What is Phishing?

Phishing is a type of social engineering attack where cybercriminals disguise themselves as trustworthy entities to trick you into revealing sensitive information like passwords, credit card numbers, or personal data. These attacks typically arrive via email, text messages, phone calls, or fake websites.

Types of Phishing Attacks

Email Phishing
Smishing (SMS)
Vishing (Voice)
Spear Phishing
Whaling
Clone Phishing

Common Phishing Scams in Ghana

Click on each card to learn more about scams targeting Ghanaians

MoMo Fraud

Mobile Money scams via calls & SMS

Click to flip

Mobile Money Fraud

  • "Your MoMo wallet is blocked"
  • Fake customer service calls
  • Requests for PIN or OTP codes
  • "Dial *880# to receive your money"
  • MTN, Vodafone, AirtelTigo impersonation

Fake Bank Alerts

Impersonating GCB, Ecobank, Fidelity, etc.

Click to flip

Bank Phishing

  • "Your account has been compromised"
  • Fake Ghana Commercial Bank emails
  • "Update your BVN immediately"
  • Links to fake banking portals
  • Requests for full card details

Lottery & Prize Scams

"You've won!" - but you never entered

Click to flip

Fake Lottery Wins

  • "You've won GH₵50,000!"
  • Fake MTN, Vodafone promotions
  • "Pay processing fee to claim"
  • WhatsApp lottery notifications
  • International visa lottery scams

Fake Job Offers

Too-good-to-be-true employment

Click to flip

Employment Scams

  • Fake NSS postings
  • "Work from home, earn GH₵5000/week"
  • Fake government job offers
  • Requests for "registration fees"
  • Impersonating legit companies

Romance Scams

Fake relationships for money

Click to flip

Romance Fraud

  • Fake profiles on Facebook, Instagram
  • "Soldier abroad" who needs money
  • "Sugar mummy/daddy" offers
  • Requests for MoMo transfers
  • Dating site scams

Online Shopping Scams

Fake stores & delivery scams

Click to flip

E-commerce Fraud

  • Fake Instagram/Facebook shops
  • "Pay before delivery" - never arrives
  • Counterfeit Jumia/Jiji sites
  • Items look different than photos
  • No return policy or contact info

Remember: MTN, Vodafone, AirtelTigo & Banks Will NEVER:

  • Call and ask for your PIN
  • Request OTP codes via phone
  • Ask you to dial USSD to "receive money"
  • Send links via SMS to "verify" your account
  • Threaten immediate account closure
  • Ask for full card details or passwords

How to Detect Phishing Websites

Learn to identify fake and malicious websites before entering your information

Check the URL

The address bar reveals the truth

Click to flip

URL Red Flags

  • paypa1.com (0/1 instead of o/l)
  • amazon-login.com (extra words)
  • secure.bank.fakesite.com (subdomain trick)
  • Long random strings of characters
  • Always type URLs directly!

SSL Certificate

HTTPS alone isn't enough

Click to flip

SSL Isn't Proof of Safety

  • Free SSL certs available to anyone
  • Phishing sites often have HTTPS
  • Click padlock to view cert details
  • Check if organization name matches
  • Look for Extended Validation (EV) certs

Design Quality

Look for visual imperfections

Click to flip

Visual Red Flags

  • Low-resolution or pixelated logos
  • Outdated website layout/design
  • Broken images or missing elements
  • Inconsistent fonts and colors
  • Poor mobile responsiveness

Navigation & Links

Test where links actually go

Click to flip

Link Testing

  • Hover over links to see real destination
  • Many menu items may be broken/fake
  • "Forgot password" often doesn't work
  • Footer links may all point to login page
  • Social media links may be fake

Form Behavior

Watch how forms behave

Click to flip

Suspicious Forms

  • Asks for too much information
  • Requests full card number + CVV + PIN
  • No input validation or error messages
  • Accepts any input (even fake data)
  • Unusual redirect after submission

Page Information

Check the page metadata

Click to flip

Metadata Checks

  • Right-click → View Page Source
  • Check for suspicious scripts
  • Look for mismatched title/description
  • Missing contact or legal pages
  • Domain age (use WHOIS lookup)

Pro Tip: Side-by-Side Comparison

When in doubt, open the real website in a new tab and compare it with the suspicious one. Look for differences in:
URL structure Logo quality Color scheme Footer content Working links

Use our Live Comparison Tool to view real vs. cloned sites side-by-side!

How to Prevent Phishing

Practical steps to protect yourself and your organization

Email Safety

  • Never click links in unexpected emails
  • Hover over links to preview the URL
  • Don't download unexpected attachments
  • When unsure, contact the company directly
  • Use email filtering and anti-spam

Strong Authentication

  • Use unique passwords for every account
  • Enable Two-Factor Authentication (2FA)
  • Use a reputable password manager
  • Never share OTP codes with anyone
  • Change passwords after suspected breach

Safe Browsing

  • Type URLs directly in the address bar
  • Bookmark important sites like your bank
  • Look for HTTPS (but don't rely on it alone)
  • Avoid public WiFi for sensitive tasks
  • Keep your browser updated

Mobile Security

  • Be cautious of SMS links (smishing)
  • Only download apps from official stores
  • Review app permissions carefully
  • Keep your phone's OS updated
  • Use mobile security software

Organizational Security

  • Regular security awareness training
  • Phishing simulation exercises
  • Clear reporting procedures
  • Email authentication (SPF, DKIM, DMARC)
  • Incident response plans

Report & Respond

  • Report suspicious emails to IT
  • Don't delete - forward for analysis
  • If compromised, change passwords immediately
  • Contact your bank if financial data shared
  • File reports with cybercrime authorities