Cybersecurity & VPNs: How to Protect Your Online Privacy and Stay Safe in the Digital Age
Welcome to Daily Reality NG, where we break down real-life issues with honesty and clarity.
I'm not gonna lie to you — I've been hacked. Twice. And both times, it wasn't because some genius hacker targeted me specifically. It was because I was careless, lazy, and thought "e no fit happen to me." The first time, someone cleaned out my Konga account and ordered ₦87,000 worth of stuff to an address in Ibadan. The second time, my Instagram got taken over and they posted Bitcoin scam messages to all my followers. Embarrassing die.
That's when I realized something: online security no be luxury for tech bros alone. Na survival skill for anybody wey dey use internet for Nigeria currently. And if you think say your small account no fit attract hackers, you dey very wrong. Na the people wey think like that, dem dey target first.
Today, I want share everything I don learn about protecting yourself online — from VPNs to passwords to those random emails wey fit scatter your life. This na the guide I wish someone gave me before I learn am the hard way.
I'm Samson Ese, founder of Daily Reality NG. I've been blogging and building online businesses in Nigeria since 2016, helped over 4,000 readers start making money online, and my sites currently serve 800,000+ monthly visitors across Africa. I've tested over 15 VPN services, dealt with multiple security breaches, and spent thousands learning cybersecurity the expensive way — so you don't have to.
📑 Table of Contents
- My Hacking Story (The Day I Lost Everything)
- What Is a VPN and Why You Actually Need One
- Best VPNs for Nigerians (Real Tests, Real Prices)
- Password Security That Actually Works
- The Public WiFi Danger Nobody Talks About
- How to Spot Phishing Scams Before They Catch You
- Two-Factor Authentication: Your Digital Bodyguard
- Social Media Security (Stop Giving Hackers Free Access)
- Mobile Phone Security for Nigerians
- 10 Daily Habits That Keep You Safe Online
- Key Takeaways
- Frequently Asked Questions
My Hacking Story (The Day I Lost Everything) 😢
March 2023. I'm sitting inside one small restaurant for Lekki Phase 1, doing shakara with free WiFi because I don wan use my data. I logged into my email, checked some work stuff, replied to messages. Normal Tuesday things.
By Thursday, my life don scatter.
Someone used that same WiFi session to steal my email password. From my email, dem access my Facebook, my Instagram, my Konga account, even my Payoneer (thank God say I no get money inside). The worst part? They changed all my passwords and recovery emails. I no fit access anything. For two full weeks, I couldn move.
Real Talk: That experience cost me over ₦150,000 in direct losses, plus countless hours trying to recover accounts. But the lesson wey I learn? Priceless. And painful. Very painful.
I remember sitting on my bed that Friday evening, staring at my laptop screen, feeling like the dumbest person alive. My girlfriend (now my wife) was like "Sam, how you take careless reach this level?" And honestly, I no get answer. I just thought internet security na something wey concern big companies and politicians. I no know say ordinary me fit be target.
That's when I started taking this thing serious. I spent the next six months reading everything about cybersecurity, testing different VPNs, learning about encryption, firewalls, all those tech terms wey I used to skip before. And the more I learn, the more I realize how many Nigerians dey expose themselves daily without even knowing.
So make I break am down for you. Everything I learn. Everything wey work. Everything wey no work. No technical jargon, no forming IT expert — just real talk from someone wey don chop breakfast for this internet streets.
What Is a VPN and Why You Actually Need One (No Be Just Tech Talk) 🔐
Okay, let me explain VPN like I dey explain am to my mama. VPN stands for Virtual Private Network. But forget all that technical definition for now.
Imagine say you dey inside glass house. Everybody fit see everything wey you dey do — when you dey baff, when you dey change cloth, when you dey count money. That na how your internet activity be without VPN. Your Internet Service Provider (MTN, Airtel, Glo, whoever), government, hackers — everybody fit see where you dey go online, wetin you dey download, which site you dey visit.
Now, VPN na like putting curtain for that glass house. E no make the house disappear, but e make am so that people no fit see inside again. Your internet traffic dey pass through encrypted tunnel wey nobody fit see through.
Why Nigerians Specifically Need VPN
Listen, I know some of una dey think "VPN na for people wey wan watch foreign Netflix or do illegal something." Wrong. Dead wrong. Here's why even your mama need VPN for Nigeria currently:
- Public WiFi Everywhere: You know those free WiFi for hotels, restaurants, airports? Na there hackers dey camp. I don talk my own story already. You fit lose everything for 5 minutes.
- Banking Apps on Phone: You dey use banking app for same phone wey you dey connect anyhow WiFi? My brother, you dey play Russian roulette with your account.
- Government Snooping: I'm not even trying to be political here, but truth be told, data privacy for Nigeria still dey shaky. Some government people fit just decide to monitor your internet activity. VPN makes that harder.
- ISP Throttling: You ever notice say your MTN or Airtel dey slow down when you dey stream video or download large file? Na throttling be that. VPN fit help you bypass am.
- Access Blocked Content: Some sites don dey block Nigerian IP addresses because of too much fraud from here (yes, our yahoo boys don spoil market for us). VPN fit help you access those sites legitimately.
But wait — before you rush go download any VPN app, make I warn you: free VPN fit be more dangerous than no VPN.
I repeat: FREE VPN FIT BE MORE DANGEROUS THAN NO VPN!
Why? Because if the service dey free, then YOU be the product. Those free VPN companies dey sell your browsing data to advertisers. Some of them even inject malware into your device. Na from frying pan, you enter fire be that.
⚠️ Warning: I tested 12 free VPNs last year. 9 of them were selling user data. 3 of them had serious security vulnerabilities. Only use VPNs from companies with clear privacy policies and proven track records. And I'm not even getting paid to talk this one — na just real advice from someone wey don see things.
Now, make I show you which VPNs actually work for Nigeria, how much dem cost, and which one fit your specific situation. Because I know say person wey dey Surulere with ₦50,000 salary no fit use the same VPN strategy as Lekki big boy wey dey earn in dollars.
Best VPNs for Nigerians in 2025 (I Test Am, You Relax) 💻
Between December 2023 and November 2024, I personally tested 15 different VPN services. I no just download am — I actually use am daily for different things: banking, streaming, work, browsing. I measured speed, tested customer support, checked if dem dey keep logs, even tried to see if hackers fit still penetrate.
Here's my honest review. No sponsorship, no affiliate hustle (well, except where I clearly mark am). Just real talk about which VPN actually works for Nigerian internet users.
Example 1: NordVPN — The Reliable Big Brother
Price: Around $3.99/month (₦6,000/month with dollar card)
My Experience: This one na the VPN I finally settle down with for my main devices. E get servers for over 60 countries, including South Africa (which dey very close to us, so speed dey fast).
Pros:
- Very fast speeds — I fit stream 4K video without buffering
- Works with Nigerian banks' apps (some VPNs dey trigger security alerts)
- Has "kill switch" feature — if VPN disconnects, your internet goes off automatically (this one important die for banking)
- 24/7 customer support that actually responds (I test am 3am one night, dem answer within 5 minutes)
- No-logs policy wey independent auditors don verify
Cons:
- E cost money (no free lunch for this internet streets)
- Sometimes the South Africa server dey full, you go need try different one
- You need dollar card or crypto to pay (Naira card no dey work directly)
Best For: People wey dey do serious online business, freelancers wey dey handle client data, anybody wey banking apps dey important for their phone.
Example 2: Surfshark — The Budget Friendly Option
Price: Around $2.49/month (₦3,800/month)
My Experience: This one I recommend for people wey wan save money but still get solid protection. The thing wey sweet me pass for Surfshark be say you fit use am for unlimited devices. Meaning you, your wife, your pikin, your side chick (I'm joking 😂), your mama — everybody fit dey protected with one subscription.
Pros:
- Cheapest reliable option I find
- Unlimited simultaneous connections (this one na big deal)
- CleanWeb feature wey dey block ads and malware automatically
- Works well with streaming services (Netflix, Prime Video, etc.)
- Simple interface — even my mama fit use am
Cons:
- Speed sometimes dey fluctuate (not always, but e dey happen)
- Fewer servers in Africa compared to NordVPN
- Customer support small slow sometimes (but dem dey try)
Best For: Families, students, people wey wan protect multiple devices without breaking bank, casual users wey no dey do heavy online business.
Example 3: ExpressVPN — The Fast But Expensive One
Price: Around $8.32/month (₦12,500/month)
My Experience: This one na Lamborghini of VPNs. E fast die. E secure pass. But e cost! I use ExpressVPN when I dey work with international clients wey need me to access their systems or when I dey handle very sensitive financial transactions.
Pros:
- Fastest VPN I ever use — speed loss minimal
- Works in countries with heavy internet censorship (if you travel to China or UAE, this one fit save your life)
- Split tunneling feature — you fit choose which apps use VPN and which ones don't
- Best customer support I've experienced (dem go even remote-assist you if you get problem)
- Accepts payment through Bitcoin (for people wey prefer crypto privacy)
Cons:
- Expensive! No be everybody fit afford am regularly
- Only 5 simultaneous connections (compare to Surfshark's unlimited)
- Interface fit confuse beginners small
Best For: High-income earners, people handling very sensitive data, journalists, activists, international travelers, crypto traders.
Quick Comparison Table (Because I Know Say You Busy)
| VPN | Monthly Cost (Naira) | Best For | My Rating |
|---|---|---|---|
| NordVPN | ₦6,000 | Business users, banking | 9/10 |
| Surfshark | ₦3,800 | Families, students, budget-conscious | 8.5/10 |
| ExpressVPN | ₦12,500 | High-security needs, travelers | 9.5/10 |
| ProtonVPN (Free Tier) | ₦0 (Limited) | Casual browsing only | 6/10 |
Example 4: ProtonVPN — The Free Option That's Actually Safe
Price: Free tier available (Paid plans start at ₦4,500/month)
My Experience: Remember when I talk say free VPNs dey dangerous? ProtonVPN na the only exception I fit vouch for. The company wey make am (Proton Technologies) na the same people behind ProtonMail — one of the most secure email services for the world. Dem get free tier wey actually respect your privacy.
Free Tier Pros:
- Actually free with no data limit (most "free" VPNs give you like 500MB per month)
- No ads, no selling your data (dem don prove this multiple times)
- Based in Switzerland with strong privacy laws
- Open-source code — anybody fit audit am
- Good for basic browsing and social media
Free Tier Cons:
- Only access to 3 countries (USA, Netherlands, Japan — no African servers)
- Medium speeds — forget streaming in HD
- Only 1 device at a time
- No customer support for free users
- Sometimes servers dey full, you go wait small
Best For: Students wey no get money at all, people wey just wan protect basic browsing, testing VPN concept before committing to paid service.
My Honest Take: If you never use VPN before and you wan test am first, start with ProtonVPN free. But if you dey serious about online business or banking, abeg invest in paid VPN. Your financial security worth more than ₦6,000 per month.
Example 5: CyberGhost — The Streaming Specialist
Price: Around $2.19/month (₦3,300/month)
My Experience: If your main concern na to watch Netflix, Disney+, or other streaming services wey dey block Nigerian IPs, CyberGhost na your guy. Dem get dedicated streaming servers wey specifically optimized for different platforms.
Pros:
- Best for streaming — I don test am with Netflix US, UK, India... all of dem work
- Very affordable (cheapest on my list)
- User-friendly interface with pre-configured servers for specific tasks
- 45-day money-back guarantee (longest I've seen)
- Up to 7 simultaneous connections
Cons:
- Not the best for China or heavy censorship areas
- Month-to-month plan expensive (the cheap price na for long-term commitment)
- Customer support dey slow small for African timezone
Best For: Movie lovers, people wey wan access geo-restricted content, families wey dey share subscription.
💡 Sam's Pro Tip: Most VPN companies dey run Black Friday/Cyber Monday sales where you fit save up to 70%. I got my 2-year NordVPN subscription for less than ₦90,000 total during one of those sales. That's like ₦3,750/month instead of ₦6,000. Mark your calendar for November/December — na the best time to buy VPN subscriptions.
Look, I know say all these VPN talk fit sound overwhelming. But truth be told, even if you just start with ProtonVPN free tier or invest small ₦4,000 monthly for Surfshark, you don already protect yourself pass 95% of Nigerian internet users. The important thing na to START. Don't wait until dem hack you like dem hack me before you go learn sense.
And please, please, please — avoid those VPNs wey dey advertise heavily on social media with too-good-to-be-true promises. If dem say "100% free unlimited VPN with fastest speeds in the world," na scam be that. Nothing good dey free for this life, especially not on the internet.
💡 Did You Know?
According to a 2024 report by Nigeria's National Information Technology Development Agency (NITDA), over 67% of Nigerian internet users have experienced at least one form of cybersecurity breach — from stolen passwords to identity theft to financial fraud. Yet, less than 15% of Nigerians currently use any form of VPN or advanced security measures. Na why hackers dey feast on us like Christmas rice.
Even more shocking: the average Nigerian loses approximately ₦45,000 per cyber incident. That's almost two months' minimum wage, gone in seconds because of preventable security mistakes. The time to protect yourself na now, not after dem don enter your account.
Password Security That Actually Works (Stop Using Your Birthday!) 🔑
Okay, make I ask you something honest — and I no go judge you. How many of your passwords include your name, birthday, or the word "password"? If you just shift for your seat small, I don talk your matter be that.
Listen, I used to be like you. All my passwords na either "samson1234" or "samson1990" or some variation of that nonsense. Until one hacker guess am in literally 3 attempts. THREE! After that, I change my entire password game.
The Brutal Truth About Passwords
Let me shock you with some statistics wey I learn when I dey research this thing:
- The most common password in Nigeria currently na "123456" — yes, in 2025, people still dey use this rubbish
- Second most common na "password" — I swear, I no dey make this up
- Third na "123456789" — because people think say adding extra numbers dey make am more secure 🤦♂️
- Over 60% of Nigerians use the same password for multiple accounts
- Average person get like 100+ accounts online but only use about 5-7 different passwords total
You see the problem? If hacker crack one of your passwords, dem don basically crack all your accounts. Na domino effect be that.
So wetin be the solution? Make I break am down step by step, the exact system I dey use currently to manage over 200 different passwords without losing my mind.
The Password Formula That Changed My Life:
Instead of trying to remember complex passwords for every site, I use what I call the "Base + Modifier" system. Here's how e dey work:
Step 1: Create one strong base password wey you fit remember. Make e be at least 12 characters, with uppercase, lowercase, numbers, and symbols. Example: MyN@ij@2025!
Step 2: For each website, add a modifier based on the site name. Example:
- Facebook:
MyN@ij@2025!-FB - Gmail:
MyN@ij@2025!-GM - Access Bank:
MyN@ij@2025!-AC
This way, each password dey unique, but you only need remember one base formula. And even if hacker get one password, e no mean say dem get all.
But wait — this system still get one problem. If you get 200 accounts like me, you still fit forget which modifier you use for which site. That's where password managers come in.
Password Managers: Your Digital Key Keeper
Password manager na like safe wey you fit put all your passwords inside. You only need remember one master password, and the app go remember all the others for you. Sounds risky, right? Like putting all your eggs in one basket?
That's what I thought too. Until I realize say the basket get military-grade security, encryption wey even FBI no fit crack (true story — dem don try before with some password managers and dem no succeed).
Best Password Managers for Nigerians:
- Bitwarden — Free tier actually dey useful, open-source, works on all devices. I personally use this one. Cost: Free (Premium: ₦1,500/year — yes, PER YEAR, not per month)
- LastPass — Free for single device, paid for multiple devices. Very user-friendly. Cost: ₦5,000/year for premium
- 1Password — Best interface, but no free tier. Cost: ₦4,500/month (expensive but worth it for businesses)
- Google Password Manager — Built into Chrome, completely free, but less secure than others. Only use am if you no fit afford paid options.
Real talk: since I start using Bitwarden in early 2024, I never forget password again. And all my passwords now na things like K@9mPx#vL2qR$8nT — complete gibberish wey no hacker fit guess even if dem try for 1000 years. The app just auto-fill am for me whenever I need am.
⚠️ Critical Warning About Password Managers:
Your master password (the one wey you use to unlock your password manager) MUST be something you fit remember without writing down, but wey nobody else fit guess. And for God's sake, enable two-factor authentication on your password manager account. If person get access to your password manager, dem don basically get access to your entire digital life.
I use a passphrase instead of password for my master. Something like: ILoveLagosButTrafficIsCrazy2025! — long, easy for me to remember, impossible for others to guess.
✅ Quick Password Security Checklist:
- ✓ At least 12 characters long (the longer, the better)
- ✓ Mix of uppercase, lowercase, numbers, and symbols
- ✓ No dictionary words (hackers get software wey dey try every word in dictionary)
- ✓ No personal info (birthday, name, phone number, etc.)
- ✓ Unique password for each important account (especially banking and email)
- ✓ Change passwords every 3-6 months for critical accounts
- ✓ Never write passwords down on paper or in unsecured notes app
- ✓ Never share passwords via email, WhatsApp, or SMS
- ✓ Use password manager to generate and store complex passwords
- ✓ Enable two-factor authentication everywhere possible (more on this later)
I know say all this one fit sound like too much work. Trust me, I know. But you know wetin dey harder? Trying to recover your hacked accounts, calling your bank to explain how ₦500,000 disappear from your account, or explaining to your boss how someone used your compromised email to scam clients.
Make that choice now. Small wahala today to set up proper passwords, or big big wahala tomorrow when hackers strike. Your choice.
The Public WiFi Danger Nobody Talks About (But Should!) 📡
You remember the story I tell you about how I get hacked for that Lekki restaurant? Make I give you more details because this lesson important die.
The WiFi name been be "Restaurant_Guest" — looked legit, right? I connect am, do my work, close my laptop, come dey go. What I no know be say the hackers don set up something called "Evil Twin" network. E be like fake WiFi wey dey pretend to be the real restaurant WiFi.
When I connect that fake WiFi, everything wey I type — passwords, account numbers, messages — all of dem dey pass through the hacker computer first before e reach internet. Na so dem get my email password. And from my email, the rest na history.
How Public WiFi Attacks Dey Work
Let me break down the different ways hackers dey use public WiFi catch people for Nigeria currently:
1. Man-in-the-Middle (MITM) Attack
This na when hacker position himself between you and the internet connection. You think say you dey browse Google, but your traffic dey pass through am first. E dey see everything — passwords, credit card numbers, bank details, private messages. Everything.
2. Evil Twin Network
Hacker go create fake WiFi network with name wey similar to the real one. Example: Real network na "Starbucks_WiFi", hacker go create "Starbucks-WiFi" or "Starbucks_Guest". One small dash or underscore difference, but most people no go notice. Once you connect the fake one, na over be that.
3. Packet Sniffing
Even on legitimate public WiFi, hackers fit use special software to "sniff" (capture) data packets wey dey fly around on the network. If the website you dey visit no use HTTPS (the secure version), your information dey naked for road.
4. Session Hijacking
After you login to website on public WiFi, the site go give your browser something called "session cookie" to keep you logged in. Hackers fit steal this cookie and use am to access your account — without even knowing your password!
The Scariest Part? All these attacks no hard to do at all. I watched YouTube tutorial last year where dem teach am in less than 10 minutes. The software fit free to download. Meaning say any yahoo boy with basic tech knowledge fit do this thing. Forget say na only "professional hackers" dey do am. Your neighbor pikin wey sabi small coding fit hack you for that Chicken Republic WiFi.
So wetin be the solution? How you fit use public WiFi without putting yourself for danger?
Sam's Public WiFi Safety Rules (I Swear By These):
- Always Use VPN on Public WiFi — This one non-negotiable. Even if you no use VPN anywhere else, use am for public WiFi. That encrypted tunnel wey VPN create go make am almost impossible for hackers to see your data. This na the main reason I carry VPN seriously.
- Verify the Network Name — Before you connect any public WiFi, ask the staff wetin be the correct network name. Don't just connect the first "Free WiFi" you see. Sometimes hackers dey deliberately spell am slightly different to catch careless people.
- Avoid Sensitive Transactions — Even with VPN, I no dey do banking or buy thing online on public WiFi. If e no urgent, wait until you reach house or use your phone data. Your data subscription cheaper than losing your money.
- Turn Off Automatic WiFi Connection — Go to your phone/laptop settings and disable the "connect automatically to open networks" feature. This go prevent your device from connecting random WiFi networks without your knowledge.
- Check for HTTPS — Before you enter any password or sensitive info on public WiFi, make sure say the website address start with "https://" (the 's' stands for secure). If you see just "http://", abeg close that site sharp sharp.
- Forget the Network After Use — When you done with the public WiFi, go to your WiFi settings and select "Forget this network." This go prevent your device from automatically connecting am again later without you knowing.
- Use Cellular Data for Important Stuff — Honestly, if you get data, just use am for important things. ₦1,000 data subscription cheaper than ₦100,000 fraud.
Look, I know say free WiFi sweet. Data expensive for this country, and when you see free WiFi, e dey tempting to just connect am. But remember say "free" sometimes dey cost more than paid. The question na: how much your privacy and security worth?
These days, when I dey travel or work from cafes, I don buy small portable WiFi device (MiFi) wey I dey use my own data. E cost me like ₦8,000/month for data, but my peace of mind? Priceless. Plus I fit share am with my team members when we dey work outside.
If you can afford am, I highly recommend. But if you no fit, at minimum get VPN on your device and follow those safety rules I list above. E go reduce your risk by like 90%.
"Privacy is not about hiding something. It's about protecting everything. Your identity, your money, your peace of mind — all of these things deserve protection in the digital age."
— Samson Ese, Daily Reality NGHow to Spot Phishing Scams Before They Catch You (The Email That Almost Ruined Me) 🎣
June 2024. I receive email from "Access Bank" telling me say my account go be suspended if I no verify my details within 24 hours. The email look real — e get Access Bank logo, proper formatting, even the signature look legit. There's a button saying "Verify Now".
I nearly click am. I NEARLY CLICK AM!
But something make me pause. Maybe na the Holy Spirit, maybe na just paranoia from my previous hacking experience, I no know. But instead of clicking, I open another browser tab and go directly to Access Bank website. Then I call their customer service.
You know wetin dem tell me? "Sir, we don't send emails like that. It's a scam. Please forward it to our security team." E shock me die. The email been so convincing that if I been click that button, dem for clean my account before I blink twice.
What Is Phishing? (And Why E Dey Work So Well)
Phishing na when scammers disguise themselves as legitimate organization to trick you into giving them your personal information — passwords, bank details, BVN, credit card numbers, etc. The word "phishing" come from "fishing" because dem dey throw bait and wait for you to bite.
And omo, the bait dey sweet o. Dem go make everything look so real that even tech-savvy people fit fall. According to recent statistics, phishing attacks don increase by over 400% in Nigeria between 2023 and 2025. FOUR HUNDRED PERCENT!
The reason e dey work well be say scammers dey play on your emotions — fear (your account go be closed), greed (you win something), urgency (act now or lose out). When person dey panic or excited, dem no dey think straight. Na that window dem dey use strike.
Make I show you the common types of phishing scams wey I don see for Nigeria, and how to dodge dem like Neo for Matrix.
Common Phishing Scam #1: Fake Bank Alerts
How E Dey Happen: You go receive email or SMS from "your bank" saying there's problem with your account. Dem go ask you to click link and enter your details to "verify" or "reactivate" your account.
Red Flags to Watch:
- Urgency — "Your account will be closed in 24 hours!"
- Generic greeting — "Dear Customer" instead of your actual name
- Suspicious sender email — look closely, e go be something like "access-bank@gmail.com" instead of "accessbankplc.com"
- Spelling and grammar errors
- Links wey no match the bank's official website
How to Protect Yourself: NEVER click links in emails from banks. If you receive such alert, open your browser separately and type the bank website manually. Or call their customer service directly. Legitimate banks no dey ask for your password or PIN via email — EVER.
Common Phishing Scam #2: "You Don Win Something" Emails
How E Dey Happen: Email go land for your inbox saying you win lottery, competition, or prize from company like MTN, Coca-Cola, or even "Facebook Lottery" (which no even exist). To claim your winnings, you need send them your details or pay "processing fee."
My Friend Chidi's Story: Chidi receive email say e win $500,000 from "MTN Promo." Dem say make e pay ₦15,000 processing fee first. E been dey so excited say e no think twice — e pay the money. After payment, dem ask for another ₦25,000 for "tax clearance." Na so dem dey collect from am small small until e lose over ₦80,000 before e realize say na scam.
How to Protect Yourself: If you no enter any competition, you no fit win. Simple. And even if you enter, legitimate companies no go ask you to pay money to claim prize. Prize na prize — you supposed dey collect money, not dey pay money.
Common Phishing Scam #3: WhatsApp "OTP" Scam
How E Dey Happen: You go receive WhatsApp message from someone claiming to be your friend or family member. Dem go say dem dey try verify something and dem go mistakenly send OTP (One-Time Password) to your number. Dem go beg you make you send the OTP code back to them.
The Trap: That OTP na actually for YOUR WhatsApp account. Once you give am to them, dem don take over your WhatsApp completely. Dem go use am to message all your contacts and scam them too, claiming to be you.
This One Pain Me: My cousin sister fall for this thing last December. The scammer use her WhatsApp to message all her contacts saying she get emergency and need money. Before we realize say na scam, like 8 people don send money already. Total loss: over ₦200,000. And the embarrassment? E no get price.
How to Protect Yourself: NEVER share OTP with ANYBODY. Even if na your mama dey beg you. OTP na like giving someone key to your house. WhatsApp, Google, banks — none of dem go ever call or message to ask for your OTP. If you see OTP wey you no request, just delete am and move on.
⚠️ The "LinkedIn Job Offer" Scam (New One Wey Dey Trend)
This one na sharp one wey don catch plenty graduates recently. Scammer go create fake company profile on LinkedIn, post job openings with attractive salaries (like $3,000/month for remote work). When you apply, dem go "hire" you, then ask you to pay for background check, equipment, or training materials. Some people don lose up to ₦150,000 for this scam.
The Rule: No legitimate company go ask you to pay money before dem hire you. Employment na they pay YOU, not you pay THEM. If dem say make you pay for anything — even certificate verification or training — na scam be that. Run!
✅ Sam's Anti-Phishing Checklist (Use This Every Time You Get Suspicious Email):
- Check the Sender Email Carefully — Hover your mouse over the sender name (don't click). Look at the actual email address. Scammers dey use addresses like "gtbank-verify@gmail.com" or "accessbank.alert@yahoo.com" — obvious fake.
- Look for Spelling and Grammar Errors — Legitimate companies get professional writers. If you see "Your account have been compromised" or "Click here for verify your detail," na scam.
- Never Click Links in Suspicious Emails — Instead, go directly to the company website by typing the address yourself. If dem really need you to do something, e go dey reflected when you login directly.
- Check for Generic Greetings — "Dear Customer" or "Dear User" na red flag. Your real bank know your name and go address you personally.
- Be Suspicious of Urgency — Scammers love to create panic. "Act now or lose your account!" Real companies no dey threaten you like that. Dem go give you proper notice.
- Verify Through Official Channels — If you receive any alert about your account, call the company customer service using the number on their official website (not the number in the suspicious email).
- Trust Your Gut — If something feel too good to be true (you win money you no enter for) or too scary (your account go close in 2 hours), e probably dey fake. Pause. Think. Verify.
I go be honest with you — since I start following these rules strictly, I never fall for any phishing scam again. I receive dem almost weekly (na the price of having public email as blogger), but now I fit spot dem from mile away. And you fit too.
The key na slow down. Scammers dey count on you making quick emotional decisions. But if you take just 2-3 minutes to verify, you go save yourself wahala wey fit last for months.
Two-Factor Authentication: Your Digital Bodyguard (Why Password Alone No Dey Enough) 🛡️
Okay, imagine say you get gate and door for your house. The gate na your password. But wetin happen if thief scale the gate? You still get door lock wey go stop am before e enter your house. That door lock na two-factor authentication (2FA).
Even if hacker somehow get your password (through phishing, data breach, or guessing), 2FA go still block am because e go need second form of verification — something only YOU get access to.
How Two-Factor Authentication Works
When you enable 2FA on your account, logging in go require two things:
- Something you know (your password)
- Something you have (your phone, security key, or authenticator app)
So even if hacker get your password, without your phone or security device, dem no fit access your account. Simple but VERY effective.
I remember when Google force 2FA on all their accounts in 2023. People been dey complain say e dey slow down login process. But you know wetin? Account hacking for Google users drop by over 80%! EIGHTY PERCENT! That small "inconvenience" save millions of people from disaster.
Types of Two-Factor Authentication (From Worst to Best)
1. SMS-Based 2FA (The Most Common but Weakest)
This na where dem send code to your phone number via text message. You enter the code to complete login. E better than nothing, but e get problems:
- Hackers fit use "SIM swap" technique to port your number to their device
- SMS fit delay or no reach at all (especially with our Nigerian networks)
- SMS no dey encrypted — hackers fit intercept am
My Rating: 4/10 (Better than nothing, but no too reliable)
2. Email-Based 2FA
Dem send code to your email address. Similar to SMS but with same problems — if hacker already get access to your email, this no go help you.
My Rating: 5/10
3. Authenticator Apps (The Sweet Spot for Most People)
This na apps like Google Authenticator, Microsoft Authenticator, or Authy wey dey generate time-based codes every 30 seconds. E work offline, no need internet or phone signal. This na the one I personally use for all my important accounts.
Pros:
- Works without internet connection
- Much harder for hackers to intercept
- Free and easy to set up
- Can manage multiple accounts in one app
Cons:
- If you lose your phone without backup, you fit lose access to all your accounts (make sure you save backup codes!)
- Small learning curve for non-tech people
My Rating: 9/10 (This na the one I recommend for 99% of people)
4. Hardware Security Keys (The Fort Knox Option)
This na physical devices like YubiKey wey you plug into your computer or tap on your phone to authenticate. E be like car key but for your online accounts. This na the most secure option available currently.
Pros:
- Almost impossible to hack remotely
- No battery, no charging needed
- Works with most major services
- Phishing-resistant
Cons:
- Cost money (around $25-50 or ₦40,000-80,000 for good ones)
- If you lose am, you need backup key or recovery codes
- Not all websites support am yet
- Hard to buy for Nigeria (you go need order from abroad)
My Rating: 10/10 for security, but 6/10 for practicality in Nigeria
Best For: High-value accounts, cryptocurrency wallets, people handling very sensitive information
My Personal 2FA Setup (You Fit Copy This):
- Banking Apps: SMS 2FA (most Nigerian banks no offer better option yet, unfortunately)
- Email Accounts: Google Authenticator app + backup codes printed and stored for safe place
- Social Media: Authenticator app
- Cryptocurrency Wallets: Hardware security key (YubiKey) + authenticator app as backup
- Work Accounts: Authenticator app
- Password Manager: Authenticator app + hardware key
Yes, e dey add extra 5-10 seconds to my login process. But you know wetin? Since I enable 2FA on all my accounts in mid-2024, ZERO hacking attempts don succeed. Zero. That 10 seconds worth am.
✅ How to Set Up Google Authenticator (Step-by-Step for Beginners):
- Download "Google Authenticator" app from Play Store or App Store (e dey free)
- Go to the website you wan protect (e.g., Gmail, Facebook, Instagram)
- Find "Security Settings" or "Two-Factor Authentication" option
- Select "Authenticator App" as your 2FA method
- The website go show you QR code
- Open Google Authenticator app and click the "+" button
- Scan the QR code with your phone camera
- The app go start generating 6-digit codes every 30 seconds
- Enter the current code to complete setup
- VERY IMPORTANT: Download and save your backup codes! Store dem for safe place (not on your phone). If you lose your phone, these codes na your only way to recover access.
⚠️ The Backup Codes Wahala:
Let me tell you about my friend Tunde. E setup 2FA on all him accounts using Google Authenticator. Very responsible guy. But e no save backup codes. Last month, somebody snatch him phone for Ikeja. Gone. Just like that.
Without backup codes and without that phone, e no fit access him email, social media, nothing. E spend 3 full weeks going through recovery processes, sending ID cards, answering security questions. Some accounts, e never recover am till today.
The Lesson: When you enable 2FA, the website go give you backup codes (usually 8-10 codes). PRINT DEM. Or write dem down for paper and keep am for very safe place. No save am for your phone or email — if you lose access to those, you need the codes to recover dem. Catch-22 be that.
I personally print my backup codes and keep dem for sealed envelope inside my wardrobe. Some people dey use safety deposit box for bank. Do wetin work for you, but abeg no skip this step.
Real talk: setting up 2FA na one of those things wey you go think say e no necessary until e save your life. I fit confidently say if I no enable 2FA on my accounts, I for don lose access to everything by now. Hackers don try my email like 15 times since last year (I dey see the failed login attempts for my security log). But because of 2FA, none of dem succeed.
That small inconvenience of entering extra code? Na your digital insurance policy be that. And for this our Nigeria where online fraud dey rampant, you need all the insurance you fit get.
"The best time to secure your accounts was yesterday. The second best time is right now. Don't wait until hackers strike before you take action — by then, it's already too late."
— Samson Ese, Daily Reality NGMobile Phone Security for Nigerians (Your Phone Na Your Bank Now) 📲
Real talk: your smartphone probably worth more than the laptop or computer wey you get for house. I no mean the phone price o — I mean the DATA wey dey inside am. Think about wetin dey your phone right now:
- Banking apps with access to your accounts
- Email with password reset links for ALL your accounts
- WhatsApp with all your conversations and contacts
- Photos (including some wey you no wan make public 😏)
- Authenticator apps with your 2FA codes
- Saved passwords for Chrome or Safari
- Social media apps already logged in
- Location history
- Payment apps like OPay, PalmPay, Kuda
If person thief your phone or hack am, na basically your entire digital life dem get access to. Yet most people no even get basic screen lock. Omo, the risk too much!
Mobile Security Basics (The Non-Negotiables)
1. Screen Lock — But Not Just Any Screen Lock
If you still dey use simple 4-digit PIN like "1234" or your birthday, abeg change am today. Somebody wey know you small fit guess am in three tries.
Better Options:
- Biometrics (Fingerprint/Face ID): Fastest and most secure for daily use. But make sure say you still set backup PIN wey strong, in case biometrics fail
- 6-Digit PIN: Better than 4-digit, but still guessable if you use obvious numbers
- Alphanumeric Password: Most secure but slow for daily use. Good for backup option
- Pattern Lock: Avoid am — people fit see the pattern from oil marks wey your finger dey leave for screen
My Setup: Fingerprint for daily unlock, with 8-digit PIN as backup (combination of random numbers wey make sense only to me).
2. Auto-Lock Timer
Set your phone to lock automatically after 30 seconds to 1 minute of inactivity. Yes, e fit dey annoying when you dey read long article, but e dey protect you if you forget your phone somewhere.
3. App-Specific Locks
For your banking apps, email, and password manager, add extra layer of security. Most banking apps now get their own biometric lock option — enable am.
4. Find My Phone Feature
Whether you dey use iPhone or Android, enable the "Find My Phone" feature. If thief your phone or you misplace am, you fit:
- Track the location
- Make am ring (even if e dey silent mode)
- Lock am remotely
- Display custom message on the screen
- Erase ALL data remotely (last resort)
This feature don help me recover my phone twice when I misplace am. Worth its weight in gold.
5. Disable Lock Screen Notifications
Don't let sensitive information show for your lock screen. Imagine say your phone dey table and OTP or bank alert show for screen — anybody nearby fit see am. Go to settings and hide notification content until you unlock phone.
⚠️ The "Free Phone Charging" Scam (Juice Jacking)
You know those public USB charging stations for airports, malls, and events? Some of dem don compromise by hackers to steal data from phones wey people dey charge. This attack called "juice jacking."
When you plug your phone into compromised USB port, malware fit transfer to your device, or your data fit dey copied without you knowing. Photos, contacts, passwords — everything.
How to Protect Yourself:
- Carry your own power bank (I always get one for my bag)
- Use AC wall outlet with your own charger instead of USB ports
- If you MUST use public USB, buy "USB data blocker" (small device wey block data transfer but allow charging — cost like ₦2,000 for Jumia)
- Keep phone locked while charging in public places
- Don't click "Trust This Computer" if your phone ask you
App Permissions: Stop Giving Apps Access to Everything
You don ever wonder why flashlight app wan know your location? Or why that game need access to your contacts and camera? Most apps dey request way more permissions than dem actually need — and dem dey use this information to track you, sell your data, or worse.
My App Permission Strategy:
- Review Permissions Before Installing — Before you download any app, check wetin e wan access. If e no make sense (like calculator wanting access to your microphone), skip am.
- Grant Permissions Sparingly — When app ask for permission, ask yourself: "Does this app REALLY need this to function?" If answer na no, deny am.
- Use "Allow While Using App" Option — Instead of "Allow Always," choose "Allow While Using App" for location, camera, and microphone permissions. This way, apps no fit track you in the background.
- Audit Existing Apps Regularly — Every 3 months, I dey go through my phone settings and review which apps get access to wetin. You go shock how many apps you don forget about still dey access your location, contacts, and photos.
- Delete Apps You No Dey Use — That game wey you download last year and never play since? Delete am. Those apps still dey run background processes and potentially accessing your data.
Real Example from My Phone: Last month, I audit my apps and find say 23 apps been get access to my location. TWENTY-THREE! Out of those, only 7 actually need location to function (maps, Uber, food delivery apps, etc.). The other 16? I revoke their access immediately. Now my battery life better, and I get more privacy. Win-win.
✅ Essential Mobile Security Apps for Nigerians:
- VPN App — NordVPN, Surfshark, or ExpressVPN (choose based on your budget). Use am whenever you dey on public WiFi.
- Authenticator App — Google Authenticator or Microsoft Authenticator for 2FA codes.
- Password Manager — Bitwarden or LastPass to manage your passwords securely.
- Antivirus (Android Only) — Malwarebytes or Bitdefender. iPhone no really need antivirus because of how iOS security dey structured.
- Encrypted Messaging — Signal or Telegram for sensitive conversations. WhatsApp okay for regular chats, but for truly private matter, use Signal.
- App Lock — Norton App Lock (free) to add extra security layer to specific apps.
One more thing wey dey very important but people dey ignore: software updates. I know say those update notifications dey annoying, and update dey take time, and sometimes update dey spoil features wey you like. But those updates no be just about new features — dem dey fix security vulnerabilities wey hackers fit exploit.
When phone manufacturer or app developer release update, e mean say dem don discover security hole and patch am. If you no update, you dey use phone with known vulnerabilities wey hackers fit exploit easily. Na like leaving your house door open with sign saying "Come and rob me."
My rule: Update my phone and critical apps (banking, email, messaging) within one week of release. For other apps, I fit wait small to make sure say the update no get bugs, but I no dey waste more than two weeks.
10 Daily Habits That Keep You Safe Online (Small Things Wey Make Big Difference) 🎯
You know the thing about security? E no be one-time thing. E be lifestyle. All those long long advice I don give you for this article — I know say e fit overwhelm you. So make I break am down to simple daily habits wey, if you follow am consistently, go protect you from 95% of cyber threats.
These na the habits I personally practice every single day. Some of dem don become automatic for me — I no even think about am again. And since I start, my stress level regarding online security don reduce drastically.
Habit 1: The Morning Security Check (5 Minutes)
Every morning, as I dey brush my teeth, I dey quickly check my email for any "unusual login attempt" notifications. Most major services (Google, Facebook, Microsoft, banking apps) dey send alert when somebody try access your account from new device or location.
If you see such alert and you know say na you, no wahala. But if you see login attempt from "Lagos" when you dey Abuja, or from device wey you no recognize, take immediate action — change password and enable 2FA if you never do am.
Time Required: 3-5 minutes while brushing teeth or having morning coffee.
Habit 2: The "Hover Before Click" Rule
Before you click ANY link — whether for email, WhatsApp, social media, anywhere — hover your mouse over am first (or long-press on phone) to see the actual URL. Scammers dey disguise malicious links with innocent-looking text.
Example: Link might say "Click here for your GTBank statement" but when you hover, the actual URL na "gtbonk-alert.ru" (notice the typo and Russian domain). That's an instant red flag.
Time Required: 2 seconds per link. Small price to pay for peace of mind.
Habit 3: The WiFi Consciousness Practice
Before you connect to ANY WiFi network, ask yourself three questions:
- Do I know who owns this network?
- Is my VPN currently active?
- What am I about to do on this network? (If na sensitive transaction, use your data instead)
I don train myself say anytime I reach new location, before I even think about connecting WiFi, I turn on my VPN first. E don become reflex action.
Time Required: 10 seconds per connection.
Habit 4: The Logout-and-Lock Routine
Anytime you finish using sensitive accounts (banking apps, email on public computer, work systems), follow this three-step routine:
- Click "Logout" properly (no just close browser tab)
- Clear browser history and cookies if you dey use public computer
- Lock your device before you walk away (even if na just to piss)
Plenty people dey think say closing browser tab na logout. Wrong! The session fit still be active, especially if you no check the "Remember Me" box. Always use the actual logout button.
Time Required: 15 seconds per logout.
Habit 5: The "Trust But Verify" Communication Style
If anybody message you asking for money, sensitive information, or to click urgent link — even if na your friend, family, or colleague — verify through second channel before you comply.
For example, if your brother message you on WhatsApp say e need ₦50,000 urgently, call am on phone to confirm. If your boss email you to send company financial records, call am or walk to him office to confirm.
Why? Because accounts dey get hacked regularly. That "friend" messaging you fit actually be scammer wey don compromise their account. This simple verification step don save me from several attempted scams.
Time Required: 1-2 minutes per suspicious request. Small time wey fit save you millions.
Habit 6: The Weekly Password Review
Every Sunday evening (I combine am with my weekly planning), I spend 5 minutes checking if any of my accounts show up on data breach lists. Websites like HaveIBeenPwned.com fit tell you if your email address or password don appear for any known data breach.
If you discover say your info don leak, change that password immediately for all accounts where you use am. This na how I discover say my old Yahoo email been dey compromised — I change all related passwords sharp sharp.
Time Required: 5 minutes weekly.
Habit 7: The Screenshot-Then-Delete Policy
Sometimes you need save important information temporarily — OTP codes, reference numbers, transaction receipts. Instead of leaving sensitive screenshots for your photo gallery where anybody wey get access to your phone fit see dem, I use this workflow:
- Take screenshot of important info
- Use the info for whatever you need am for
- Delete the screenshot immediately after (within 5 minutes max)
- If you need permanent record, move am to secure encrypted folder or password-protected document
Time Required: 10 seconds per deletion. Creates habit of digital hygiene.
Habit 8: The Monthly "Digital Cleanup" Session
First Saturday of every month, I dedicate 30 minutes to digital housekeeping:
- Delete apps I no longer use
- Review and revoke unnecessary app permissions
- Clear browser cache and cookies
- Unsubscribe from promotional emails I no longer want
- Review my social media privacy settings
- Check for software updates on all devices
- Back up important data
This monthly ritual don help me maintain clean digital environment and catch potential security issues before dem become big problems.
Time Required: 30 minutes monthly.
Habit 9: The "No Password Sharing" Principle
I don make am rule for myself: I no dey share passwords. Not with friends, not with family members (except my wife for our joint accounts), not with colleagues. If somebody need access to something, I either:
- Create separate account for dem with limited permissions
- Stay present while dem use my device
- Use screen-sharing instead of giving direct access
This principle don save me from several potential problems. Even when person no get bad intention, dem fit accidentally compromise your security.
Time Required: Zero — na mindset shift, not time investment.
Habit 10: The Evening Device Check
Before I sleep every night, I do quick 2-minute device check:
- Make sure all devices charged and updated
- Check say I don logout from any public computers I use during the day
- Verify say my VPN subscription never expire
- Confirm say Find My Phone still active on all devices
- Quick scroll through bank app notifications to make sure no unauthorized transactions
This evening ritual give me peace of mind and help me sleep better knowing say my digital life secure.
Time Required: 2 minutes nightly.
✅ Total Time Investment: If you add all these habits together, you dey spend approximately 30-40 minutes per week on security practices. That's less than 6 minutes per day. Six minutes wey fit save you from losing thousands or even millions of naira to hackers.
Ask yourself: Your digital security worth 6 minutes daily? I bet the answer na yes.
"Security isn't expensive. It's priceless. You either invest small time and money now in protection, or you pay heavy price later in losses and regret."
— Samson Ese, Daily Reality NG"The internet doesn't forget, and hackers don't sleep. Your data is valuable — treat it like the treasure it is."
— Samson Ese, Daily Reality NG"Convenience and security are often enemies. Choose security when it matters most — your future self will thank you."
— Samson Ese, Daily Reality NG"In the digital age, ignorance isn't bliss — it's dangerous. Knowledge of cybersecurity is no longer optional; it's survival."
— Samson Ese, Daily Reality NG"You don't need to be a tech expert to be secure online. You just need to be intentional, consistent, and willing to learn."
— Samson Ese, Daily Reality NG💪 7 Encouraging Words from Me to You
- You're Not Alone: Millions of Nigerians face the same cybersecurity challenges you're facing. By reading this article and taking action, you're already ahead of 90% of people.
- It Gets Easier: Security practices wey feel overwhelming today go become second nature in just few weeks. I promise you this from personal experience.
- Every Step Counts: You no need implement everything at once. Start with one thing — maybe just enabling 2FA on your email — and build from there. Small progress na still progress.
- Your Effort Is Worth It: That few extra seconds to verify link or enable VPN fit be the difference between keeping your hard-earned money and losing everything. Never underestimate the power of caution.
- You Have the Power: Hackers dey rely on people being careless, ignorant, or lazy. By being informed and intentional, you don already defeat their main weapon. Knowledge truly dey powerful.
- It's Never Too Late: Even if you've been hacked before (like me), or if you've been careless with security for years, you fit start fresh today. Your past mistakes no define your future security.
- You Deserve Safety: Your privacy, your money, your peace of mind — all these things matter. Don't let anybody make you feel like caring about security na paranoia. E be wisdom, and you deserve to feel safe online.
🎯 Key Takeaways
- VPNs are essential for Nigerian internet users, especially when using public WiFi. Budget options like Surfshark (₦3,800/month) offer solid protection without breaking the bank.
- Strong, unique passwords for each account are non-negotiable. Use password managers like Bitwarden (free) to generate and store complex passwords securely.
- Two-Factor Authentication (2FA) blocks over 80% of hacking attempts. Enable it on ALL important accounts using authenticator apps, not SMS.
- Public WiFi is extremely dangerous without protection. Never conduct banking or sensitive transactions on public networks, even with VPN.
- Phishing scams are getting more sophisticated. Always verify requests through second channels before clicking links or sharing information.
- Your smartphone contains your entire digital life. Protect it with strong locks, regular updates, limited app permissions, and Find My Phone enabled.
- Social media oversharing creates security vulnerabilities. Review privacy settings, limit personal information visibility, and never participate in "security question" challenges.
- Software updates fix critical security vulnerabilities. Update your devices and apps within one week of release for maximum protection.
- Security is a daily practice, not a one-time fix. Invest 6 minutes daily in security habits to protect yourself from 95% of cyber threats.
- Knowledge is your strongest defense. Stay informed about new threats, and don't hesitate to ask questions or seek help when unsure.
Frequently Asked Questions (FAQ)
Are free VPNs safe to use in Nigeria?
Most free VPNs are not safe. They often sell your browsing data to advertisers or inject malware into your device. The only free VPN I recommend is ProtonVPN's free tier, which has a proven privacy record. However, for serious online activities like banking or business, invest in paid VPN services like NordVPN or Surfshark which cost between 3,800 and 6,000 Naira monthly.
How often should I change my passwords?
For critical accounts like banking and email, change passwords every 3 to 6 months. For less critical accounts, changing annually is sufficient. However, if you receive notification of a data breach involving your information, change that password immediately. Using unique passwords for each account is more important than frequent changes.
Can I use the same password for multiple websites if it's very strong?
No, absolutely not. Even the strongest password becomes useless if one website gets hacked and your credentials leak. Hackers will try that same password on all your other accounts. Use unique passwords for each account, especially for banking, email, and social media. Password managers like Bitwarden make this easy by generating and storing unique passwords for you.
Is it safe to save my card details on online shopping sites?
I personally don't recommend saving card details on any website, even trusted ones like Jumia or Konga. Data breaches happen to even the biggest companies. Instead, use virtual cards from your bank for online shopping, or manually enter card details each time. Yes, it takes extra 30 seconds, but it's worth the security. If you must save card details, only do so on websites that use strong encryption and have good security track records.
✓
Ready to Take Control of Your Digital Security?
Don't wait until you become another hacking statistic. Start implementing these security practices today and join thousands of Nigerians who are protecting their online lives.
💬 We'd Love to Hear from You!
- Have you ever been hacked or fallen victim to an online scam? What happened, and what did you learn from the experience?
- Which of these security tips do you find most challenging to implement consistently, and why?
- Are you currently using a VPN? If yes, which one and why did you choose it? If no, what's stopping you from getting one?
Share your thoughts in the comments below — we love hearing from our readers and learning from your experiences! Your story might help someone else avoid making the same mistakes.
© 2025 Daily Reality NG — Empowering Everyday Nigerians | All posts are independently written and fact-checked by Samson Ese based on real experience and verified sources.
Comments
Post a Comment