Expert Warns Against Surge in Phishing Attacks on Nigerian Organisations

Funmi Ogundare

A Cybersecurity Operations Analyst , Ruth Itua has warned that phishing threats targeting Nigerian organisations are evolving faster than many institutions can respond, driven largely by human vulnerability rather than technological gaps.
She observed that phishing attacks in Nigeria have become more frequent, sophisticated and difficult to detect.
Citing a 2021 Sophos survey, she noted that over 60 per cent of IT teams in Nigerian organisations reported an increase in phishing emails targeting employees, a trend that has since intensified.
According to her, phishing is no longer confined to email. Attackers now exploit QR codes, collaboration platforms and chat applications, significantly expanding the attack surface for organisations.
“Every communication channel has become a potential entry point,” she said, stressing that awareness efforts must extend beyond traditional inbox threats.
Itua explained that modern phishing campaigns now deliver malware such as banking trojans, trigger fake multi-factor authentication prompts and redirect users to malicious QR-code pages. With attacks spreading across email, mobile devices and messaging platforms, exposure levels have increased dramatically.
Nigeria, she added, has become an attractive target for cybercriminals.
Recent reports indicate that organisations in the country experience an average of more than 4,000 cyber attacks weekly, exceeding both African and global averages. Many of these incidents involve phishing, credential theft and banking malware.
The threat , the expert added, is further compounded by the use of Artificial Intelligence by cybercriminals.
AI-generated phishing messages, the expert noted, are increasingly personalised and convincing, making them harder for users to distinguish from legitimate communications.
Research by Mimecast shows that about 95 per cent of data breaches are linked to human error, a finding Itua believes underscores the need for a deliberate, people-focused approach to cybersecurity.
“While technical controls such as email filtering and endpoint protection remain essential, they are not foolproof, as attackers deliberately craft messages to exploit trust, urgency and familiarity,” she stated.
She argued that well-trained employees can serve as a critical line of defence by identifying suspicious messages that automated tools may miss. Effective human-centred phishing defence, she explained, improves early detection and encourages swift reporting.
Itua emphasised the importance of creating a workplace culture where employees feel safe reporting suspected phishing attempts without fear of blame.
“Rapid escalation enables security teams to respond quickly and prevent isolated incidents from becoming major breaches,” she said.
On training, she stressed that staff must be taught to critically assess messages for red flags such as misspelled domains, generic greetings, unexpected attachments, vague calls to action, requests for passwords and artificial urgency. Even messages that appear to come from familiar contacts, she warned, should be treated with caution if they deviate from normal processes.
She stated that consistent awareness programmes, continued vigilance and strong email security are essential for Nigerian organisations seeking to curb the growing phishing threat, adding that addressing human risk is now as important as deploying the right technology.