Put a finger down if you don’t joke with your bank account and would literally spiral if you smell any funny business around it. If your finger is down, the update in this article is for you.
You know how you gently drop “it can never be me” when someone comes on X to scream about money that has suddenly disappeared from their bank account? The National Information Technology Development Agency (NITDA) is saying it could be you like mad.
What’s going on?
On Monday, December 9, the Computer Emergency Readiness and Response Team (CERRT) at NITDA released a public advisory warning Nigerians of the new version of a banking malware called Grandoreiro which has been stealing sensitive information such as banking credentials and personal data from users worldwide.
How can Grandoreiro steal from you?
NITDA says the malware steals from users through complex phishing schemes (like emails and fake websites) that trick them into downloading harmful software, posing as important updates or documents.
Once the malware is installed on users’ systems, it bypasses security controls and gives it access to users’ devices. This means that the malware can intercept or bypass the usual Two-Factor Authentication (2FA) methods, like One-Time Passwords (OTP), usually put in place by banking institutions to steal from users.
In what specific ways can Grandoreiro harm you?
- It can bypass your system and enable unauthorised banking transactions
- It can steal your identity
- It can exploit you by taking control of your devices and bypassing security measures.
How can you safeguard your devices against Grandoreiro?
To protect your devices from the malware, NITDA strongly advises that you do the following:
- Avoid links and attachments from unfamiliar email addresses
- Do not download software from untrusted sources
- Enable Multiple Factor Authentification (MFA) on your online banking accounts to protect them
- Do not use public WIFI to make financial transactions. If you must, be sure to use a VPN
- Monitor your bank accounts closely and often in order to flag unusual activities or transitions
- Make sure that the antivirus software in your devices is always updated
In the case of suspicious activities, contact the Computer Emergency Readiness and Response Team (CERRT) at NITDA either through their email address (cerrt@nitda.gov.ng ), their phone number (+2348178774580), or website.
