Phishing Scams Targeting Internet Users in Nigeria
Nigerian internet users face a high volume of phishing attacks targeting bank account credentials, BVN numbers, and mobile money wallets, with criminals using cloned banking portals and SMS spoofing to harvest financial access.
Part of: Phishing
Last reviewed: 1 June 2026
Nigeria's rapidly expanding digital banking and mobile money sector has made phishing a critical financial crime. Fraudsters clone the login pages of popular Nigerian banks and fintech platforms — Opay, PalmPay, GTBank, First Bank — and distribute fake links via SMS, WhatsApp, and email to capture account credentials.
The Bank Verification Number (BVN) — a unique biometric identifier linked to all of a user's bank accounts — is a high-value phishing target. Compromising a BVN gives scammers a master key to link fraudulent accounts and drain savings across multiple banks.
How this scam works on Nigeria
Victims receive an SMS that appears to come from their bank, warning that their account will be suspended unless they verify their BVN or update their details through a link. The link leads to a convincing clone of the bank's website. Entering credentials hands them directly to the scammer.
Mobile money phishing targets Opay and PalmPay users with fake customer-support contacts. Victims are told their transaction has been flagged and they must provide their PIN to clear it — PIN details are then used to empty the wallet.
Email phishing campaigns impersonate the Central Bank of Nigeria (CBN), the Economic and Financial Crimes Commission (EFCC), or FIRS, claiming the recipient owes taxes or is under investigation, and directing them to provide bank details to resolve the matter.
Common red flags
- SMS or WhatsApp message claiming your BVN needs urgent verification via a link
- Fake bank support accounts with names like 'GTBank-Support' or 'OPay_Help' asking for PIN
- Emails impersonating the CBN or EFCC demanding immediate financial information
- Login pages whose URL differs slightly from the official bank domain
- Any message asking you to confirm your full account number and PIN together
How to protect yourself
- Access your bank only through the official app downloaded from the Google Play or App Store
- Never click links in SMS or WhatsApp messages claiming to be from your bank — go directly to the app
- Enable transaction alerts so you know immediately if your account is accessed
- Never share your BVN, PIN, or OTP with anyone, including people claiming to be bank staff
- Activate two-factor authentication on all financial apps
How to report it
- Report to your bank's fraud line immediately and request a card/account freeze
- File a report with the EFCC at efcc.gov.ng or call the EFCC hotline
- Report to the Nigerian Communications Commission (NCC) for SMS spoofing cases
Frequently asked questions
What makes BVN phishing so damaging in Nigeria?
The BVN is linked to every bank account a person holds in Nigeria. If scammers obtain your BVN along with other personal details, they can potentially use it to impersonate you across multiple banks, apply for loans, or link fraudulent accounts. Protect your BVN as carefully as your PIN.