Legal Implications of Phishing within the Nigerian Legal system.
By Habeeb Muhammed Olanrewaju
ABSTRACT
Phishing as a deceptive cyber attack strategy, poses a significant threat to individuals and organizations within the Nigerian context. It is a form of social engineering strategy to make the victim disclose his personal and protected information most especially electronic personal or organizational information. This article explores various types of phishing, such as voice phishing, spear phishing, email phishing, pharming, and pop-up phishing. It delves into the nuanced legal implications intrinsic to the Nigerian legal system, scrutinizing constitutional provisions under the 1999 constitution as amended, the Nigeria Data Protection Act of 2023, and the Nigeria Cybercrime (Prohibition, Prevention, etc) Act of 2015.
INTRODUCTION
Phishing is one of the tricky technique practiced or adopted mostly by hackers to obtain essential personal information about a victim which varies from being an individual to firms of all sizes. It is a cyber attack approach characterized by disguised form of social engineering whereby a perpetrator would send a message or make a call to a particular person or a firm in such a way to make them reveal very essential information about such personality such as: Bank account details, credit or debit card details, social media account details or any details to gain access to a particular dealing which such a victim belongs to. It can also be aimed at getting access into a person’s electronic devices such as personal computers, Smartphones e.t.c thereby making such a person install a particular malware into his computer disguised as being an essential tool.
Section.58 of Nigeria Cybercrime prohibition and prevention Act 2015 has defined the act of Phishing as;
“Phishing” means the criminal and fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication through e-mails or instant messaging either in form of an email from what appears from your bank asking a user to change his or her password or reveal his or her identity so that such information can later be used to defraud the user;
EXAMINATION OF PHISHING TYPES
The following are some of the most common methods, general and types of Phishing techniques;
1. Voice Phishing: This stratagem relies on exploiting telephonic communication, with perpetrators assuming roles of trustworthiness to extract sensitive information from unsuspecting victims. This happens by making a call to the potential victim whereby the caller would appear very decent so as to obtain his personal information thereby making him unveil such an essential information unconsciously.
2. Spear Phishing: A targeted approach, this technique singles out specific individuals within organizations, employing sophisticated tactics like deceptive emails laden with malicious file downloads to extract sensitive organizational information. A good instance is sending a deceptive pdf file titled “sales record for the year of 2023” which is actually a malicious file intended to make the receiver computer a victim of phishing.
3. Email Phishing: Characterized by deceptive emails, this method seeks to hoodwink recipients into divulging personal or financial information, masquerading under the guise of legitimate sources, such as banks or social media platforms.
4. Pharming: This strategy targets individuals through ostensibly legitimate sources, redirecting users to malicious websites that compromise confidential information and expose them to potentially illicit content.
5. Pop-up Phishing: Utilizing counterfeit pop-up windows or messages, perpetrators aim to deceive individuals into disclosing personal or financial information. These deceptive pop-ups often mimic the appearance of legitimate websites or applications.
LEGAL PROVISIONS PROHIBITNG THE ACT WITHIN NIGERIA
1. Constitutional Provision (Section 37): The 1999 Constitution unequivocally guarantees and protects citizens’ right to privacy, extending to electronic devices. The act of phishing, as an infringement upon this fundamental right, is expressly and strictly prohibited.
2. Nigeria Data Protection Act 2023 (Section 32): Committing phishing constitutes a direct breach of this legislative act, particularly if the alleged perpetrator lacks the official designation of a duly appointed data protection officer, as mandated by the law.
3. Nigeria Cybercrime Act, 2015 (Section 32(1): Section 32(1) of this act establishes the criminality of engaging in computer phishing. The legal consequences include a potential penalty of 3 years imprisonment, a fine of N1,000,000.00, or both, contingent upon the specific circumstances of the offense or to what extent the effect of such act.
LEGAL IMPLICATIONS
Relying on the statutory provisions cited above it can be implied that the following are the legal implications on the perpetrator of the act of phishing;
1. Criminal liability: Individuals convicted under Section 32 face imprisonment for up to 3 years or a fine of N1 million, or both.
2. Civil liability: Victims of phishing may sue the perpetrators for damages, such as financial losses or reputational harm.
3. Vicarious liability: Organizations may be held vicariously liable for the phishing activities of their employees if they failed to implement adequate security measures or were negligent in their supervision. Thereby such an organization may have to pay damages for negligently disclosing to the public, personal information of their customers which can be tantamount to victim.
RECOMMENDATIONS
To fortify defenses against falling victim to phishing attacks, individuals are advised to:
1. Exercise heightened caution when confronted with unsolicited calls, especially those soliciting personal information.
2. Verify the legitimacy of emails, softwares or websites particularly those requesting sensitive information, by cross-referencing with established communication channels or by making a scrutiny research about such piece of information or software.
3. Regularly update and utilize reliable security software to proactively detect and thwart phishing attempts.
4. Institute comprehensive education initiatives for employees and individuals, fostering awareness about recognizing and resisting phishing attempts, coupled with emphasizing the paramount importance of safeguarding personal information.
5. Precautions must taken to what kind of platforms an individual would subscribe to and information you disclose to the public be it physical or virtual such as websites, social media groups etc.
By conscientiously adhering to these recommendations, individuals can actively contribute to the establishment of a more secure digital landscape, thereby mitigating the risks associated with phishing attacks within the Nigerian context.
REFERENCES
Section.37 of 1999 constitution of the Federal Republic of Nigeria
Nigeria Data Protection Act 2023 (Section 32)
Nigeria Cybercrime Act, 2015 (Section 58 and Section 32(1))
*************************************************************************************
This work is published under the free legal awareness project of Sabi Law Foundation (www.SabiLaw.org) funded by the law firm of Bezaleel Chambers International (www.BezaleelChambers.com). The writer was not paid or charged any publishing fee. You too can support the legal awareness projects and programs of Sabi Law Foundation by donating to us. Donate here and get our unique appreciation certificate or memento.
DISCLAIMER:
This publication is not a piece of legal advice. The opinion expressed in this publication is that of the author(s) and not necessarily the opinion of our organisation, staff and partners.
PROJECTS:
🛒 Take short courses, get samples/precedents and learn your rights at www.SabiLaw.org
🎯 Publish your legal articles for FREE by sending to: eve@sabilaw.org
🎁 Receive our free Daily Law Tips & other publications via our website and social media accounts or join our free whatsapp group: Daily Law Tips Group 6
KEEP IN TOUCH:
Get updates on all the free legal awareness projects of Sabi Law (#SabiLaw) and its partners, via:
YouTube: SabiLaw
Twitter: @Sabi_Law
Facebook page: SabiLaw
Instagram: @SabiLaw.org_
WhatsApp Group: Free Daily Law Tips Group 6
Telegram Group: Free Daily Law Tips Group
Facebook group: SabiLaw
Email: lisa@sabilaw.org
Website: www.SabiLaw.org
ABOUT US & OUR PARTNERS:
This publication is the initiative of the Sabi Law Foundation (www.SabiLaw.org) funded by the law firm of Bezaleel Chambers International (www.BezaleelChambers.com). Sabi Law Foundation is a Not-For-Profit and Non-Governmental Legal Awareness Organization based in Nigeria. It is the first of its kind and has been promoting free legal awareness since 2010.
DONATION & SPONSORSHIP:
As a registered not-for-profit and non-governmental organisation, Sabi Law Foundation relies on donations and sponsorships to promote free legal awareness across Nigeria and the world. With a vast followership across the globe, your donations will assist us to increase legal awareness, improve access to justice, reduce common legal disputes and crimes in Nigeria. Make your donations to us here or contact us for sponsorship and partnership, via: lisa@SabiLaw.org or +234 903 913 1200.
**********************************************************************************