A continent-wide takedown of 63,000 Instagram accounts in Nigeria in mid-2024 has spotlighted one of Africa’s fastest growing cyber threats: digital sextortion.
The figure, disclosed in Meta’s internal reporting and highlighted in INTERPOL’s newly released Africa Cyberthreat Assessment Report 2025, signals an alarming evolution in online crime across the region. No longer the domain of isolated predators, sextortion — where explicit images are used to extort victims — has scaled into a transnational operation, often enabled by criminal networks traditionally known for financial fraud.
INTERPOL now categorizes digital sextortion as a dominant tactic across the continent, second only to phishing scams. And while much of the activity appears to originate in Nigeria and Ghana, countries like Morocco, Egypt, and Mauritania are also experiencing spikes in AI-generated synthetic media used to coerce, blackmail, and financially exploit victims.
“Sextortion is being weaponized not just as an isolated offense, but as a recurring Tactic, Technique, and Procedure (TTP) within traditional scam ecosystems. Some reporting also suggests these networks may overlap with long-standing organized crime groups (OCGs) in West Africa,” the report notes.
Also read: One of the Largest Cybercriminal Operations in West Africa Dismantled
Sextortion Goes Mainstream
The 2025 INTERPOL report shows over 60% of African countries reported a rise in online image-based sexual abuse (OIBSA), with most warning that actual numbers are likely underreported due to stigma. Law enforcement agencies across East and North Africa now consider sextortion a high-priority threat, with victims ranging from teenagers to high-profile professionals.
Organized cybercriminal rings have begun distributing playbooks, tutorials, and even AI tools to streamline sextortion campaigns. According to INTERPOL’s private sector partners, phishing emails are now the primary delivery vector, often paired with deepfake videos or voice clones to enhance believability.
Some of these incidents have turned fatal. In South Africa, a suicide linked to sextortion raised national alarm. In Egypt, a digital support platform received over 250,000 victim appeals in a single year — a figure that investigators say likely represents only a fraction of actual cases.
Phishing, Ransomware, and BEC Still Widespread
While digital sextortion may be the most disturbing development, it’s not the only threat overwhelming African systems.
Phishing — primarily through email and mobile channels — remains the most reported cybercrime across the continent. According to Kaspersky, phishing incidents surged by over 2,930% in Zambia and 826% in Angola in 2024 alone. Social media impersonation and mobile-based smishing are fueling the rise, with AI-generated text and audio now used to exploit linguistic and cultural familiarity.
Ransomware has also taken a devastating toll. South Africa, Egypt, and Nigeria were among the most heavily targeted nations in 2024, with attacks disrupting everything from military systems to telecom giants. In one high-profile breach, South Africa’s Department of Defence lost 1.6 terabytes of sensitive data, including presidential contacts, to the LockBit ransomware group.
The Nigerian fintech firm Flutterwave reported $7 million in losses in a single incident last year, illustrating how attackers are increasingly targeting the region’s most digitized financial ecosystems.
Is Business Email Compromise Africa’s Most Profitable Scam?
Business email compromise (BEC) may not make headlines, but it continues to quietly siphon billions.
INTERPOL’s report notes that BEC is one of the most financially damaging threats, particularly in West Africa. Nigeria, Ghana, and Côte d’Ivoire remain major hotspots, with some BEC groups, such as the Black Axe syndicate, evolving into transnational enterprises that deploy everything from phishing kits to social engineering attacks.
In 2024, 19 African countries reported a combined 10,490 cybercrime-related arrests, though INTERPOL estimates only 35% of cybercrimes are ever reported. One Nigerian BEC operator was sentenced in the U.S. after defrauding over 400 victims and stealing $19.6 million through fraudulent real estate transfers.
Infrastructure, Laws, and Coordination Still Catching Up
Despite the sophistication of cybercriminals, many African countries lack the basic infrastructure to fight back. INTERPOL found that:
-
Only 30% of countries have a cybercrime incident reporting system.
-
Just 19% maintain a threat intelligence database.
-
More than 75% say their legal frameworks are inadequate.
-
95% cite insufficient training and tools for cybercrime investigations.
Fragmented legal systems and outdated cybercrime laws are making prosecution difficult, especially in cross-border cases. While some countries — including Tunisia, Nigeria, and Burkina Faso — have updated their laws, only six African nations have ratified the Budapest Convention, and just 15 are parties to the AU’s Malabo Convention.
AI-Powered Crime, But Not AI-Powered Policing
Perhaps the most troubling gap in the report is the lack of technological parity between attackers and defenders. While criminals use generative AI to scale attacks and create realistic impersonations, 86% of African law enforcement agencies still do not employ AI in their operations.
The rise of Cybercrime-as-a-Service (CaaS) — where everything from phishing kits to bulletproof hosting is sold on illicit platforms — further lowers the barrier for entry, allowing low-skilled threat actors to launch sophisticated campaigns. Deepfakes, spoofed voices, and fake job scams are now standard fare.
Progress, But the Clock Is Ticking
It’s not all bad news. INTERPOL’s Africa Joint Operation against Cybercrime (AFJOC) led to major arrests in 2024 and the dismantling of several ransomware groups, including coordinated actions with AFRIPOL and private cybersecurity firms.
Also read: Major Cybercrime Operation Nets Over 1,000 Arrests Across Africa
More countries are investing in Computer Emergency Response Teams (CERTs), updating cybercrime laws, and forming public-private partnerships. For instance, Nigeria introduced a national cybersecurity levy in 2024 to fund response initiatives.
Still, with estimated financial losses exceeding $3 billion since 2019, the gap between threat actors and national capability remains wide.
The 2025 INTERPOL report makes one thing painfully clear: Africa is now a proving ground for cybercriminal innovation — from deepfake BEC scams to AI-fueled sextortion. The threats are borderless, rapid, and devastating.
And unless enforcement, legislation, and technology rise at the same speed, the continent’s digital transformation risks becoming a high-speed collision with an underprepared defense.
