The Nigerian Government website has been compromised and then used to host a phishing scam, it has emerged today.
The Financial reporting Council section of the site contains an embedded phishing scam. The organisation is in charge of accounting standards and overseeing corporate governance – thankfully not in charge of cybersecurity.
The fisheries exploited the fact that the site was running an out-of-date version of the Joomla content management system, which allowed them to the plant the phishing scam.
The scam was placed via the image directory of the site. The scam simply asks for email, password and a phone number for backup credentials.
Net craft, a UK-based internet services company, has pointed out that this is different from your standard phishing scam, that would seek bank details. This time round, scammers appear to be betting on the fact people use the same passwords across websites.
Image source: Shutterstock/wk1003mike