As the festive season approaches, African users of mobile money services face a growing risk of cybercrime. Cybersecurity company ESET Africa has issued a warning that phishing, SIM-swap fraud, and social-engineering attacks are expected to spike during year-end transfers.
The alert comes as families across the continent send money to relatives for Christmas, creating opportunities for criminals to exploit the urgency and goodwill of the season. Fraudsters are increasingly using holiday-themed phishing campaigns, hijacking SIM cards of accounts with high balances, and tricking users into sharing sensitive information through impersonation or social pressure.
“Trust in mobile money doesn’t happen instantly – it’s built one safe transaction at a time,” said cybersecurity engineer Allan Juma.
Juma added that even one successful scam can damage confidence not just for victims, but for their wider social networks. “When someone gets scammed, they often stop using mobile money and warn friends and family to do the same, creating a ripple effect that stalls progress for everyone.”
Security Gaps in Mobile Money Services
Many mobile-money platforms have struggled to match the growing trust users place in them. Unlike traditional banking apps, some still rely on four-to-six-digit PINs and lack advanced encryption.
“These weaknesses make it easier for criminals to intercept data, hijack accounts, and slow down the adoption of digital finance,” Juma said.
The warning from ESET comes amid sobering data from Kenyan cybersecurity firm Serianu. Their 2025 Africa-wide study, based on responses from 280 organisations, estimated total cyber-related losses at $5 billion, with Kenya alone losing around $230 million this year.
According to the report, payment fraud was the most common security incident. Online and email fraud together accounted for 40% of reported cases and roughly 32% of total estimated losses.
The Rise of AI-Enabled Blended Attacks
Serianu’s findings also highlight a growing threat from AI-enabled attacks that combine phishing, credential theft, ransomware, and impersonation across financial and public-sector systems.
“Companies need to move from reactive security measures to resilience-oriented strategies,” said William Makatiani, Serianu CEO. “Attackers are evolving faster than defenders, and artificial intelligence, once seen as a safeguard, now demands a full rethink of system and data protection.”
Juma emphasized that consumers also play a crucial role in preventing fraud. Basic measures like enabling two-step verification and being alert to suspicious messages requesting PINs or personal information can protect users during the high-volume festive period.
As mobile money adoption continues to rise across Africa, these security gaps, combined with the holiday surge in transactions, risk undermining trust in the continent’s fast-growing digital finance sector.