Authors : Oraka Chinelo Judith

Volume/Issue : Volume 10 - 2025, Issue 2 - February

Google Scholar : https://tinyurl.com/3etd9et4

Scribd : https://tinyurl.com/336b4suk

DOI : https://doi.org/10.5281/zenodo.14928696

Abstract : Social engineering has evolved into a significant threat to cybersecurity in Nigeria as it preys on human vulnerabilities to breach entry into sensitive information. This paper explores the psychological techniques used by social engineers, such as phishing, pretexting, baiting, and urgency tactics and goes further to analyze socio-economic and cultural factors aggravating the tendency to such attacks from the Nigerian perspective. It underscores the vital role that cognitive biases, such as authority bias and reciprocity, play in shaping victim behavior. The paper also discusses vulnerability patterns of low digital literacy, high trust in authority and economic pressures that make citizens and organizations prime targets for cybercriminals. In addition, it discusses very comprehensive countermeasures including public education, stronger authentication protocols, policy enforcement, technological innovations, and grassroots solutions, which are tailored to Nigeria's unique contexts. Thus, it focuses on suppressing or combating these vulnerabilities through a multi-pronged strategy ensuring a collaboration between government, private organizations, and civil society towards building a sustainable digital ecosystem. In this way, this study contributes to the bigger discourse on cybersecurity in developing countries. The study also probated action research into how people in a developing country such as Nigeria can go beyond social engineering threats.

Keywords : Social Engineering; Psychological Tactics; Cybersecurity; Phishing; Vulnerability; Countermeasures.

References :

1. Aborisade, O. P., & Adesanya, O. (2020). Cybercrime in Nigeria: Trends and implications. Journal of Cybersecurity Studies, 5(2), 45–56.
2. Asawo, S. P., & Blue-Jack, A. I. (2016). Collectivism and Organizational Success: Managing Cultural Diversity in Nigeria’s Multicultural Corporations for National Development. ResearchGate. https://www.researchgate.net/publication/308968550_Collectivism_and_Organizational_Success_Managing_Cultural_Diversity_in_Nigeria's_Multicultural_Corporations_for_National_Development
3. Ashiru, A. (2021). Identifying Phishing as a form of Cybercrime in Nigeria: Interrogating the Laws and Exposing the Evil. ResearchGate. https://doi.org/10211258/Number-of-phishing-URLs-Q3-2013-to-Q1-2021_Q320
4. Bosun Tijani. (2024, September 18). Nigeria seeks digital transformation for a stronger economy. World Economic Forum. https://www.weforum.org/stories/2024/09/nigeria-digital-transformation-3mtt-technical-talent/
5. CyberSafe Foundation. (2021). State of cybersecurity awareness in Nigeria: Annual report. Retrieved from https://cybersafefoundation.org
6. Cybrvault. (2024, December 23). What is Baiting in Cyber Security? Cybrvault. https://www.cybrvault.com/post/what-is-baiting-in-cyber-security
7. David, U., & Bode-Asa, A. (2023). An Overview of Social Engineering: The Role of Cognitive Biases Towards Social Engineering-Based Cyber-Attacks, Impacts and Countermeasures. ResearchGate. https://doi.org/10.13140/RG.2.2.12421.12003
8. Fruhlinger, J. (2020, June 4). What is pretexting? Definition, examples, and attacks. CSO Online. https://www.csoonline.com/article/569453/what-is-pretexting-definition-examples-and-prevention.html
9. Izuakor, C. F. (2021). Cyberfraud: A Review of the Internet and Anonymity in the Nigerian Context. ResearchGate. https://www.researchgate.net/publication/350941930_Cyberfraud_A_Review_of_the_Internet_and_Anonymity_in_the_Nigerian_Context
10. Kaushik, K., Singh, S., Garg, S., Singhal, S., & Pandey, S. (2021). Exploring the mechanisms of phishing. Computer Fraud & Security, 2021(11), 14–19. https://doi.org/10.1016/s1361-3723(21)00118-4
11. Kosinski, M. (2024, May 17). Phishing. Ibm.com. https://www.ibm.com/think/topics/phishing
12. Kumar, R., & Tiwari, Dr. Shikha. (2024). Social Engineering: Its Significance and Implications for Future Research. International Journal of Research Publication and Reviews, 5(1), 4255–4263. https://doi.org/10.55248/gengpi.5.0124.0324
13. Li, T., Song, C., & Pang, Q. (2023). Defending against social engineering attacks: A security pattern‐based analysis framework. IET Information Security, 17(4), 703–726. https://doi.org/10.1049/ise2.12125
14. Meta-Techs. (2024). Meta-Techs.net. https://meta-techs.net/pretexting-in-cyber-security/
15. Nation, T. (2019). Confronting dangers of pre-registered SIM cards - The Nation Newspaper. The Nation Newspaper. https://doi.org/10/12140214/cropped-nation-cropped-l-32x32
16. Nigerian Communications Commission. (2022). Internet penetration and cybersecurity in Nigeria. Retrieved from https://www.ncc.gov.ng
17. Nigerian Cybercrime Report. (2022). Annual report on cybercrime in Nigeria. Retrieved from https://www.nigeriancybersecurity.org
18. Nwegbu, M., Eze, C., & Asogwa, B. E. (2015). Globalization of Cultural Heritage: Issues, Impacts, and Inevitable Challenges for Nigeria. ResearchGate. https://www.researchgate.net/publication/265241456_Globalization_of_Cultural_Heritage_Issues_Impacts_and_Inevitable_Challenges_for_Nigeria
19. Olowu, A. Y. (2021). Psychological implications of cybersecurity in Nigeria. African Journal of Psychology, 18(3), 92–105.
20. Punch. (2020). Punchng.com. https://punchng.com/how-nigeria-us-19-others-lost-over-4-1b-to-cyber-fraud-business-scam-in-2020-fbi/
21. Quinlan, L. (2020). A Solution for Human Vulnerabilities to Social Engineering Attacks: The Social Engineering Defence Model. ResearchGate. https://doi.org/10.13140/RG.2.2.35328.66562
22. Rathod, T., Jadav, N. K., Sudeep Tanwar, Abdulatif Alabdulatif, Garg, D., & Singh, A. (2024). A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges. Information Processing & Management, 62(1), 103928–103928. https://doi.org/10.1016/j.ipm.2024.103928
23. Renals, P. (2021, October 7). SilverTerrier – Nigerian Business Email Compromise. Unit 42. https://unit42.paloaltonetworks.com/silverterrier-nigerian-business-email-compromise/
24. Rudra, A. (2024, February 25). PowerDMARC. PowerDMARC. https://powerdmarc.com/what-is-a-baiting-attack/
25. Schneier, B. (2015). Data and Goliath: The hidden battles to collect your data and control your world. New York: W. W. Norton & Company.
26. SentinelOne. (2024, December 11). What is Pretexting? Attacks, Examples & Techniques. SentinelOne. https://www.sentinelone.com/cybersecurity-101/cybersecurity/pretexting/
27. The Cybercrime (Prohibition, Prevention, Etc.) Act. (2015). Official Gazette of Nigeria. Retrieved from https://www.lawsofnigeria.org
28. Thompson, J., Adebayo, I. A., & Emmanuel, E. (2020). Cybercrime and Socio-economic Development of Corporate Organizations in Cross River State, Nigeria. Asian Journal of Scientific Research, 13(3), 205–213. https://doi.org/10.3923/ajsr.2020.205.213
29. UMATechnology. (2024, December 24). What Is a Pretexting Attack and How Can You Protect Yourself? - UMA Technology. UMA Technology. https://umatechnology.org/what-is-a-pretexting-attack-and-how-can-you-protect-yourself/
30. Zainab Alkhalil, Chaminda Hewage, Liqaa Nawaf, & Khan, I. (2021). Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science, 3. https://doi.org/10.3389/fcomp.2021.563060