The Birdling Rectangle Logo Dark

How Scammers Are Using Independence Day Giveaways to Hijack Your Social Media

Our intelligence has identified a significant and active social engineering campaign designed to exploit the national holiday. This advisory serves as a public warning regarding fraudulent "giveaway" scams circulating primarily on WhatsApp and other social media platforms.

14th Command Team

October 1, 2025

Phishing & Social Engineering

As Nigeria celebrates her Independence Day, our intelligence has identified a significant and active social engineering campaign designed to exploit the national holiday.

The attack is simple but highly effective. Scammers are mass-distributing messages that claim the Federal Government of Nigeria, or a prominent public figure, is offering a cash grant, free data, or airtime in celebration of October 1st.

These messages are designed to create a sense of urgency and excitement, encouraging users to click a link to claim their "prize." However, the ultimate goal is not to distribute funds, but to hijack the user's digital identity.

Our analysis shows the attack follows a predictable three-step pattern:

  1. The user receives a message from a contact or an unknown number. The message contains a compelling offer and a shortened link (e.g., using bit.ly or a similar service) to obscure the true destination. It’s also being distributed through facebook groups, whatsapp groups and channels.

  2. The link directs the user to a hastily built but often convincing webpage, decorated with Nigerian flags and official-looking logos. This page will typically ask the user to perform a series of actions to "qualify" for the giveaway. This may include entering personal information (name, phone number) or sharing the link with a certain number of contacts, a tactic designed to make the scam go viral.

  3. The final step is the attack itself. The site may prompt the user to "verify their account" by entering a code sent to their phone. This code is actually the Two-Factor Authentication (2FA) code for their WhatsApp, Facebook, or other social media account. By providing it to the scammers, the user is handing over the keys to their digital life.

Once an attacker has control of your social media or WhatsApp account, they can:

  • Impersonate You: They can send messages to your friends, family, and colleagues asking for money, spreading misinformation, or tricking them into falling for the same scam.

  • Steal Your Data: They gain access to your private conversations, photos, and personal information.

  • Lock You Out Permanently: They can change your password and recovery information, making it nearly impossible for you to regain control of your own account.

We urge all Nigerians to adopt a posture of extreme skepticism today.

  1. Verify Before You Trust: The government and legitimate companies do not use forwarded WhatsApp messages to conduct official programs. If an offer seems too good to be true, it is.

  2. Enable Two-Factor Authentication (2FA): This is the single most effective step you can take. Go into the security settings of your WhatsApp, Facebook, Instagram, and email accounts and turn on 2FA now. This adds a crucial layer of protection.

  3. Break the Chain: If you receive one of these messages, delete it immediately. Do not forward it. Inform the person who sent it to you that it is a scam so they can warn their own contacts.

The Birdling is committed to securing Nigeria's digital future. Staying vigilant against these kinds of localized, context-aware threats is a shared responsibility.

Receive Our Intelligence Briefs

Get exclusive intelligence on African cyber trends, and expert security insights delivered directly to your inbox.