WhiteHat NG is Nigeria's leading CERT-style Information Sharing and Analysis Center (ISAC). Founded in 2019, it serves as a people's Computer Emergency Response Team, providing cybersecurity advisories, vulnerability disclosure services, and threat intelligence to protect Nigerian cyberspace. WhiteHat NG publishes security advisories about vulnerabilities and threats affecting Nigerian organizations and citizens.

How do I report a security vulnerability to WhiteHat NG?

You can report security vulnerabilities through WhiteHat NG's Vulnerability Disclosure Program (VDP) at whitehat.ng/vdp/report. The platform accepts reports about vulnerabilities in Nigerian digital infrastructure, government systems, and private sector applications. All reports are handled confidentially by trained security professionals who coordinate responsible disclosure with affected organizations.

What types of security advisories does WhiteHat NG publish?

WhiteHat NG publishes four severity levels of security advisories: Critical (immediate action required), High (significant risk), Medium (moderate risk), and Low (minimal risk). Advisories cover topics including software vulnerabilities, malware campaigns, phishing attacks, data breaches, and emerging cyber threats affecting Nigeria. All advisories are available via web and RSS feed at whitehat.ng/advisories.

Is WhiteHat NG affiliated with the Nigerian government?

WhiteHat NG operates as an independent, community-driven cybersecurity organization. While it collaborates with government agencies and private sector partners on security matters, it maintains independence to serve as a trusted neutral party for vulnerability disclosure and security coordination. This independence allows WhiteHat NG to advocate for both security researchers and affected organizations.

How can organizations partner with WhiteHat NG?

Organizations can partner with WhiteHat NG through several programs: becoming an information sharing partner for threat intelligence, participating in the Vulnerability Disclosure Program as a receiving organization, sponsoring cybersecurity awareness initiatives, or contributing to advisory development. Contact partnerships@whitehat.ng or visit the About page for more information on collaboration opportunities.

Alert: Deceptive Practices Targeting Bank Customers

Overview

These malicious actors have been quick to capitalize on the situation by setting up fake or replica versions of corporate banking websites to deceive individuals into divulging their personally identifiable information.

Example of Deceptive Tactics

Phishing Site Example

The image above shows an example of how threat actors create convincing fake websites to harvest credentials.

Attack Methodology

Phishing Infrastructure

Domain Registration: Typosquatting and look-alike domains
Website Cloning: Pixel-perfect copies of legitimate bank sites
SSL Certificates: Free certificates to display the padlock icon
Hosting: Bulletproof hosting to avoid takedowns

Distribution Channels

SMS phishing (Smishing)
Email phishing campaigns
Social media advertisements
Search engine manipulation
WhatsApp messages

Observed Targets

Several Nigerian banks have been impersonated:

First Bank
GTBank
UBA
Access Bank
Zenith Bank
And others

Red Flags

URL Indicators

Misspellings in domain names
Extra characters or hyphens
Unusual TLDs (.xyz, .online, etc.)
IP addresses instead of domains

Page Indicators

Requests for full card details including CVV
Requests for OTP or tokens
Grammar and formatting errors
Missing or broken features

Protective Measures

For Customers

Always type bank URLs directly—never click links
Verify the SSL certificate details
Use official banking apps
Enable transaction alerts
Never share OTPs with anyone

For Banks

Implement domain monitoring
Rapid takedown procedures
Customer awareness campaigns
SMS sender ID protection
Email authentication (DMARC)

Response

If you've entered information on a fake site:

Contact your bank immediately
Change your passwords
Monitor your accounts
Report to authorities

WhiteHat NG Banking Security Alert