6 min read

Cybercrime in West Africa: Beyond the Sakawa Narrative

Cybercrime in West Africa: Beyond the Sakawa Narrative

Why the Old Framing Falls Short

Much of the popular writing on West African cybercrime repeats the same three data points: cybersecurity budgets are thin, awareness is low, and youth unemployment pushes people toward fraud. All three are real, but on their own they describe a symptom picture, not a system. They imply that cybercrime in the region is opportunistic and small-scale — bored, underemployed young men running romance scams from cyber cafés. That picture was already incomplete five years ago. Today it is closer to wrong.

INTERPOL's 2025 Africa Cyberthreat Assessment — the fourth edition of a survey now covering most of the continent's law enforcement agencies — puts a number on the scale of the problem: cyber incidents across the continent between 2019 and 2025 resulted in estimated financial losses exceeding $3 billion, with the finance, healthcare, energy, and government sectors among the hardest hit. More strikingly, cybercrime now accounts for more than 30% of all reported crime in Western and Eastern Africa, and INTERPOL found that two-thirds of African member countries describe cyber-related offenses as a "medium-to-high" share of all crime. This is not a marginal criminal economy. It is one of the primary forms of crime in the region.

The better analytical question isn't "why is West Africa vulnerable to cybercrime" — that's been answered many times over. It's "why has West African cybercrime industrialized rather than declined despite years of awareness campaigns, arrests, and legislation" — and what that tells us about how the underlying system actually works.

The Numbers Have Moved, and the Shape of the Problem With Them

Three trends stand out in the most recent data:

Scam volume is spiking, not plateauing. Suspected scam notifications rose by as much as 3,000% in some African countries over the past year, according to Kaspersky data cited in the INTERPOL report. That kind of growth rate is inconsistent with a "lack of awareness" explanation — awareness campaigns have been running for over a decade. It's more consistent with professionalized operations scaling output, aided by cheap AI tooling for message generation, deepfake voice, and automated targeting.

Business Email Compromise (BEC) has become West Africa's signature export. BEC-related incidents rose significantly, with eleven African nations accounting for the majority of BEC activity originating on the continent, and West African BEC fraud increasingly driven by highly organized, multi-million-dollar criminal enterprises such as the transnational syndicate Black Axe. This matters because Black Axe is not a "startup culture" of freelance fraudsters — it originated as a Nigerian university confraternity (cult) and evolved into a structured transnational organization with cells across North America, Europe, and Asia. U.S. prosecutions bear this out: in November 2024, Nigerian national Babatunde Ayeni was sentenced to 10 years in a U.S. federal court for orchestrating a BEC scheme against real-estate transactions that affected more than 400 victims and stole $19.6 million. That is organized financial crime with international reach, not "cyber café" opportunism.

The workforce behind the scams increasingly includes trafficking victims, not just willing "Yahoo Boys." In Nigeria's December 2024 raid on the Big Leaf Building in Lagos — a seven-story facility used as a scam call center — investigators found over 500 SIM cards and high-end computers used to run romance and crypto-investment scams on WhatsApp, Instagram, and Telegram, and the building operated as a call center targeting victims across the Americas and Europe, with Nigerian accomplices making first contact and foreign partners handling the defrauding. Nigerian authorities have separately noted that some of the people staffing these scam centers may themselves be trafficking victims, coerced into the work — a pattern that closely mirrors the scam-compound model documented in Southeast Asia. This complicates any narrative that treats the perpetrators as uniformly voluntary participants in a "cybercrime startup culture."

Enforcement Is Real, But Structurally Overmatched

It would be inaccurate to say nothing has improved. Law enforcement cooperation across the continent has become measurably more sophisticated:

  • Operation Serengeti (late 2024) led to over 1,000 arrests and identified more than 35,000 victims across ransomware, BEC, and other schemes.
  • Operation Red Card (Nov 2024–Feb 2025), run across seven countries, resulted in 130 arrests in Nigeria alone — including 113 foreign nationals — for online casino and investment fraud, alongside 45 arrests in Rwanda for social-engineering scams that stole over $305,000 in 2024.
  • Operation Red Card 2.0 (Dec 2025–Jan 2026), expanded to sixteen countries, produced 651 arrests and the recovery of $4.3 million, against scams linked to over $45 million in losses and 1,247 identified victims; authorities also seized 2,341 devices and took down 1,442 malicious IPs, domains, and servers.

These are genuinely large operations. But set against the estimated scale of the problem, the ratio is telling: tens of millions of dollars recovered against a continental loss estimate in the billions, and a few hundred to a thousand arrests against scam operations that INTERPOL itself says are outpacing enforcement capacity. The report is candid about why: only 30% of surveyed countries have an incident reporting system, 29% have a digital evidence repository, and 19% maintain a cyberthreat intelligence database, while 86% say international cooperation needs improvement and 75% say legal frameworks and prosecution capacity need to improve.

This is the more useful frame than "weak legislation" alone. It isn't just that laws are missing — many countries now have cybercrime statutes on the books. It's that the infrastructure of prosecution — evidence repositories, cross-border data-sharing agreements, trained digital forensics units — lags far behind the infrastructure of the crime itself, which is cloud-based, encrypted, and jurisdictionally fluid by design.

Sakawa Was Never Just About Culture — It's a Business Model Question

The original framing of "Sakawa" as a culturally tolerant, ritualized fraud practice in Ghana captures something true but risks treating the phenomenon as static folklore rather than an evolving commercial enterprise. Current reporting suggests Ghanaian cybercrime networks have moved well beyond individual ritual practice into organized operations that have extracted over $100 million from Western victims through romance scams and BEC attacks, with the subculture now visibly intersecting with the country's music, fashion, and social media industries — in other words, successful fraud proceeds are being reinvested into legitimate cultural production, which further normalizes and launders the practice socially. That's a materially different (and harder) problem than "cultural tolerance of fraud." It's proceeds-of-crime laundering through legitimate creative economies, which requires financial-crime tools, not just awareness campaigns, to address.

Sextortion and AI Are the Fastest-Growing Threats — and the Old Article Missed Both

Two threats barely existed in the 2020 framing and now dominate current threat assessments:

  • Digital sextortion. More than 60% of African countries surveyed reported an increase in sextortion incidents in 2024, with INTERPOL specifically flagging a rise in AI-generated sextortion material in several countries. This shifts the victim profile: sextortion targets individuals directly, often minors, rather than corporations, and the harm is psychological as much as financial.
  • AI-enabled fraud. INTERPOL's cybercrime director described AI-driven fraud as an emerging threat requiring urgent attention, citing its use in scaling scam messaging and voice-cloning for impersonation. This is a genuine discontinuity from the 2020 threat landscape, where social engineering was manual and comparatively low-volume.

Neither of these fits comfortably into the "unemployed youth, low awareness" model. They point instead to increasingly capable, well-resourced operators adopting the same generative AI tools available to legitimate businesses.

What a Sharper Analysis Should Actually Argue

Pulling this together, four claims hold up better than the "poverty and weak laws" narrative alone:

  1. West African cybercrime is bifurcated, not monolithic. There is still a base layer of low-skill, opportunistic fraud (the "Yahoo Boys" tier), but the growth and the financial damage are increasingly concentrated in organized, multi-jurisdictional enterprises like Black Axe that resemble transnational organized crime groups more than individual hustlers.
  2. The constraint isn't law — it's prosecutorial infrastructure. Most of the gap INTERPOL identifies is operational: data-sharing, forensics capacity, and cross-border cooperation, not the absence of statutes.
  3. Some of the "criminal" workforce is coerced. Trafficking-adjacent labor practices inside scam compounds mean policy responses built purely around deterrence and prosecution of low-level operators may be punishing victims of a labor exploitation system, not just its architects.
  4. The threat surface is expanding faster than enforcement capacity, driven by AI. Enforcement wins like Operation Red Card 2.0 are real but are fighting a threat that scales with cheap generative tools much faster than multilateral police operations can scale.

Sources

  • INTERPOL, Africa Cyberthreat Assessment Report, 4th Edition, May 2025
  • INTERPOL press releases on Operation Serengeti, Operation Red Card, and Operation Red Card 2.0 (2024–2026)
  • Reuters, Al Jazeera, Africanews, and Ecofin Agency reporting on Nigerian EFCC operations (2024–2025)
  • U.S. Department of Justice sentencing records, United States v. Ayeni (Nov 2024)