By  Habeeb Muhammed Olanrewaju

ABSTRACT

Phishing as a deceptive cyber attack strategy, poses a significant threat to individuals and organizations within the Nigerian context. It is a form of social engineering strategy to make the victim disclose his personal and protected information most especially electronic personal or organizational information. This article explores various types of phishing, such as voice phishing, spear phishing, email phishing, pharming, and pop-up phishing. It delves into the nuanced legal implications intrinsic to the Nigerian legal system, scrutinizing constitutional provisions under the 1999 constitution as amended, the Nigeria Data Protection Act of 2023, and the Nigeria Cybercrime (Prohibition, Prevention, etc) Act of 2015.

INTRODUCTION
Phishing is one of the tricky technique practiced or adopted mostly by hackers to obtain essential personal information about a victim which varies from being an individual to firms of all sizes. It is a cyber attack approach characterized by disguised form of social engineering whereby a perpetrator would send a message or make a call to a particular person or a firm in such a way to make them reveal very essential information about such personality such as: Bank account details, credit or debit card details, social media account details or any details to gain access to a particular dealing which such a victim belongs to. It can also be aimed at getting access into a person’s electronic devices such as personal computers, Smartphones e.t.c thereby making such a person install a particular malware into his computer disguised as being an essential tool.
Section.58 of Nigeria Cybercrime prohibition and prevention Act 2015 has defined the act of Phishing as;
“Phishing” means the criminal and fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication through e-­mails or instant messaging either in form of an email from what appears from your bank asking a user to change his or her password or reveal his or her identity so that such information can later be used to defraud the user;

EXAMINATION OF PHISHING TYPES
The following are some of the most common methods, general and types of Phishing techniques;
Voice Phishing: This stratagem relies on exploiting telephonic communication, with perpetrators assuming roles of trustworthiness to extract sensitive information from unsuspecting victims. This happens by making a call to the potential victim whereby the caller would appear very decent so as to obtain his personal information thereby making him unveil such an essential information unconsciously.
Spear Phishing: A targeted approach, this technique singles out specific individuals within organizations, employing sophisticated tactics like deceptive emails laden with malicious file downloads to extract sensitive organizational information. A good instance is sending a deceptive pdf file titled “sales record for the year of 2023” which is actually a malicious file intended to make the receiver computer a victim of phishing.
Email Phishing: Characterized by deceptive emails, this method seeks to hoodwink recipients into divulging personal or financial information, masquerading under the guise of legitimate sources, such as banks or social media platforms.
Pharming: This strategy targets individuals through ostensibly legitimate sources, redirecting users to malicious websites that compromise confidential information and expose them to potentially illicit content.
Pop-up Phishing: Utilizing counterfeit pop-up windows or messages, perpetrators aim to deceive individuals into disclosing personal or financial information. These deceptive pop-ups often mimic the appearance of legitimate websites or applications.

LEGAL PROVISIONS PROHIBITNG THE ACT WITHIN NIGERIA
Constitutional Provision (Section 37): The 1999 Constitution unequivocally guarantees and protects citizens’ right to privacy, extending to electronic devices. The act of phishing, as an infringement upon this fundamental right, is expressly and strictly prohibited.
Nigeria Data Protection Act 2023 (Section 32): Committing phishing constitutes a direct breach of this legislative act, particularly if the alleged perpetrator lacks the official designation of a duly appointed data protection officer, as mandated by the law.
Nigeria Cybercrime Act, 2015 (Section 32(1): Section 32(1) of this act establishes the criminality of engaging in computer phishing. The legal consequences include a potential penalty of 3 years imprisonment, a fine of N1,000,000.00, or both, contingent upon the specific circumstances of the offense or to what extent the effect of such act.

LEGAL IMPLICATIONS
Relying on the statutory provisions cited above it can be implied that the following are the legal implications on the perpetrator of the act of phishing;
Criminal liability: Individuals convicted under Section 32 face imprisonment for up to 3 years or a fine of N1 million, or both.
Civil liability: Victims of phishing may sue the perpetrators for damages, such as financial losses or reputational harm.
Vicarious liability: Organizations may be held vicariously liable for the phishing activities of their employees if they failed to implement adequate security measures or were negligent in their supervision. Thereby such an organization may have to pay damages for negligently disclosing to the public, personal information of their customers which can be tantamount to victim.

RECOMMENDATIONS
To fortify defenses against falling victim to phishing attacks, individuals are advised to:
Exercise heightened caution when confronted with unsolicited calls, especially those soliciting personal information.
Verify the legitimacy of emails, softwares or websites particularly those requesting sensitive information, by cross-referencing with established communication channels or by making a scrutiny research about such piece of information or software .
Regularly update and utilize reliable security software to proactively detect and thwart phishing attempts.

Institute comprehensive education initiatives for employees and individuals, fostering awareness about recognizing and resisting phishing attempts, coupled with emphasizing the paramount importance of safeguarding personal information.
Precautions must taken to what kind of platforms an individual would subscribe to and information you disclose to the public be it physical or virtual such as websites, social media groups etc.
By conscientiously adhering to these recommendations, individuals can actively contribute to the establishment of a more secure digital landscape, thereby mitigating the risks associated with phishing attacks within the Nigerian context.

AUTHOR :  Habeeb Muhammed Olanrewaju

Software developer and a Law pupil

He can be reached on 08108685989

REFERENCES
Section.37 of 1999 constitution of the Federal Republic of Nigeria
Nigeria Data Protection Act 2023 (Section 32)
Nigeria Cybercrime Act, 2015 (Section 58 and Section 32(1))