NIN Scam Alert: Watch Out for Phishing Schemes Targeting Nigerians.
Objective: This report aims to educate people about how cybercriminals trick Nigerians into giving away their National Identity Information through phishing scams. It provides an overview rather than an in-depth analysis.
The “bag guys” like i call them are targeting Nigerian citizens, deceiving them into disclosing their National Identity information. The fraudsters have set up a fake NIMC website with a DNS address https://tr.ee/Nimc-Portal-For-Correction. Many have already fallen victim, and more continue to be tricked by this deceitful site. Even though the website was taken down immediately after this article was published, it is still crucial to reduce this crime by educating people and share scam alerts like this one.
Background story.
Recently, a close friend forwarded me a message about an alleged “NIMC Correction Portal,” claiming that due to numerous complaints, the Federal Government has urged NIMC to open a correction portal where citizens can make changes for free. The message included the following link for correction: https://tr.ee/Nimc-Portal-For-Correction.
Even with my experience, i was nearly tricked until i examined the website address and noticed that it is fishy. I conducted a search on several search engines and found no legitimate results linking to https://tr.ee/Nimc-Portal-For-Correction.
Here’s how the Phishing scheme operates:
- You visit a fake website that looks real but poorly made. It has a form asking for your personal details like your full name, gender, date of birth, email address, phone number, state, and local government area.
2. After you fill out the form and click “proceed,” the website will show a message saying your application was received. It will also ask you to click a green “Check” button to see if you can make changes. While you wait, your personal information is sent to scammers who will probably sell them on the Darknet to some money mule or use it for malicious activities.
3. When you click the button, a message will pop up saying you’re approved to make corrections. It might then ask you to share the fake website link with your contacts. This is how scammers trick people into spreading their fake site.
Further investigation revealed the following:
1. The genuine NIMC website is https://nimc.gov.ng, registered by Elias Okafor under the National Identity Management Commission, with an address at 11 Sokode Crescent, off Dalaba Street, Zone 5, Wuse, Abuja. I won’t delve too deep into details but be cautious of any site that diverges from this official address.
2. The fraudulent site https://tr.ee/Nimc-Portal-For-Correction is a phishing attempt and contains malicious code. It has been blacklisted by PhishTank. For more details, check: https://sitecheck.sucuri.net/results/https/tr.ee/Nimc-Portal-For-Correction
3. Any information entered on this phishing site is redirected to a suspicious blog at https://dgyjjuhbjjj.blogspot.com/?m=1, with IPv4 addresses 151.101.130.133, 151.101.194.133, 151.101.2.133, and 151.101.66.133. These IP are associated with the Internet Service Provider called Fastly Inc. located in San Francisco city, California State, USA.
4. The phishing site was registered on July 4, 2010, by Instra Corporation Limited, an Australian company, the fake website registration set to expire on December 9, 2025. Every other information of the Administrator and registrant were not disclosed which is unusual for Government entities. The lack of transparent contact details is a major red flag.
Here are few tips to help you avoid phishing attacks:
i. Before entering personal information on a website, ensure the website’s URL starts with “https://” and look for a padlock icon in the address bar.
ii. Don’t click on links or download attachments from unknown or suspicious emails. Always verify the sender’s email address and look for signs of phishing.
iii. If you receive an urgent request for personal information from a company or institution, contact them directly using official contact information to confirm the request.
iv. Create strong passwords for your accounts and avoid using the same password across multiple sites. Consider using a password manager like KeePassXC.
v. Add an extra layer of security by enabling two-factor authentication on your accounts whenever possible.
vi. Avoid entering personal information into pop-up windows or forms that appear unexpectedly while browsing.
vii. Keep your operating system, browser, and security software up to date to protect against vulnerabilities.
viii. Stay informed about the latest phishing tactics and scams. Awareness can help you recognize and avoid potential threats.
ix. If you suspect you’ve encountered a phishing attempt, report it to the appropriate authorities or organizations to help protect others.