over two million cases in 2020. 

“This decrease is in line with global trends and supports the decline that Kaspersky research identified happening through the course of last year already. Of course, this does not mean that organisations and consumers can ignore the risk of traditional cybercrime attacks or that phishing, as well as spam, are still not of significant concern across Africa,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa. “Instead, people need to become even more aware of cybersecurity best practices and remain vigilant to protect their personal and business systems from the risk of compromise,” 

How businesses and individuals can protect themselves from phishing scams

While there’s no way to stop scammers from sending phishing emails, there are certain ways to ensure individuals and businesses stop falling victims. 

Once the characteristics of dubious emails have been understood and there’s a consistent effort in looking out for them before taking any action, there’s a high chance of beating phishing activities.

Individuals and businesses are advised to install relevant cybersecurity solutions on their devices, and in addition to that, they should consider the following tips:

  • Review the email address of senders and look out for impersonations of trusted brands or people.
  • Always inspect URLs in emails for legitimacy by hovering over them before clicking
  • Beware of URL that redirects and pay attention to subtle differences in website content: make sure the URL starts with https:// and not http://.
  • Genuine brands and professionals generally won’t ask recipients to divulge sensitive personal information. If an email prompts for such, the next thing to do is to investigate and contact the brand or person directly, rather than hitting reply.
  • Use multiple email addresses, one for personal use and another for online shopping or social media.
  • Do not rush or panic-react, scammers use such tactics to pressure their victims into clicking links or opening attachments.
  • Ensure browsers and operating system software are up to date with the latest patches.
  • Use anti-spam filters in addition to antivirus and Internet security solutions.

Get the best African tech newsletters in your inbox