‍

According to a report by NIBSS, social engineering was the predominant technique for fraud in 2023 in Nigeria. 

‍

Social engineering works by exploiting what makes you human, such as your emotions, trust, curiosity, fear, and habits. 

‍

In the past, these tricks might have been as simple as a fake phone call pretending to be from your bank or a technical support representative. 

‍

Today, cybercriminals have levelled up their game by using advanced tools and creative strategies to manipulate you in ways you might not even recognise. 

‍

What is social engineering?

In simple terms, social engineering is manipulating or deceiving people into doing something that could harm them, such as revealing sensitive information or taking actions they wouldn't normally take. 

‍

Cybercriminals use social engineering primarily to gain unauthorised access to sensitive information, systems, or resources. They know that humans are the weakest link in security, so they exploit this by manipulating people into giving up valuable information or taking risky actions. 

‍

A common example that's been happening is getting a direct message on WhatsApp or LinkedIn from someone who looks like your coworker. This familiar face asks for help with a shared document and sends you a link, claiming it’s urgent. You click the link they sent, thinking it's from a trusted source. But that link takes you to a fake website that steals your login details.

‍

The latest social engineering tricks

Social engineering is no longer limited to fake emails or suspicious phone calls.

‍

Cybercriminals are adapting to how we work, communicate, and interact online.

‍

They’re blending psychological manipulation with modern technology like AI, targeting both individuals and organisations. 

‍

Here are some modern tactics being used by these attackers:

1. Deepfake deception

Deepfake technology has taken impersonation to a whole new level. Cybercriminals use artificial intelligence to create hyper-realistic videos or audio recordings that mimic real people, often CEOs, executives, or trusted individuals.

For instance, a deepfake video of a company’s CEO might instruct an employee to urgently transfer funds for a “critical deal.” 

‍

The CEO's face, voice, and mannerisms are replicated perfectly. This makes the request seem genuine, leaving little room for doubt.

‍

Check out this example of a deepfake video of Bill Gates.
‍

Deepfakes now extend beyond videos. Cybercriminals now use AI to create realistic voices or fake recordings, making it easy to convince unsuspecting individuals. These attacks exploit trust and sound incredibly real. 

‍

This makes them very difficult to spot without extra checks. 

‍‍

2. Social media scams

Social media platforms are a goldmine for social engineers. 

They use these spaces to create fake profiles, impersonate legitimate brands, or craft scams to lure you into sharing information or clicking on malicious links that can steal it. 

‍

Imagine getting a message from your "best friend" asking for a loan or stumbling on a website that looks exactly like your favourite store, only to find out it's a trap. These scammers are getting really good at stealing identities, so you must be extra careful. 

‍

Always double-check things, and if something feels off, trust your gut – it's probably not legit.

‍

3. Business Email Compromise (BEC)

According to the FBI, global BEC scams increased 90% between 2022 and 2023. Business Email Compromise (BEC) remains a serious threat because it's very profitable for cybercriminals. 

‍

They often impersonate high-level executives or trusted vendors to trick employees into sending money or sharing sensitive information. 

‍

BEC scams are even more dangerous because criminals use AI to create incredibly realistic emails. These flawless emails often mention specific projects or company gibberish, making them almost impossible to tell apart from real messages. 

‍

A recent trick involves creating fake invoices that perfectly match a vendor's usual format. This can easily deceive finance teams into paying fraudulent bills.

‍

4. QR code phishing (Quishing)

QR codes are everywhere these days – on menus, bus stops, and even those annoying marketing flyers. 

‍

They're super convenient, but guess what? That's the same reason cybercriminals are now using QR codes . They create fake QR codes that trick you into visiting dangerous websites or downloading malware onto your phone. It's like a hidden trap waiting for you to scan it.

‍

For instance, some restaurants require you to scan the QR code to place an order. Sometimes, scammers swap out these QR codes with fake ones, and when you scan them, you are taken to a fake website that tries to steal your card information. This tactic thrives on our growing reliance on QR codes for quick and easy transactions.

‍

5. AI-generated phishing emails

Gone are the days when phishing emails were riddled with typos and grammatical errors. Now, scammers are using LLMs to write emails that aren’t generic anymore. 

‍

These emails are personalized, mentioning your job, recent projects, and maybe even that vacation you posted on social media. It’s almost like like they're reading your mind! 

‍

This makes it hard to tell if an email is legitimate or if it is a sneaky attempt to steal your information.

‍

How to protect yourself from social engineering

‍

1. Verify through official channels

If you get a request for sensitive information or payment, confirm it through a known and trusted channel. Call the person directly using a verified number or double-check the email address before responding.

‍

2. Think before you click or scan

If you get an email that seems too good to be true, or if a QR code looks suspicious, don't ignore that feeling. Take a step back and verify before you do anything.

‍

3. Be mindful of social media interactions

Limit the amount of personal information you post on social media. Scammers can use this information to make their scams seem more believable. 

Be sceptical of direct messages from unfamiliar accounts, even if they appear from people you know.

‍

4. Use strong passwords and turn on multifactor authentication 

This adds an extra layer of security to your online accounts, making it harder for hackers to get in. Use password managers to create and store strong, unique passwords.

‍

5. Always stay informed

Read articles, watch videos, or take a short course to learn about scammers' newest tricks. Many cybersecurity organizations and resources provide valuable information and training on recognising and avoiding these threats.

‍

6. Report suspicious activity

If you encounter a suspicious email, phone call, or online activity, report it immediately. This helps to warn others and allows authorities to investigate and disrupt the attacks. You can report phishing emails to the platform where you encountered the suspicious activity.

‍

Conclusion

Scammers are getting smarter, but you can stay ahead! 

Be mindful of what you click, scan, and share online. A little extra caution goes a long way toward keeping yourself safe.

--

‍

At Kora, our goal is to connect Africa to the world and connect the world to Africa via payments.

‍

For startups and businesses working in Africa, we provide All The Support You Need ™️ to start, scale and thrive on the continent. Sign up to see all the ways you can thrive with Kora.Cybercriminals aren't just targeting your computers anymore; they're targeting you.