Senior Citizens are hot targets for hackers. A number of factors come into play. First, unlike many younger users online, they may have savings built up over their lifetimes. Physically they are susceptible to giving their personal banking information without knowing the consequences. There is a high probability of Trust and susceptibility while interacting online.
2. INTRODUCTION
Senior Citizens are hot targets for hackers. A number of factors come
into play. First, unlike many younger users online, they may have
savings built up over their lifetimes. Physically they are susceptible to
giving their personal banking information without knowing the
consequences. There is a high probability of Trust and susceptibility
while interacting online.
Perhaps older adults who haven’t spent much time online are easier
to trick. Majorly, older citizens are susceptible to personal
information attacks or identity theft. The information collected by
attackers can include names, BVN, date of birth, as well as bank
account information, Passport Numbers, NIN and so on.
Attackers can use social engineering methods (Phone calls, Text
messages), Rouge access devices (Free Wifi), Public Email (Yahoo,
Gmail, Outlook etc) Social media Sites (Facebook, Instagram, Twitter,
Tiktok, Ads etc) to get this information from unsuspecting victims.
3. TYPE OF ATTACKS
These kinds of attack spread across various industries which include
Social media, Financial systems, Pension funds and so on. Some of the
methods of attacks include the following;
Social Engineering methods
1. Phishing (via Email)
2. Spear Phishing (via Emails)
3. Vishing (via Phone calls)
4. Smishing (via Text messages)
5. Pretexting (Via Text messages and Emails)
6. Baiting (Via Text messages, Social media messaging and Emails)
Rouge Free Wifi
Physical Threats
Cyber Blackmail
4. PHISHING ATTACKS VIA EMAIL
This technique in which an attacker sends fraudulent emails, claiming to
be from a reputable and trusted source. For example, an attacker might
send an email that appears to come from a customer representative of
your bank. They could claim to have important information about your
account but require you to reply with your full name, birth date, BVN and
account number first so that they can verify your identity.
Scenario: Receiving a link in your email stating something potentially
wrong with your bank account. When the user clicks on the link they see a
similar page to login to their Internet banking. This kind of page is mostly
fake, setup to harvest your bank account and password for fraudulent
purposes.
Ultimately, the person emailing is not a bank employee; it's a person
trying to steal private data or personal information or perform a
fraudulent transaction.
5. PHISHING This screenshot properly
depicts a phishing attack to
a Bank Customer.
The sections marked red
shows where to watch out
for when this kind of mail is
received.
6. SPEAR PHISHING VIA EMAIL
This is a type of targeted email phishing. In a spear phishing attack, the
attacker will have done their research and set their sights on a particular
user. By looking through the target's public social media profiles and
using Google to find information about them.
Scenario: In this case, the attacker could create a spear phishing email
that appears to come from his/her bank’s relationship officer or familiar
office. This kind of attack is very specific and the victim is more likely to
fall for the scam since she recognized her relationship officer as the
supposed sender. The user clicks on the link and sees a similar page to
their Internet Banking to fill in banking transaction details.
This can also be done to confirm fraudulent transaction where the victim
is not present
8. VISHING & SMISHING
Vishing short for voice phishing occurs when a fraudster attempts to trick
a victim into disclosing sensitive information or giving them access to the
victim's account over the telephone.
Scenario: One popular Vishing scheme involves the attacker calling victims
and pretending to be from their Bank. The caller ask for sensitive
information like Card PAN numbers, 3 digit CVV and soft token while they
try to complete fraudulent transactions with the users details online.
Vishing scams like this one often target older-individuals, but anyone can
fall for a Vishing scam if they are not adequately trained.
Smishing short for SMS phishing is similar to and incorporates the same
techniques as email phishing and Vishing, but it is done through SMS/text
messaging.
11. PRETEXTING
This is a type of social engineering technique where the attacker
creates a scenario where the victim feels compelled to comply under
false pretenses. Typically, the attacker will impersonate someone in a
powerful position to persuade the victim to follow their orders.
During this type of social engineering attack, a bad actor may
impersonate police officers, higher-ups within the society, Auditors,
investigators or any other persona they believe will help them get the
information they seek.
Scenario: A vivid scenario will be an attempt from a fake CBN official
asking you to fill a form online before a certain period in order to
avoid your BVN being blocked. This can be done either through
emails, text or phone calls.
13. BAITING
This method puts something enticing or
curious in front of the victim to lure them
into the social engineering trap. This is
mostly used to distribute malware on
devices to steal personal information.
A baiting scheme could offer a free
airtime, bonus credit or gift card in an
attempt to trick the user into providing
credentials. This is more prevalent on
social media platform, Facebook and
WhatsApp.
Most times baiting could originate from
personal contact whom their identity has
been stolen online. The attacker uses this
stolen identity to trick other members on
the individuals contact, spreading the
15. PHYSICAL THREAT
Attackers with malicious intent are always present physically, they
could be close friends, family members or strangers wanting to gain
access to our information for malicious purpose.
A Scenario will be an attacker shoulder surfing your Card transaction
PIN over the ATM Counter, Internet Banking or Even Mobile Banking to
later gain access and withdraw funds.
Another scenario will be carelessly leaving physical card, Mobile
devices, tokens and others for people to see and use, this could be
used to perform card not present transactions and transfer.
17. CYBER BLACKMAIL
This kind of attack Is usually done through emails. In this situation an
attacker informs the victims that they have sensitive private
information and would share them to the public, friends or family
unless being paid a ransom fee. These information could be in a text,
picture , audio or video form.
If you fall a victim never send money to attackers and report the
incident to the Police immediately. Also report the attacker thought
the corresponding section at the social medial site or report the email
address.
In most case the claims of the attack could be a lie as they use fear to
extort from victims without having any real information to expose.
20. HOW TO IDENTIFY VARIOUS SOCIAL
ENGINEERING ATTACKS
An Email, Text or Phone call asking for immediate assistance
An Email, Text or Phone call asking you to donate to a charitable
cause
An Email, Text or Phone call asking you to "verify" your
information
An Email, Text or Phone call responding to a question you didn't
ask
21. ASKING FOR IMMEDIATE
ASSISTANCE
Attackers will use language that instills a sense of urgency and
emotional tactics on their victims to try to pressure the victim to rush
into action without thinking about it.
If someone asks you to make an urgent to your BVN number or bank
details via a link sent to your mail, you should slow down and ensure
that the transaction you'll be conducting is legitimate.
22. ASKING TO DONATE TO A CHARITABLE
CAUSE
Social engineers will exploit our generosity with phony requests for
donations to charitable causes which includes payment instructions
on how to send money to the hacker.
By researching you on social media, a social engineer can figure out
what charitable causes, disaster relief efforts, or political campaigns
that you are likely to support. They will use this information to craft
messages aligned with your ideals.
23. ASKING TO VERIFY YOUR INFORMATION
Another approach social engineers will take is presenting a problem that
can only be resolved by you verifying your information. Included in their
message will be a link that brings you to a form to provide your
information.
These messages and forms can look legitimate with the right logos and
branding, which can lull you into believing the sender and the message
are legitimate.
An example will be getting a mail from an attacker asking you to update
or verify you banking information. This is mostly done through Phishing
&Vishing.
24. RESPONDING TO A QUESTION YOU
DIDN'T ASK
Social engineers will pose as s customer service agent from your
bank and send you a message "responding" to a request for help.
Though you never sent a request for help, you might decide that
since you already have a rep contacting you, this would be an
opportune time to receive support for an issue you've been
experiencing.
Inevitably the attacker will request specific information from you to
"authenticate your identity." In reality, they're just stealing your
information.
25. RESPONDING TO A QUESTION YOU
DIDN'T ASK
Social engineers will pose as s customer service agent from your
bank and send you a message "responding" to a request for help.
Though you never sent a request for help, you might decide that
since you already have a rep contacting you, this would be an
opportune time to receive support for an issue you've been
experiencing.
Inevitably the attacker will request specific information from you to
"authenticate your identity." In reality, they're just stealing your
information.
26. PROTECTING YOURSELVES AGAINST
ATTACKS
Use stronger account authentication: Enact 2-factor authentication whenever
possible, which requires you to both enter your username and password,
and then confirm it is actually you seeking to access the account, commonly
via text, phone call, or mobile app.
Use stronger passwords: The longer and more complex the better. Don’t use
a common password across multiple accounts. Password managers can be a
good way to save and store multiple strong passwords.
Be mindful of how you access your accounts: Whether you use a smartphone,
laptop, desktop, or other device, make sure you are up to date with system
updates and security software. Don’t access your retirement or bank
accounts on public computers. Also don’t use other individuals’ device to
access your banking applications.
Security awareness: Subscribe to security news websites to get new trends
on attacks pertaining to you. Continuous learning of ways to avert social
engineers is important.
27. PROTECTING YOURSELVES AGAINST
ATTACKS CONTD.
Be skeptical, and trust your instinct: If an email or phone call looks or seems
suspicious, assume it is. Don’t respond to a suspicious email that appears to
be from your plan administrator. Instead, call them directly to confirm
whether the email is legitimate.
Be mindful of what you share online: The more personal information you
share online, the more likely that information can be used in attempts to
gain access to your accounts. Avoid sharing too much information (Date of
birth, Pet Names, Street Address etc) and sensitive information on Facebook,
Twitter and Instagram.
Use security software: Install security software on your devices from a
reliable source and keep it updated. It is best to run the anti-virus and anti-
spyware software regularly. Be wary of security updates from pop-up ads or
emails. They may actually be malware that could infect your computer.
Be mindful how you handle Payment and Devices: Do not share your Card
PIN with anyone, do not leave your card hanging around, always cover the
PIN Pad when inputing your Card PIN in public ATMS
28. PROTECTING YOURSELVES AGAINST
ATTACKS CONTD.
Avoid Rouge (Free Wifi): Attacker can set a free hotspot to monitor
connection of people that connect to it. Always avoid connecting to Free Wifi
in public places