This article discusses Nigerian law on the prohibition and prevention of phishing in Nigeria. This article aims to explain the cybercrime ‘Phishing’ in Nigeria. The article explains the relevant legislation and court jurisdiction. It also highlights a few examples of phishing and the punishment for phishing in Nigeria.
With the increase in technology use and the internet, crimes have become popular in these internet spaces. The crimes are called cybercrimes, the Merriam-Webster dictionary defines cybercrime as a criminal activity such as fraud, theft, etc. committed using a computer to access, transmit, or manipulate data illegally.
Cybercrimes are performed against a person or organization using a computer as an instrument.
Legislation for the prohibition and prevention of phishing in Nigeria
The relevant legislation for cybercrime in Nigeria is the Cybercrimes (Prohibition and Prevention) Act, 2015. The Act ensures the protection of information. The objectives of the Act are to:
- Provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;
- Ensure the protection of critical national information infrastructure; and
- Promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.1Cybercrimes (Prohibition and Prevention) Act, 2015 s 1.
The office of the National Security Adviser coordinates and enforces cyber security. There are various types of cybercrimes and their penalties are provided in the Cybercrimes (Prohibition and Prevention) Act, 2015. Cybercrimes include cyberterrorism, cyberstalking, computer-related fraud, electronic device theft, phishing, etc.
Section 58 of the Cybercrimes (Prohibition and Prevention) Act, 2015 defines phishing as the criminal and fraudulent process of acquiring sensitive information such as usernames, passwords, etc by acting as a trustworthy entity in electronic communication through emails or instant messaging. The information is used for fraudulent purposes. Phishing has become one of the most common cybercrimes in the present day.
What is phishing?
The whole concept of phishing is to trick unsuspecting customers into releasing information that could later be used maliciously to breach security and perform fraudulent activities.
One popular type of phishing is performed by sending cloned emails that look legitimate to targets. The aim is usually to trick the recipient into providing specific information which could later be used by the sender of the email for malicious activities.
Phishing crimes can occur in various ways such as:
- Email phishing
- SMS phishing
- Website cloning
- Malware phishing
Punishment for phishing in Nigeria
By virtue of section 32 of the Cybercrimes (Prohibition and Prevention) Act, 2015, Phishing is a criminal offence and the offender is liable upon conviction to a term of three (3) years imprisonment or a fine of one million Naira (1,000,000) or both.
Court jurisdiction for cybercrime proceedings in Nigeria
By virtue of section 50 of the Cybercrimes (Prohibition and Prevention) Act, 2015, a Federal High Court, ‘located in any part of Nigeria, regardless of the location where the offence is committed,’ has jurisdiction to entertain cybercrime proceedings in Nigeria if the offence is committed:
- In Nigeria;
- In a ship or aircraft registered in Nigeria;
- By a citizen or resident in Nigeria if the person’s conduct would also constitute an offence under a law of the country where the offence was committed; or
- Outside Nigeria, where- (i) the victim of the offence is a citizen or resident of Nigeria; or (ii) the alleged offender is in Nigeria and not extradited to any other country for prosecution.
The court in imposing the sentence may order an offender to fortify all assets to the Federal Government of Nigeria and the court shall order restitution to the victim of the cybercrime.2Cybercrimes (Prohibition and Prevention) Act, 2015 s 48.
Relevant law enforcement agents have the power to prosecute for the offence of phishing in Nigeria, subject to the powers of the Attorney General.3Cybercrimes (Prohibition and Prevention) Act, 2015 s 47.
By virtue of section 49(2) of the Cybercrimes (Prohibition and Prevention) Act, 2015, ‘[a]n order of restitution may be enforced by the victim or by the prosecutor on behalf of the victim in the same manner as a judgment in a civil action’.
- 1Cybercrimes (Prohibition and Prevention) Act, 2015 s 1.
- 2Cybercrimes (Prohibition and Prevention) Act, 2015 s 48.
- 3Cybercrimes (Prohibition and Prevention) Act, 2015 s 47.