The Central Bank of Nigeria warned the public on Tuesday to ignore fraudulent messages, emails, and online communications falsely claiming to be from the bank, saying the material was intended to mislead recipients.
In a statement the Central Bank of Nigeria said: "The Central Bank of Nigeria (CBN) wishes to alert members of the public to the circulation of fraudulent messages, emails, and online communications purporting to originate from or be associated with the Bank, which are intended to misinform members of the public."
That statement included a direct description of the scam: "These fraudulent messages, which prompt recipients to click links, peddle false information about the Bank’s leadership, licensing, and policy issues, and are intended to hack personal accounts." The bank told readers that its official address online remains "The official website of the Central Bank of Nigeria remains "
The weight of the alert is in the actions the communications push: recipients are being encouraged to follow links and to hand over information that could expose personal accounts. The CBN said members of the public are strongly advised to refrain from clicking links or sharing personal information on suspicious websites and to report suspect material to the authorities. "Members of the public are strongly advised to refrain from clicking links or sharing personal information on suspicious websites," the bank said, adding: "They are advised to verify the authenticity of all CBN communications through the official website and recognised media outlets, and report any suspected fraudulent site, email, or message to law enforcement authorities."
Context for the warning is immediate. The CBN said the fraudulent communications were circulating during a period when Nigerian private and public enterprises faced repeated cyber threats and alleged data breaches. In the past weeks the Corporate Affairs Commission, Remita Payment Service Limited, Sterling Bank, and other entities faced alleged data breaches, and the Nigeria Data Protection Commission said it had commenced investigations into those alleged incidents.
The bank also said it is strengthening its cybersecurity frameworks in collaboration with relevant agencies to protect the public against digital fraud. That approach acknowledges the scale of the problem: when payments platforms, corporate registries and banks all report breaches or breaches are alleged, spoofed messages that mimic a central regulator can be the easiest vectors for criminals to reach customers.
The tension in the bulletin is sharp and simple. The CBN can tell people where to find verified information and can harden its systems, but it cannot stop every fraudulent email or social post that arrives in an inbox or a messaging app. The CBN warned the public that the false messages "peddle false information about the Bank’s leadership, licensing, and policy issues," details that can sow confusion and prompt clicks — the very action the bank says the fraudsters want to trigger to compromise accounts.
Practical steps the CBN offered are specific: use and recognised media outlets to confirm any communication, avoid clicking unknown links, do not share personal credentials online, and report suspicious sites, emails or messages to law enforcement. The bank said it is working with other agencies on cybersecurity, but it did not lay out a public timeline for when new safeguards would be in place or how incidents would be reported back to affected users.
The most consequential question now is whether the CBN and its partners can shut down the supply of fraudulent communications and tighten protections around the services that feed them before more accounts are compromised. For now, the bank’s instruction is clear: verify first at do not click suspicious links, and report anything that looks like an attempt to mislead or to harvest personal information.
