The Central Bank of Nigeria has warned citizens about deceptive messages and links circulating online, designed to hijack personal banking details amid a rising wave of cyberattacks on public institutions.
“These fraudulent messages, which prompt recipients to click links, peddle false information about the Bank’s leadership, licensing, and policy issues, and are intended to hack personal accounts,” the apex bank stated in a press release issued on Wednesday, April 22, 2026, by its Acting Director of Corporate Communications, Hakama Sidi Ali.
The warning follows a major cybersecurity breach at the Corporate Affairs Commission just days earlier, which forced a three-day shutdown of its online portal and allegedly resulted in the exfiltration of up to 25 million documents.
The Growing Storm of Digital Threats
Nigerian public institutions are facing an intensifying wave of cyber threats. The shutdown of CAC portal between April 17 and April 20, 2026, over data unauthorised data breach, has triggered a formal investigation by the Nigeria Data Protection Commission over fears that sensitive corporate and personal data may have been compromised.
This is not an isolated phenomenon. Across the country, digital infrastructure that millions of citizens rely on for daily transactions, business registration, and banking services is increasingly under siege. The convergence of rapid digital adoption with inadequate security frameworks has created fertile ground for malicious actors.
Earlier in April, there was an alleged data breach involving Remita Payment Services Ltd, and Sterling Bank. This adds to the growing records of cyber attacks in Nigeria, where the country ranked among the top 15 countries affected, with 1,219 complainants contributing to nearly $1.6 billion in total losses linked to international cybercrime activities, according to a recent data from Federal Bureau of Investigation.
In 2024, Nigerian financial institutions collectively lost N52.26 billion to fraud, up from N34.59 billion recorded in 2023.
For ordinary Nigerians, the stakes are personal. A single compromised banking credential can wipe out savings, disrupt livelihoods, and take months to resolve—if at all.
Defensive Measures and Regulatory Action
The Bank has clarified that its official website remains the primary channel for verified communication, urging citizens to avoid clicking suspicious links or sharing sensitive personal information online. Verification of any communication attributed to the CBN should be done exclusively through official platforms and recognised media channels.
On the regulatory front, the CBN had already in June 2025 warned Nigerian banks and fintech firms to strengthen their cybersecurity frameworks as the industry moves toward open banking. That directive now appears prescient. The shift toward open banking—designed to increase competition and consumer choice—also expands the attack surface for cybercriminals, making robust authentication protocols and real-time threat detection non-negotiable.
Why This Matters for Nigeria’s Digital Future
Nigeria’s push toward a cashless and digitally inclusive economy depends heavily on trust. If users perceive digital banking as unsafe, adoption could slow, undermining gains made in financial inclusion.
With over half of Nigerian adults now using formal financial services, improved cybersecurity could safeguard millions of users, reduce fraud-related losses, and create new opportunities in cybersecurity, compliance, and digital risk management.
More importantly, building resilient digital systems ensures that Africa’s largest economy can continue expanding its fintech sector—one of the continent’s fastest-growing industries—without exposing citizens to escalating cyber threats.