How Nigerian Bank Customers Are Being Targeted, and What It’s Costing Them

Nigeria’s banking sector has grown remarkably over the past decade. Mobile money transactions, USSD banking, and digital wallets have pulled millions of previously unbanked Nigerians into the formal financial system. But that expansion has come with a shadow. As more people move money digitally, fraudsters have refined methods to intercept those transactions at nearly every step.

The scale of the problem is documented. According to the Nigeria Inter-Bank Settlement System (NIBSS), Nigerian banks reported over N9.5 billion in fraud losses in the first half of 2023 alone, with social engineering and account takeover attacks accounting for a significant portion of those figures. The Central Bank of Nigeria (CBN) has issued multiple consumer advisories, yet incidents continue to rise. Understanding the tactics being used is the first line of defence.

The SIM Swap Attack: When Your Phone Number Becomes a Liability

One of the most damaging fraud methods currently targeting Nigerians involves SIM swapping. In this scheme, a fraudster, often with insider assistance at a mobile network operator, convinces the telecom to transfer a victim’s phone number to a new SIM card. Once they control the number, they receive all OTPs (one-time passwords) sent by banks, effectively bypassing two-factor authentication.

Victims typically notice the attack only when their phone suddenly loses network signal. By the time they realize what has happened, funds may already be gone. The attack is particularly effective because Nigerian banks rely heavily on phone-based OTPs, and customers rarely suspect their phone number itself is vulnerable.

The Nigerian Communications Commission (NCC) has urged telecom operators to tighten SIM replacement protocols, but enforcement is inconsistent across operators.

Vishing and Smishing: The Human Engineering Problem

Voice phishing, or vishing, remains widespread. Fraudsters impersonate bank customer service agents, often using spoofed phone numbers that appear to match a bank’s official line. They claim a customer’s account has been flagged, that a transaction requires verification, or that a BVN update is required, then request PINs, card details, or OTPs.

The social engineering is frequently sophisticated. Callers may already know a victim’s full name, partial account details, and recent transaction history — information acquired through data leaks or purchased from underground brokers. That prior knowledge makes the deception harder to detect.

Smishing, that is, phishing via SMS, works in a similar way. Messages carrying fraudulent links mimicking bank portals have been circulating across Nigerian networks for years. A single click can deliver malware to a device or redirect a user to a credential-harvesting site. The NIBSS Fraud Desk has flagged the persistence of SMS-based attacks as a recurring challenge.

Fake Bank Alerts and Merchant Fraud

In commercial settings, particularly markets and small businesses, fake bank credit alerts have become a recurring problem. Fraudsters generate SMS notifications that mimic genuine bank credit messages and present them as proof of payment. Merchants who do not independently verify their account balances before releasing goods have consistently fallen victim.

This fraud thrives in environments where transaction confirmation is conducted offline, where internet access is unreliable, or where merchants lack the financial literacy to cross-check credit alerts in real time. Rural and peri-urban traders are especially exposed.

The BVN Harvesting Scheme

Nigeria’s Bank Verification Number (BVN) system, introduced by the CBN in 2014, was designed to reduce identity fraud across the banking system. It has done that, but it has also created a new attack surface. Fraudsters now actively seek to harvest BVNs, which they combine with other personal data to open fraudulent accounts or gain access to existing ones.

Common BVN harvesting tactics include fake loan application portals that request BVNs as part of a fictitious eligibility check, phishing pages designed to mimic bank websites, and WhatsApp messages promising financial benefits in exchange for BVN verification. Once obtained, BVNs are sold on dark web markets or used directly in account takeover attempts.

The CBN’s guidelines on BVN protection explicitly state that no legitimate bank or financial institution will request a customer’s BVN via SMS, WhatsApp, or phone call. Yet many Nigerians remain unaware of this.

Ponzi Schemes with a Banking Facade

Beyond direct account fraud, elaborate investment scams continue to ensnare Nigerians. These operations often present a convincing banking-adjacent facade, professional websites, referral structures, and manufactured testimonials to solicit deposits. The pattern is well-established: early participants receive returns, generating word-of-mouth legitimacy, until the scheme collapses and latecomers lose everything.

The Securities and Exchange Commission of Nigeria (SEC) maintains a public register of unauthorized investment platforms and has repeatedly warned against platforms promising fixed, unusually high returns. Yet enforcement actions often come after victims have already lost funds.

What Banks and Regulators Are, and Are Not Doing

Nigerian banks have invested in fraud detection infrastructure, including behavioral analytics and transaction monitoring systems. The NIBSS fraud management platform facilitates some inter-bank coordination on suspicious activity. The CBN has also pushed mandatory transaction limits and cooling-off periods for certain high-risk operations.

But the regulatory framework still has gaps. Customer reimbursement policies vary widely across institutions. Fraud reporting channels are not always accessible or responsive. And digital and financial literacy among the Nigerian public, though improving, remains uneven, particularly outside major cities.

The most effective protection, at present, remains an informed customer. No bank, no regulator, and no OTP prompt will protect someone who willingly provides their credentials to a convincing caller. The burden, unfairly, still falls disproportionately on the individual.

For official guidance, consult the CBN Consumer Protection Department and report suspected fraud through your bank’s official channels or the NIBSS Fraud Desk.