Connect with us

News

ngCERT warns Nigerians over surge in stolen email credentials driving cybercrime – Technology Times

info

Published

on

1781866026 admin ajax.png

Stay connected via Google News


Add as preferred source on GoogleAdd as preferred source on Google

The Nigerian Computer Emergency Response Team (ngCERT) has issued a cybersecurity advisory warning Nigerians and organisations across the country about the rising threat posed by stolen email passwords and login credentials.

Compromised accounts are increasingly being used to enable cybercrime, identity theft, financial fraud and other online attacks, the nation’s internet watchdog said.

The agency raised concerns over the large volume of email credentials exposed through data breaches and subsequently traded on dark web marketplaces and underground forums, where cybercriminals purchase them for malicious use.

According to ngCERT, billions of compromised email credentials are currently circulating online, making email accounts one of the most attractive targets for cyber attackers globally.

“Organisations and individuals are strongly advised to treat email security as a priority and take immediate steps to safeguard their accounts,” ngCERT said.

ngcert-warns-nigerians-over-rising-email-threatngcert-warns-nigerians-over-rising-email-threat
ngCERT warns Nigerians about rising theft of email credentials used for cybercrime, fraud and phishing, urging stronger password and MFA protection. Image credit: image FX.

“Organisations and individuals are strongly advised to treat email security as a priority and take immediate steps to safeguard their accounts,” ngCERT said.

 

Credential theft and automated attacks on the rise, ngCERT says

The advisory explained that cybercriminals routinely harvest usernames, passwords and personal information leaked during data breaches, before selling the data in bulk to other attackers.

These attackers then deploy automated tools to test stolen credentials across multiple online platforms in a technique known as credential stuffing.

Because many users reuse the same passwords across different services, attackers are often able to gain access to multiple accounts using a single set of compromised login details.

ngCERT noted that once email accounts are breached, attackers can access sensitive communications, financial records, personal data and password reset links linked to other online services.

According to the agency, this allows cybercriminals to escalate access across multiple platforms associated with the same email address, significantly increasing the potential scale of damage.

Risks of identity theft, fraud and business email compromise

The advisory warned that successful exploitation of stolen email credentials can lead to unauthorised access to personal and corporate accounts, identity theft and financial fraud through misuse of banking and payment information.

It further highlighted that compromised accounts can be used to launch Business Email Compromise (BEC) attacks and sophisticated phishing campaigns. Because such messages originate from trusted email addresses, they are often more convincing and harder for victims to detect.

ngCERT also warned that exposed email accounts may lead to the leakage of sensitive personal and organisational data, potentially resulting in reputational damage, operational disruptions and significant financial losses.

The agency noted that the rapid expansion of digital services and online transactions has further elevated the importance of email security, as email accounts often serve as the central gateway to multiple personal and business platforms.

Security recommendations for users, organisations

To reduce exposure to cyber threats, ngCERT advised users to create strong and unique passwords for each email account and enable Multi-Factor Authentication (MFA) wherever available.

The agency also urged internet users to avoid password reuse across platforms and consider using reputable password managers to securely generate and store complex credentials.

As part of its guidance, ngCERT encouraged users to regularly check whether their email addresses have appeared in known data breaches using the Have I Been Pwned repository. Users whose credentials are found in breach databases are advised to change passwords immediately and closely monitor accounts for suspicious activity.

Additionally, the agency recommended vigilance against phishing attempts, caution against clicking suspicious links or attachments, and activation of login notifications to detect unauthorised access attempts in real time.

Organisational cyber hygiene, awareness

For organisations, ngCERT advised regular review of account access logs, deployment of spam filtering and anti-phishing systems, and strengthened cybersecurity awareness training for employees.

The agency also emphasised the importance of educating staff and family members on safe email practices and the risks associated with credential exposure.

According to ngCERT, improving awareness, strengthening authentication mechanisms and adopting strong digital hygiene practices remain critical to mitigating the growing threat posed by stolen email credentials and related cyberattacks.

Stay ahead with real-time reports, breaking news, and exclusive insights delivered directly to your phone. Don’t settle for outdated information. Join TECHNOLOGYTIMES NEWS on WhatsApp for 24/7 updates.

Join Our Whatsapp Channel

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

‘Kill bandits, don’t pay ransom’ — Gadgi urges tougher security response

info

Published

on

By

Gadgi.jpg

Yusuf Adamu Gadgi, member representing Pankshin/Kanke/Kanam Federal Constituency in Plateau State, has reiterated his position on banditry, arguing that Nigeria should focus on eliminating criminal groups rather than negotiating with them or rehabilitating surrendered fighters.

Speaking during an interview with TVC News on Sunday, Gadgi acknowledged the emotional burden faced by families of kidnapping victims, saying he understood why many choose to pay ransom in desperate attempts to secure the release of their loved ones.

“It is often very traumatic, especially for family members whose loved ones have been kidnapped and they are asked to pay ransom. I don’t blame them,” Gadgi said.

However, he stressed that his position remains firmly against ransom payments, insisting that military action offers a more effective long-term solution.

“I don’t believe in the school of thought that says pay bandit ransom. If you kill these people, they will not even exist to collect ransom,” he said.

Gadgi pointed to what he described as the successful rescue of abducted schoolchildren in Oyo State through security operations, arguing that decisive military action should replace negotiations with criminal groups.

The lawmaker also criticised government programmes that rehabilitate former insurgents and bandits, describing them as unfair to victims and their families.

“Taxpayers’ money should not be channelled to the so-called rehabilitation. Instead, let the money be channelled to the families of the victims, not to someone who killed your relatives,” he said.

He expressed concern that some rehabilitated ex-fighters could return to criminal activities or compromise national security by providing intelligence to armed groups.

Gadgi maintained that Nigeria’s security forces should focus on confronting and neutralising armed criminals rather than granting them amnesty or rehabilitation.

“Don’t give them ransom, kill them. When they kill innocent people, the security agencies should equally eliminate them whenever they apprehend them,” he said.

Continue Reading

News

They can’t govern Nigeria – APC blasts opposition over missed INEC deadline

info

Published

on

By

APC.jpg

The All Progressives Congress, APC, has criticized the failure of opposition political parties to meet the Independent National Electoral Commission, INEC, deadline for the submission of candidates for the 2027 general elections, saying it exposes their lack of preparedness to govern.

The party made the assertion in a statement issued on Sunday by its National Publicity Secretary, Felix Morka, after confirming that the APC successfully met INEC’s deadline for the submission of its presidential and National Assembly candidates.

According to the APC, although INEC later extended the deadline from July 11 to July 14, 2026, at the request of opposition parties, the development highlighted what it described as the opposition’s inability to effectively manage its internal affairs.

The statement reads: “Our great party satisfied this requirement despite the large number of party candidates contesting on the party’s platform for the various elective offices.

“At the request of opposition political parties that had failed to meet the July 11 deadline, @inecnigeria granted an extension of the deadline to July 14, 2026.

“While INEC acted within its statutory powers and administrative discretion in extending the deadline for opposition parties to upload the names of their candidates, it is noteworthy that the extension was necessitated by the stark failure of opposition parties to manage their internal processes to comply with INEC’s submission deadline, despite having fewer candidates to manage compared to the APC.

“This development provides yet another clear indication of the opposition’s chronic inherent weakness and raises legitimate questions about their operational capacity. Political parties that cannot efficiently conclude their own internal nomination processes cannot possibly be trusted by Nigerians to possess the competence, discipline, or readiness to govern our great nation or its subnational governments.”

The party also accused opposition parties of hypocrisy, recalling their previous allegations that the ruling party influenced INEC’s decisions.

“It is starkly ironical that the same opposition parties have repeatedly peddled false, malicious, and unfounded tales that the APC controls and dictates INEC’s decisions. Yet, as they failed to meet the submission deadline, they shamelessly turned to the same INEC for respite and were granted an extension.

“And the same APC, which would have been the obvious beneficiary if INEC had stood firm on its original deadline, kept its distance, having met the deadline and completed its submission. Again, this underscores the opposition’s hypocrisy and true character as peddlers of fake news and merchants of blackmail.

“With the successful upload of the particulars of all its presidential, vice-presidential, Senate, and House of Representatives candidates on the INEC Candidate Nomination Portal, the APC has, again, demonstrated its leadership, superior organisational capacity, discipline, and solid commitment to due process.

“As we conclude this important phase of the electoral process, we call on all party leaders, stakeholders, members, and supporters to turn their full attention to the task ahead.

“We must remain focused and continue to strengthen our structures at all levels, increase awareness of the massive achievements under President Bola Ahmed Tinubu’s Renewed Hope Agenda, deepen grassroots mobilisation, and prepare for a vigorous, issue-based campaign that will earn our great party a renewed mandate in the 2027 general elections,” it added.

Continue Reading

Trending