There was a time when scam emails gave themselves away, the long, clumsy messages promising sudden wealth, written in awkward English. You could tell it was a lie, laugh, delete, and move on.

But things have changed as the technology giant, Microsoft, has raised an alarm over the surge in Artificial Intelligence-driven phishing attacks sweeping across Nigeria and other parts of Africa. Those scams now come in perfect grammar, local slang, and even familiar names.

 The company warned that cybercriminals are becoming more sophisticated, forcing some 87,000 victims to lose a combined total of US$484 million.

The warning, contained in the Microsoft 2025 Digital Defence Report, paints a detailed picture of the global cyber threat landscape, offering business leaders in Africa vital insights into a growing and complex problem. Drawing from over one hundred trillion daily security signals, the report provides a rare and expansive view of how cybercrime is evolving.

According to Microsoft, cybercriminal networks have widened their reach over the past year, with a noticeable increase in activity across North Africa. Nation-state actors are also refining their tactics, using AI, exploiting trusted platforms, and zeroing in on high-value industries with alarming precision.

Speaking during a webinar on Wednesday, Microsoft’s Chief Security Advisor for Africa, Kerissa Varma, said: “Africa isn’t just a target; it has become a proving ground for the latest cyber threats. We’re witnessing attackers harness AI to craft phishing messages tailored to local languages and cultural contexts, impersonate trusted individuals, and exploit the very platforms we depend on. Many of these advanced tactics are first tested right here on the continent.”

Referencing the World Economic Forum’s Cybercrime Impact Atlas Report 2025, Microsoft noted that arrests have risen across nineteen African countries. However, the scale of cybercrime has worsened, with total losses jumping from US$192 million to US$484 million, and the number of victims increasing from thirty-five thousand to 87,000.

Also Read: Nigeria’s entertainment industry projected to hit US$5.8 billion by 2029

The Digital Defence Report further revealed that Business Email Compromise (BEC) remains the most financially damaging cyber threat. Although BEC represents only two percent of observed threats, it was responsible for 21 percent of successful attacks, surpassing ransomware, which accounted for 16 percent.

Typically, these attacks start with phishing or password spraying, before moving into more technical stages such as inbox rule manipulation, multi-factor authentication tampering, and email thread hijacking, methods designed to build trust and seize control gradually.

South Africa, the report added, has emerged as a global hotspot for BEC infrastructure and money mule recruitment. A case study on Storm-2126, a Nigerian-origin threat group operating from South Africa since 2017, highlighted the cross-border nature of these crimes. Their targets have included real estate firms, law practices, and tile companies in the United States.

Microsoft also revealed a worrying trend: the rise of autonomous malware capable of moving through systems and escalating privileges without human control. At the same time, AI-generated content is flooding online spaces, overwhelming detection systems and fuelling a new wave of deepfake-enabled fraud, voice cloning, and synthetic identity creation.

According to the report, there has been a one hundred and ninety-five percent global increase in AI-generated identification used to bypass verification systems, exploit free trials, and launch attacks through disposable accounts.

As AI continues to reshape the digital world, cybercriminals are evolving faster than ever, and Africa is increasingly at the centre of this transformation.

Anita Chinedu