In December 2024, a customer of Centenary Bank, Patrick Mulumba, received what looked like a routine message alert. It claimed there was an issue with their account and urged immediate verification.
The message had the bank’s logo, tone and familiar green colours. Believing it was genuine, the customer followed the link and entered their login details. Within minutes, nearly four million shillings vanished from the account.
Investigators later confirmed the message came from a cloned site created by fraudsters. The attackers used a common technique called phishing, where criminals impersonate trusted institutions to trick people into revealing passwords, card details or one-time pins.
This form of cybercrime is growing fast across Africa. According to Kaspersky’s 2022 report, phishing attacks surged by 438% in Kenya and 174% in Nigeria within the same quarter. Across Africa, over 10.7 million phishing attacks were recorded during that period. The rise reflects how criminals exploit digital transformation — especially as more Africans rely on mobile banking, e-commerce, and online government services.
RelatedPosts
Why Phishing Works
Phishing thrives on urgency and trust. Most messages are designed to spark panic: “Your account will be blocked in 24 hours”, or “You’ve won a special reward, confirm your details now.” Victims respond quickly, bypassing logic in fear of losing money or missing out.
A 2023 Interpol Africa Cyberthreat Assessment found that phishing remains the most common entry point for cyberattacks on the continent, accounting for nearly 60% of reported incidents. This is largely due to low digital awareness, limited cybersecurity training in workplaces, and the use of personal devices for both work and banking.
How to Detect Phishing Attempts
- Check the sender’s details carefully – Fraudsters often mimic real companies by changing just one or two letters in an email address or web link (for instance, @centenarybnk.co.ug instead of @centenarybank.co.ug). Always hover over or tap the address bar to verify the full sender domain before taking action. Real institutions use official domains, not random or misspelt variations.
- Be wary of urgent or alarming messages – Phishing thrives on fear or excitement. Messages claiming your account will be closed, or offering time-limited rewards, are designed to make you panic and click without thinking. Legitimate institutions rarely pressure customers to act instantly.
- Hover over links before clicking – On a computer, place your cursor over a link (without clicking) to preview the actual URL; on a phone, press and hold it. If the link looks suspicious, has random letters, or doesn’t match the organisation’s official domain, do not open it.
- Avoid downloading unexpected attachments – Attachments in phishing emails can contain malware that silently installs on your device, allowing criminals to steal passwords or monitor your activity. Only open files from people or companies you fully trust.
- Confirm through official channels – If a message seems unusual, contact your bank, telecom provider, or online platform directly using phone numbers or emails listed on their official website. Never reply to suspicious messages or use the contact details they provide.
In addition to detecting these phishing tactics, using multi-factor authentication (MFA) is a great way to protect your accounts. You can also install reliable anti-phishing software or browser extensions and ensure to keep your device and apps updated to patch security gaps. Regularly monitor bank alerts and transaction histories for suspicious activity.
5 anti-phishing hacks for everyday users
With cybercriminals getting more sophisticated with phishing scam attempts to defraud unsuspecting individuals, knowing the following hacks would help mitigate the risk of being a victim.
- Pause before you click – Being asked to urgently click a link is a red flag.
- Verify the source – Confirm with official websites or customer care.
- Use strong, unique passwords – Avoid reusing the same password across platforms.
- Enable two-step verification – It adds an extra security layer.
- Report suspicious messages – Alert your bank, employer, or cyber authority immediately.
According to Serianu’s 2023 Africa Cybersecurity Report, Africa lost an estimated $4 billion to cybercrime in a single year, with phishing and social engineering listed as the top contributors. Phishing might look simple, but its consequences are real — from drained accounts to stolen identities. The next time a message feels too urgent or too good to be true, pause and double-check. Staying alert could save you or someone you love from becoming the next statistic.
Awareness and consistent vigilance remain the strongest shields against this growing digital threat. Hence, if you found this helpful, share it because spreading the word means reducing the chances of people getting scammed through phishing.