As Nigeria’s financial landscape becomes increasingly digital, so too have the tactics of criminals determined to exploit unsuspecting bank customers. What used to be a matter of stolen cheques or card skimming has now evolved into a sophisticated network of cyber fraud schemes targeting millions of naira daily.
According to data by the Nigeria Inter-Bank Settlement System (NIBSS), social engineering, a psychological manipulation technique used by fraudsters, now accounts for a staggering 68 per cent of all fraud incidents recorded in the banking industry. The trend gained momentum during the COVID-19 pandemic, when fear and uncertainty made bank customers more vulnerable to deception.
Many victims were tricked into disclosing sensitive information such as PINs, passwords, and One-Time Passwords (OTPs) through cleverly crafted calls, emails, and messages that appeared to come from their banks. The criminals would then use these details to drain entire accounts, often leaving victims helpless.
Social engineering relies less on technology and more on human psychology. It preys on the natural tendency to trust. Fraudsters manipulate people into revealing confidential information or granting access to their computers. Once inside, the attackers can install malicious software to steal credentials or take control of a victim’s system.
Experts say the method thrives because it’s easier to trick a person than to hack a system. Common variants include phishing and pharming, both of which remain widespread in Nigeria.
Phishing, sometimes called “spoofing,” is one of the most common tools in the fraudster’s arsenal. It typically involves impersonation, criminals pose as banks or service providers, reaching customers through SMS, email, or even phone calls.
These fake messages often use legitimate bank logos and branding to appear genuine. Victims may receive an alarming message claiming their account has been compromised or their card blocked. To resolve it, they are instructed to “verify” their details or click a link that redirects them to a counterfeit website.
Bank officials often warn that no legitimate financial institution would ever request personal details or OTPs through such channels. Yet, phishing remains effective because it exploits panic and urgency, two emotions that override rational thought.
While phishing requires the victim’s participation, pharming operates more subtly. It redirects users to fraudulent websites without their knowledge, even when they type the correct web address. An infamous case involved a cloned version of the federal government’s N-Power website, which lured unsuspecting applicants to submit personal and financial data. That information was later used to commit various forms of identity theft.
Banks and security experts consistently remind customers that banks and card providers will never call, text, or email requesting personal information. Any unsolicited message asking for login details, card numbers, or PINs should be treated with suspicion.
Customers are advised to verify web addresses before making online payments, ensure that the URL begins with “https,” and avoid clicking unfamiliar links. Even opening an email from an unverified sender can expose a computer to malware. Cybersecurity professionals also emphasize the importance of regularly updating passwords, enabling multi-factor authentication, and avoiding public Wi-Fi networks for financial transactions.
As mobile banking continues to define financial access in Nigeria, it has also opened new doors for criminals. A recent report by the Financial Institutions Training Centre (FITC) revealed that mobile-related fraud accounted for 33.4 per cent of nearly 12,000 reported cases in the first half of last year.
NIBSS further disclosed that about ₦400 million was stolen in 2024 through bank accounts opened with stolen identities. In several instances, the identities of elderly citizens were used to open new accounts that served as conduits for laundering stolen funds.
According to United Bank for Africa (UBA)’s Chief Internal Auditor, Kayode Ajayi, today’s fraud schemes often begin with the compromise of a mobile number. “Once a phone or SIM card is compromised, the customer’s personal data becomes vulnerable. Fraudsters can intercept banking messages, impersonate victims, and gain full access to their accounts,” he said.
Ajayi emphasized that combating such fraud requires coordinated action among banks, telecom operators, and regulators. “Fraud architecture is changing, and so must our strategies,” he warned.
Supporting this view, Ayodele Ogunmiloro, Lead for Fraud Management Systems at Airtel Nigeria, identified SIM swaps and number recycling as major weaknesses being exploited. “The lack of synchronization between banks and telecom operators is a critical gap. It allows fraudsters to hijack phone numbers and compromise financial accounts with ease,” he said.
Ogunmiloro advocated for stronger regulatory oversight and tighter identity verification processes. “Every SIM registration and swap should be tied to the National Identification Number (NIN). That’s how we close the loophole that enables stolen identities to circulate,” he added.
However, technology alone isn’t the problem. Abba Sambo Usman, Head of Cybercrime Investigations at the Economic and Financial Crimes Commission (EFCC), revealed that insider collusion remains a persistent challenge.
“Some fraud cases are facilitated by employees within the system,” Usman said. “Weak background checks, poor remuneration, and inadequate workplace ethics contribute to insider-assisted fraud.”
He added that the use of poorly vetted contract staff in sensitive roles often undermines institutional safeguards. “No matter the control systems in place, once employees are demoralized or underpaid, they become easy targets for manipulation by criminal networks,” he warned.
Industry experts agree that no single institution can tackle cybercrime alone. The solution, they argue, lies in a multi-stakeholder approach that integrates banks, telecom firms, regulators, and law enforcement.
“There’s a need for a unified fraud intelligence database,” Ajayi of UBA suggested. “If stolen identities are flagged and shared across institutions, it will prevent the same data from being used to open multiple fraudulent accounts.”
Experts also urge the National Assembly to review and strengthen cybercrime laws to ensure stiffer penalties for offenders and to mandate collaboration among data custodians. Ultimately, experts believe the strongest defence against fraud begins with awareness. As digital channels expand, so must customer education.
“The more informed customers are about the tricks fraudsters use, the less likely they are to fall victim,” Ogunmiloro stressed. “Cybersecurity is no longer just an IT issue — it’s a national economic concern.”
Monday, November 17, 2025
