Cybercriminals are using Africa as a testing ground for artificial intelligence-powered scams before launching them globally, according to Microsoft's Digital Defense Report 2025. The technology allows attackers to craft convincing messages in local languages, achieving a 54 percent success rate compared to 12 percent for traditional phishing attempts. South Africa has emerged as a major center for business email compromise operations that trick employees into transferring funds or sharing credentials.
Cybercrime costs across Africa rose from 192 million dollars to 484 million dollars within one year as victim numbers climbed from 35,000 to 87,000 people. Attackers deployed 80 percent of their efforts toward financial theft rather than espionage. Microsoft identified Storm-2126, a Nigerian group operating from South Africa since 2017, as responsible for targeting American real estate firms and law offices.
New attack methods include ClickFix schemes that trick users into running harmful code and fake IT support contacts via Microsoft Teams. The company urged African businesses to abandon trust-based security models as familiar platforms become weapons against users.
Cybercrime costs across Africa rose from 192 million dollars to 484 million dollars within one year as victim numbers climbed from 35,000 to 87,000 people. Attackers deployed 80 percent of their efforts toward financial theft rather than espionage. Microsoft identified Storm-2126, a Nigerian group operating from South Africa since 2017, as responsible for targeting American real estate firms and law offices.
New attack methods include ClickFix schemes that trick users into running harmful code and fake IT support contacts via Microsoft Teams. The company urged African businesses to abandon trust-based security models as familiar platforms become weapons against users.
