Interpol sounds alarm as cybercrime surges in East Africa amid digital boom

Cyber-related crimes accounted for a medium-to-high share of all crimes, rising to 30 per cent in Eastern Africa and Western Africa, a new Interpol report now shows.

The report shows that online scams, particularly through phishing, were the most frequently reported cybercrimes in Africa, while ransomware, business email compromise (BEC), and digital sextortion also remained widespread and have become a major concern for the two regions, particularly.

The Interpol's 2025 Africa Cyberthreat Assessment Report assessed the cyberthreat status of 43 out of 54 of its member states on the continent, noting that the widespread use of smartphones has made mobile platforms a primary target for cybercriminals, particularly in regions with high mobile banking adoption.

Additionally, the growing integration of Internet of Things (IoT) devices in sectors such as agriculture, healthcare, and manufacturing presents new security risks, as many of these devices lack robust protection.

"Several African nations, including Ethiopia, Zimbabwe, Angola, Uganda, Nigeria, Kenya, Ghana, and Mozambique, are among the most frequently targeted globally in 2024, according to malware detection data from the International Telecommunication Union (ITU) Global Cyberthreat Index. This underscores the need for more robust cybersecurity frameworks to protect digital advancements and ensure long-term resilience in the region," the report says.

Previous editions of the Report identified ransomware attacks, banking trojans, stealers, online scams, phishing, business email compromise (BEC), and malicious software offered as a service, such as spyware and phishing kits, as the most prevalent cyberthreats.

Online scams, particularly phishing, continue to be the most frequently reported cybercrimes among Interpol member countries, while ransomware and BEC remain widespread. In addition, digital sextortion and identity theft are reported as significant cyber threats by African member countries.

The report notes that banking trojans, info stealers, and Cybercrime-as-a-Service (CaaS) have seen a decline in reported incidents compared to previous years.

"This trend could indicate improved law enforcement efforts, better cybersecurity awareness, or a shift in cybercriminal tactics toward more effective methods such as social engineering and AI-driven scams. Many Interpol member countries in the African region have reported a growing financial and operational impact of cybercrime, with online scams, Business Email Compromise (BEC), ransomware, and Distributed Denial-of-Service (DDoS) attacks identified as the most financially damaging threats across all sub-regions," the report noted.

"Between 2019 and 2025, cyber incidents across the continent resulted in estimated financial losses exceeding USD3 billion, with the finance, healthcare, energy, and government sectors among the hardest hit. These critical industries are prime targets for cybercriminals who create operational disruption and data breaches, resulting in significant financial consequences."

Despite the improvement, Interpol warns that cybercriminals are continuously refining their tactics, utilising social engineering, artificial intelligence, and instant messaging platforms to launch increasingly sophisticated attacks. Both domestic and international cybercriminal networks exploit human vulnerabilities as a primary method, employing advanced deception techniques to target organisations and individuals.

Online scams are sharply increasing in several countries as cybercriminals constantly adapt their methods to exploit vulnerabilities and defraud both individuals and businesses. Fraudulent activities, including phishing and romance scams, have grown increasingly sophisticated through the strategic use of social engineering, artificial intelligence, and manipulation via social media platforms.

According to Interpol, the surge in online scams is closely linked to Africa's accelerating digital transformation, which has allowed criminals to capitalise on the growing online activity, in particular social media usage, digital commerce, and mobile banking, to perpetrate fraud.

Victims of such crimes are diverse, as they affect individuals across all age groups, genders, and professional backgrounds. While the survey data from member countries highlight that some groups are more vulnerable, it is also clear that all demographics are at risk."

"Online scams, via phishing, continue to be Africa's most prevalent cyberthreat in 2024, impacting both individuals and organisations across the continent. INTERPOL member countries have identified phishing as the leading cybersecurity concern, citing its high frequency and extensive reach. According to digital security reports, phishing accounts for 34 per cent of all cyber incidents detected throughout Africa. Cybercriminals leverage phishing by impersonating trusted entities via emails, messaging platforms, or fraudulent websites, tricking individuals into providing sensitive information such as login credentials, financial data, or personal identification details. Once obtained, this information facilitates unauthorised access, identity theft, and financial fraud. The growing sophistication of these phishing schemes significantly increases vulnerabilities within critical sectors, including banking, government institutions, and telecommunications."

Other Topics To Read

• Technology
• Headlines
• Cybercrime
• africa internet
• cybercrime kenya
• Critical Information Infrastructure and Cybercrime Management
• Africa's Digital Compact
• digital access
• Computer Misuse and Cybercrime Act
• cybercrime Bill
• Cybercrimes Act
• Cyberthreat
• Interpol sounds alarm as cybercrime surges in East Africa amid digital boom
• Business

At the same time, Romance scams are a widespread concern across Africa, with certain regions experiencing higher reported levels.

"In particular, West African countries, including Nigeria, Ghana, Côte d'Ivoire, and Benin, have been identified as areas where romance fraud networks are particularly active. A notable recent trend involves fraudsters initially luring victims with romantic promises and subsequently coercing them into investing cash in fraudulent cryptocurrency schemes."

The report says romance scams have become highly profitable forms of cybercrime, causing significant emotional and financial harm. Interpol data reveal numerous cases where African victims repeatedly paid scammers, sometimes depleting retirement funds or accumulating debts. Many cases remain unreported due to victims' feelings of shame, guilt, and social stigma, suggesting the actual financial impact is far greater than officially documented. Given the rising complexity and scale of these scams, African law enforcement agencies urgently require specialised training and enhanced forensic capabilities to effectively address and investigate this growing threat."

Interpol member countries further identified ransomware as one of the most prevalent cyber threats across the African continent, posing a growing risk to governments, businesses, and critical services. Data from Interpol's private sector partners indicates that monthly ransomware detections in Africa rose in 2024 compared to the previous year.

"These attacks are particularly concerning because of their high financial impact, their potential to severely disrupt critical infrastructure, and the damage they inflict on Egypt, South Africa, Nigeria, Kenya, Gambia, Ghana, Tunisia, Algeria, Morocco, Ethiopia, Côte d'Ivoire, Benin, Angola, Togo, Mozambique, Mauritania, Tanzania, Cameroon, Mauritius, Burkina Faso on affected organizations and individuals."

At the same time, reports from cybersecurity firms and INTERPOL private partners show that South Africa and Egypt suffered the highest number of ransomware incidents in 2024, followed by other highly digitised economies such as Nigeria, Kenya, the Gambia, Tunisia, and Morocco.

Algeria, Ethiopia, and even more compact states like Benin also reported significant attacks, underscoring that ransomware is a continent-wide challenge, especially in countries with more developed digital infrastructure.

Ransomware breach at Kenya's Urban Roads Authority (KURA) compromised vital road infrastructure data in July last year, and Government databases were also affected, including the December 2024 hacks of Kenya's Micro and Small Enterprise Authority (MSEA).

Similarly, Cameroon's electric utility (ENEO) attacks disrupted power management operations, and another attack affected Nigeria's National Bureau of Statistics (NBS).

A round-up of the attacks in East Africa shows that member states Kenya, Uganda, Tanzania, Rwanda, and Ethiopia are rapidly emerging as technological and financial hubs, significantly advancing digital transformation.

However, this progress makes them increasingly attractive targets for cyberthreats, highlighting the urgent need for robust cybersecurity frameworks.

"Digital sextortion is a rising cyberthreat in East Africa. Criminals frequently exploit compromising material to extort victims, particularly targeting women and young individuals," says the report.

Ethiopia became the world's most targeted country for cyberattacks in 2024, ranking highest globally in malware detections, while SIM swap fraud has notably increased in Uganda and Tanzania where criminals exploit mobile network vulnerabilities by fraudulently acquiring replacement SIM cards, often through deception or collusion with insiders, allowing them to hijack victims' phone numbers.

"This fourth edition of the Interpol African Cyberthreat Assessment provides a vital snapshot of the current situation, informed by operational intelligence, extensive law enforcement engagement, and strategic private-sector collaboration. It paints a clear picture of a threat landscape in flux, with emerging dangers like AI-driven fraud that demand urgent attention. No single agency or country can face these challenges alone," said Mr Neal Jetton, Interpol Cybercrime Director.

In the past year, suspected scam notifications rose by up to 3,000 per cent in some African countries, according to data from Kaspersky – one of several private sector partners that work with Interpol's cybercrime directorate.

"Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa. It directly concerns the digital sovereignty of states, the resilience of our institutions, citizen trust, and the proper functioning of our economies," Ambassador Jalel Chelba, Acting Executive Director of AFRIPOL, said.

The Cyberthreat Assessment is part of the Organisation's African Joint Operation against Cybercrime (AFJOC) initiative, which is aimed at strengthening the capability of African law enforcement to prevent, detect, investigate, and disrupt cybercrime. The AFJOC initiative is supported by the United Kingdom's Foreign, Commonwealth and Development Office.