Nigerians have again been alerted to possible phishing attacks, which may come without any notification. The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) informed that a new phishing attack, which exploits windows zero-day vulnerability, could load a malicious QBot malware on the compromised device without triggering any Windows security alerts.
In its advisory at the weekend, NCC-CSIRT indicated that the vulnerability, which is present in all versions of Windows-based products, presents as Phishing Attacks and Malware threats.
This is even as the National Information Technology Development Agency (NITDA) also advised Nigerians to be on alert while using WhatsApp as their data could be exposed due to recent breach on the platform.
Unconfirmed reports revealed that nearly 500 million WhatsApp users’ mobile phone numbers were leaked recently in a global data breach on the platform.
The NCC-CSIRT reported that ProxyLife security researcher discovered the new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings.
On the WhatsApp issue, NITDA said it became imperative to put over nine million Nigerian users of the app on alert. While noting that the breach portends danger for WhatsApp users, NITDA said: “There is an impending danger of threat actors using these data to carry out malicious activities, which may put users at great risk.”
“Such information could be used to perpetrate cyber-attacks such as smishing and vishing,” it added.
According to NITDA, smishing involves sending an unsuspecting user text message(s) and asking them to click on links or provide personal information, which can be used to scam victims or to launch other attacks.
Vishing, on the other hand, entails the use of phone calls or voice messages by cyber criminals to manipulate or deceive unsuspecting recipients into revealing or giving out sensitive information, which could be used to carry out fraudulent acts. Some preventive measures: In order not to fall victim, NITDA advised WhatsApp users in Nigeria to adhere to the following: enable two-factor authentication on your instant messaging app; do not reveal personal information on your profile and do not respond to requests from untrusted or unknown contacts, asking for your data, passwords, or other verification code via messages or calls.