African organisations are being urged to strengthen their digital defences as new scam methods and mobile-based cyber threats continue to spread rapidly across the continent.
According to ESET’s Threat Report covering November 2024 to May 2025, phishing has become the most prevalent cyber threat in Africa, now accounting for 31% of all reported incidents—above the global average of 28%.
The surge is driven by Africa’s rapid digital transformation, which has outpaced public cybersecurity education and corporate readiness. “It’s a perfect storm of opportunity and vulnerability,” said Allan Juma, Cybersecurity Engineer at ESET East Africa.
“People and businesses are moving online faster than security practices can catch up, and cybercriminals are exploiting the gap.”
Phishing scams are targeting widely used digital banking and mobile money platforms like M-Pesa, EcoBank, and GTBank, often through SMS-based phishing (smishing) that impersonates trusted financial institutions.
In addition to phishing, the report highlights a fast-emerging global threat known as ClickFix, a form of social engineering where users are tricked into running malicious commands on their own devices.
Globally, ClickFix attacks have increased by over 500% in just six months, now responsible for nearly 8% of all blocked threats. Though less common in Africa, the threat is gaining ground, with regional detection rates already reaching 6.8%.
“This threat is quietly but quickly spreading,” Juma added. “With rapid digital adoption and low public awareness, it could become one of the most disruptive forces in Africa’s cyber landscape if not addressed.”
The report also warns of a sharp rise in mobile malware. Fake apps such as Kaleidoscope are spreading through unofficial app stores, bombarding users with intrusive ads while harvesting personal data. These apps often imitate legitimate ones, making them hard to detect.
Meanwhile, fraud involving contactless mobile payments is also on the rise, with techniques like GhostTap allowing attackers to steal payment information and make unauthorized transactions globally.
In response to these growing threats, global cybersecurity operations have successfully taken down several criminal groups behind major data theft schemes like Lumma Stealer and Danabot. But experts warn that others will continue to emerge using more advanced tools and social engineering tricks.
Source: TechArena
About Author
