• Cybercrime makes up over 30% of reported offenses in West and East Africa.
• Financial losses from 2019 to 2025 estimated at more than $3bn.
• Top threats are scams, ransomware, BEC fraud, and sextortion.

Published in June, Interpol’s Africa Cyberthreat Assessment Report shows that more than two-thirds of its African member states see technology-driven or technology-enabled crime as a “medium” to “high” share of all offenses. Cybercrime now accounts for over 30% of reported crimes in West Africa and East Africa. Between 2019 and 2025, incidents led to estimated financial losses of more than $3 billion across the continent.

“Criminals are progressively exploiting different communication channels, including social media and instant messaging apps, in line with regional technological and societal trends,” the report warns. Both local and international networks are active, exploiting human vulnerabilities through advanced deception techniques to target organizations and individuals.

Online scams: the leading threat

Online scams remain the number one cybersecurity threat in Africa in 2024. Criminals exploit the boom in online activity, from social media to e-commerce and mobile banking, to commit fraud.

Phishing is the most common technique, representing 34% of all incidents recorded. Attackers impersonate trusted institutions through emails, messaging apps, or fake websites to trick victims into revealing sensitive information, enabling unauthorized access, identity theft, and financial fraud.

“Romance scams” are also growing sharply, especially in West Africa (Nigeria, Ghana, Côte d’Ivoire, Benin). Fraudsters initiate contact via social networks, messaging apps, or dating sites, build trust, then manipulate victims into sending money or investing in fake cryptocurrency schemes.

Ransomware: one of the costliest threats

Ransomware has become one of the gravest and most expensive cyber threats in 2024, targeting governments, companies, and critical services. Countries most affected include South Africa, Egypt, Nigeria, Kenya, Gambia, Morocco, Tunisia, Algeria, Ethiopia, Côte d’Ivoire, and Benin.

The attacks lock access to IT systems or encrypt files, making them unusable, with ransom demanded—often in cryptocurrency. Groups like Lockbit combine encryption with threats to publish stolen data if payments are not made.

Examples in 2024 include Nigeria’s fintech Flutterwave, which lost about $7 million in April. Cameroon’s power utility ENEO suffered disruptions. In Kenya, the Urban Roads Authority and the Micro and Small Enterprise Authority had data compromised, while Nigeria’s National Bureau of Statistics was hacked. South Africa’s Department of Defence lost 1.6 terabytes of data, including presidential contacts. In Namibia, Telecom Namibia saw 626.3 GB of data exposed, affecting more than 619,000 customers.

Business Email Compromise (BEC)

Business Email Compromise is also widespread. Interpol’s private sector partners report that 11 African countries concentrate most BEC activity, with Nigeria, Ghana, Côte d’Ivoire, and South Africa among the main hubs. The financial sector is particularly targeted, especially companies with frequent international transactions and weak security controls.

BEC attacks combine phishing and social engineering to deceive employees and manipulate payments. Criminals impersonate executives, partners, or government officials to obtain fraudulent transfers or alter bank account details. Some intrusions also involve credential theft or network access to monitor email exchanges before intervening in transactions.

In West and Southern Africa, fraudsters often use lookalike domains or slightly altered email addresses, as well as scams linked to invoices and payment requests. Interpol highlights the role of the Black Axe network in BEC fraud across the continent.

In November 2024, Nigerian national Babatunde Ayeni was sentenced by a U.S. court to 10 years in prison for orchestrating a BEC scheme targeting real estate transactions. The fraud affected more than 400 victims and stole $19.6 million.

Digital sextortion

Sextortion has become a major cybercrime in Africa in 2024. More than 60% of countries surveyed reported an increase in incidents. The practice involves extorting victims by threatening to release sexually explicit images without consent, often through social media.

Interpol notes a rise in AI-based sextortion, with cases reported in Mauritania, Egypt, Mali, and Morocco. Motives are mostly financial but can also include revenge, punishment, or reputational damage.

The impact on victims is severe. In South Africa, authorities have recorded a rise in adolescent victims, and one adult suicide was linked to sextortion. In Egypt, a digital support platform received 250,000 calls in 2024 relating to sextortion, mostly from women and girls.

Isaac K. Kassouwi