The Rising Threat of AI-Powered Cybercrime in Nigeria

Aryana Ris-Luamháin | 20 June 2025

Summary

• Nigeria is experiencing a surge in AI-driven cybercrime.

• This has been exacerbated by the use of increasingly sophisticated AI tools outpacing cybersecurity and AI regulations in the country.

• It is highly likely that AI will continue to advance and increase the efficacy of cyber scams and attacks, increasing the need for Nigeria to develop more comprehensive frameworks for regulating AI.

Driven by a surge in internet connectivity and mobile phone adoption, Nigeria is emerging as a technological giant in Africa, with its digital economy projected to approach USD 27b by 2030. While the online world opens new avenues for economic growth, it also expands the nation's digital attack surface, exposing Nigeria to a wave of artificial intelligence (AI) driven cybercrime of “pandemic‑like proportions.”. This asymmetry, where digital adoption comes ahead of cybersecurity capacity, means that cyber-criminal enterprises are finding fertile ground in Nigeria.

Historically, the Nigerian cybercrime world consisted of  "419 scams" involving simplistic email solicitations requesting sums of money. These initiatives tended to be relatively straightforward for a discerning eye to identify. By contrast, criminal actors today can deploy AI to dramatically amplify the scale, precision and impact of their attacks. These developments constitute a turning point in the region’s threat landscape, with Nigerian organisations enduring 4,388 cyber attacks per week since the beginning of 2025.

Among the most powerful tools used in AI-driven cybercrime enterprises are deepfakes, which allow for the manipulation or replacement of an individual’s likeness or voice. Exemplifying the use of this technology is a 2024 incident during which a Nigerian cartel  used a deepfake to pose as a senior government official during a video call and successfully convinced an international NGO to release funds for a fraudulent development project. Phishing scams have also evolved. Criminals can now use AI to mimic writing styles, producing bespoke emails that appear to come from trusted sources. A recent study found that over 50% of recipients fall for these hyper-personalised scams. 

Nigeria's rapidly expanding digital economy and its financial sector remain particularly vulnerable to the exploitation of AI technology for fraudulent activities. The country ranked second globally in crypto adoption for 2024, trailing only India, and recorded USD 59b in crypto inflows between July 2023 and June 2024. This digital prosperity has drawn the attention of increasingly advanced fraud networks through which criminals can use AI to fabricate exchanges, manipulate market sentiment through bots and deceive investors with convincing phishing messages. This poses a significant risk to investor confidence and long-term economic growth in Nigeria.

Law enforcement agencies, both in Nigeria and abroad, are struggling to keep up. The realism of deepfakes and voice clones makes them difficult to detect, even for trained professionals. Most Nigerian agencies lack the technical tools for real-time detection, and perpetrators are frequently shielded by VPNs. This makes attribution and prosecution extremely challenging, leaving victims largely unprotected.

AI regulation in Nigeria remains nascent. The country has made some notable strides, such as passing the National Data Protection Act (NDPA) - but there is currently no comprehensive legal framework specifically targeting AI. Nigeria's AI strategy remains in draft form under the National Information Technology Development Agency (NITDA). Although regulators such as the Central Bank of Nigeria (CBN) and the Securities and Exchange Commission (SEC) are starting to consider AI policy within their respective domains, a national approach is missing.

On 5 June, the Nigerian Communications Commission (NCC) initiated a comprehensive cybersecurity frameworktargeted towards promoting a unified and resilient cybersecurity protocol across the communications industry and enhancing the protection of telecommunications infrastructure. This introduces welcome protection into a sector that receives2,664 cyber attacks per week. Although the framework represents a significant step towards improving general cyber hygiene and telecom resilience through establishing clear standards and fostering collaboration between government agencies and international partners, it does not directly address emerging AI-specific threats.

Forecast

• Short-term (Now - 3 months)

  • It is highly likely that AI-powered cyberattacks, particularly deepfakes and sophisticated phishing scams, will be increasingly difficult to detect as AI continues to generate hyper-realistic content. 

• Medium-term (3-12 months)

  • It is likely that the collaboration between Computer Emergency Response Teams (CERTs) and law enforcement will form a backbone for future cross-sector cybersecurity policies.

    • This will likely facilitate stronger international partnerships for intelligence sharing, joint investigations and harmonised legal frameworks to tackle cybercrime.

• Long-term (>1 year)

  • It is likely that Nigeria will develop more comprehensive frameworks, regulations and legislation specifically targeting the use of AI by hostile actors.

    • This move will likely be driven by increasing financial losses and international pressure.