On a typical weekday morning in Lagos, Tope receives a message that appears to come from her bank. The tone is urgent. Her account needs verification, else it will be added to the list of dormant accounts. She clicks the link, enters her login details, and within minutes she receives multiple debit alerts that completely empty her account.
Stories like this are becoming increasingly common across Nigeria’s digital economy. What once appeared as clumsy scam emails riddled with spelling errors has evolved into highly convincing messages that mimic banks, fintech apps, government agencies and even colleagues.
Cybersecurity analysts now warn that phishing—the act of tricking people into revealing sensitive information—will intensify in 2026, driven by Artificial Intelligence (AI), rising digital adoption, and a widening gap between technological growth and security preparedness.
A threat that refuses to decline
Globally, phishing has moved beyond being an occasional nuisance to becoming one of the most persistent cyber threats.
Data shows that phishing incidents have remained stubbornly high over the last few years. According to statistics compiled from the Anti-Phishing Working Group (APWG), there were more than 1.35 million phishing attacks recorded in the fourth quarter of 2022, and a quarterly average of 1 million attacks between 2023 and 2024. The situation has reached what researchers describe as a sustained “high plateau” rather than a temporary spike.
More recent figures suggest the trend is accelerating again. Data compiled by Statista shows 1,077,501 phishing attacks globally in the fourth quarter of 2023 and 989,123 in the same period of 2024, while incidents in the first five weeks of 2025 jumped 149 percent compared with the same period in 2024.
Phishing has also become a central entry point for cybercrime. StationX, a Cybersecurity training firm, notes that 36 percent of global data breaches now involve phishing, while 84 percent of organisations reported at least one phishing attempt in 2022, a 15 percent increase from the previous year.
Behind these numbers lies an industrial-scale operation. Cybercriminal networks now automate phishing campaigns, sending billions of emails every day and adapting tactics rapidly to target new digital services and platforms.
Africa’s digital growth exposes new vulnerabilities
For Africa, the growth of digital services—from mobile money to online banking and social commerce—has expanded the attack surface for cybercriminals.
Security company Kaspersky recorded 131.6 million web threats across Africa in 2024, including malicious websites and phishing campaigns, according to regional reporting by Technext. Within those threats were 66 million phishing-link clicks, with 14.8 million coming from corporate users, highlighting how businesses are increasingly targeted alongside individuals.
The continent’s exposure to cyberattacks is also significantly higher than the global average. Cybersecurity firm Check Point projects that African organisations could face an average of 3,153 cyberattacks per week in 2026, roughly 60 percent higher than the global average, according to an outlook cited by Security Africa Magazine.
Lorna Hardie, regional director for Africa at Check Point, says the situation reflects a broader shift in the continent’s digital transformation.
“Digital trust has transitioned from an IT priority to core economic infrastructure for Africa,” Hardie said, warning that the region faces a widening “security gap” as cybercrime grows alongside digital adoption.”
Nigeria’s see rising financial losses to phishing
Nigeria’s financial sector offers one of the clearest illustrations of this growing threat.Data from the Nigeria Inter-Bank Settlement System (NIBSS) shows that attempted digital fraud incidents exceeded 740,000 in 2023, with confirmed losses above $27 million, according to reporting by PlanetWeb.
But the most alarming shift came a year later. A 2025 NIBSS report found that fraud losses in Nigeria surged to ₦52.26 billion in 2024, up sharply from ₦17.67 billion the previous year. The number of attempted fraud cases also rose dramatically, increasing 338 percent between 2023 and 2024.
Much of this activity is linked to phishing and social-engineering attacks targeting sensitive financial information. Fraudsters commonly impersonate banks, fintech companies, electricity providers, or even government agencies, luring victims into revealing personal details such as Bank Verification Numbers (BVN), passwords, or one-time authentication codes.
Cybersecurity studies of Nigeria’s banking sector show that phishing attacks have risen by 178 percent in recent years, contributing to a broader 153 percent increase in cyberattacks targeting the sector, according to research published by RSI International.
AI is making phishing smarter
One of the most significant drivers behind the expected surge in phishing attacks in 2026 is artificial intelligence. Cybercriminals are increasingly using generative AI to craft convincing phishing messages that mimic legitimate communications with remarkable accuracy. Unlike older scams that were easily spotted due to poor grammar or suspicious wording, AI-generated phishing messages can replicate professional tone, branding, and local language.
Security firm Cofense predicts that the time between a phishing email and a full organisational compromise could fall to less than one hour by 2026 as attackers automate processes such as credential theft and network infiltration.
Phishing campaigns are also evolving beyond email. Experts expect more hybrid attacks combining email, SMS messages (known as smishing), voice calls (vishing), and messaging-app scams designed to lure victims into revealing sensitive data.
Identity is becoming the new target
Another emerging trend is the shift toward identity-driven cyberattacks. Instead of exploiting technical vulnerabilities in systems, attackers are increasingly focusing on obtaining valid user credentials—passwords, login tokens, or verification codes—which can then be used to access accounts directly.
During a recent cybersecurity discussion on BusinessDay Talk Exchange, blockchain security researcher Peter Ndukwo said this shift reflects how cybercrime tactics are evolving alongside technological advancements.
“The projection is right,” Ndukwo said while discussing cybersecurity forecasts for 2026. “What black-hat hackers couldn’t do before, they can now do at scale because of AI.”
According to him, once attackers obtain valid credentials, phishing attacks become far easier to execute.
“It’s easier to deceive people when you already have information that can lure them,” he said. “When users don’t have enough knowledge, they can easily be deceived into clicking something that drains their funds or compromises their accounts.”
The push to make digital services simpler for mass adoption—especially in fintech and blockchain ecosystems—can unintentionally create new vulnerabilities, Ndukwo added, because inexperienced users may not fully understand the security risks involved.
Weak enforcement still benefits cybercriminals
The rise of phishing attacks is also linked to enforcement gaps. According to the African Cyberthreat Assessment report by INTERPOL, online scams,particularly phishing, now make up the bulk of frequently reported cybercrime category in Africa, with suspected scam notifications rising by up to 3,000% in some countries between 2023 and 2024.
The report also noted that over 90 percent of African countries, including Nigeria, require significant improvements in law-enforcement and prosecution capacity to effectively combat cybercrime.
For cybercriminal networks, this combination of high financial rewards and low enforcement risk makes phishing an attractive operation.
INTERPOL’s Director of Cybercrime, Neal Jetton, said the continent’s cyber threat landscape is rapidly evolving and requires coordinated responses from governments, law-enforcement agencies and private companies.
A turning point for digital security
Analysts say 2026 could mark a critical moment for cybersecurity in Africa. A Deloitte outlook cited by Ecofin Agency warns that phishing and ransomware attacks are expected to increase in Nigeria as financial services, healthcare, government platforms, and commerce continue migrating online.
The report highlights a growing imbalance: digital services are expanding rapidly, but cybersecurity investments are not keeping pace.
At the same time, regional cybersecurity events such as CYSEC Africa warn that cyberattacks already cost some African economies up to 10 percent of GDP, underscoring the economic stakes of digital security.
The road ahead
For businesses, financial institutions, and everyday users, the message is clear: phishing is not fading away. Instead, it is becoming more sophisticated, faster, and more targeted.
Artificial intelligence is lowering the barriers for cybercriminals, digital adoption is creating new opportunities for attacks, and enforcement challenges still persist across many jurisdictions.
As Ndukwo noted, cybersecurity experts around the world are working to counter these threats using AI-driven defence tools and stronger authentication systems. But the battle may ultimately come down to awareness.
Because in many phishing attacks, the weakest link is not the technology or the company, but the human being who makes the decision to click or not.
