A WhatsApp notification pops up on a finance manager’s phone.

The managing director needs an urgent payment made to a supplier. The request sounds legitimate. The voice is familiar. There is no reason to doubt it.

Except that the managing director may never have sent the message.

That scenario may sound like science fiction today, but cybersecurity experts warn it is rapidly becoming one of the most significant risks facing Nigerian businesses as generative artificial intelligence (AI) transforms the cybercrime landscape.

That scenario may sound like science fiction today, but cybersecurity experts warn it is rapidly becoming one of the most significant risks facing Nigerian businesses as generative artificial intelligence (AI) transforms the cybercrime landscape.

For years, cyber fraud in Nigeria has largely followed familiar patterns. Fraudsters sent phishing emails riddled with grammatical errors. Fake bank alerts attempted to trick victims into revealing account details. Suspicious links arrived via SMS messages and social media platforms.

Most users eventually learned to recognise the warning signs.

But the next generation of cyber threats may not come with obvious red flags.

Instead, the fraudster may sound exactly like someone you know.

AI fraud: The dangerous evolution of trust

The most alarming aspect of AI-enabled cybercrime is not necessarily the technology itself. It is the exploitation of trust.

Historically, businesses have relied on familiarity as a form of security. Employees trust instructions from known supervisors. Vendors trust long-standing clients. Finance teams trust voices they recognise.

In Nigeria’s business environment, where WhatsApp voice notes, phone calls and instant messaging have become central to daily operations, familiarity often serves as an informal verification mechanism.

That model worked reasonably well when criminals lacked the ability to convincingly imitate real people.

Generative AI is changing that equation.

Modern AI systems can analyse voice samples, replicate speech patterns, imitate writing styles and generate highly convincing conversations. A short audio clip from a podcast interview, conference speech, webinar, YouTube appearance or even a routine WhatsApp voice note may provide enough material for sophisticated voice cloning systems.

The result is a cyber threat environment where hearing a familiar voice may no longer be proof of authenticity.

For many Nigerian SMEs, that represents a profound shift in risk.

Historically, businesses have relied on familiarity as a form of security. Employees trust instructions from known supervisors. Vendors trust long-standing clients. Finance teams trust voices they recognise.

Why Nigerian SMEs are particularly exposed to AI fraud

The threat is especially relevant in Nigeria because of how business is conducted.

Across the country, thousands of SMEs operate in fast-paced environments where decisions are made quickly and communication flows through mobile devices.

Purchase orders are approved through WhatsApp.

Suppliers are coordinated through voice calls.

Invoices are exchanged through messaging platforms.

Managers frequently authorise transactions while travelling or working remotely.

These practices have helped businesses become more agile and responsive. However, they also create opportunities for manipulation.

Unlike large corporations that often employ dedicated cybersecurity teams, multiple approval layers and sophisticated monitoring systems, many SMEs depend on informal processes built around personal relationships and trust.

When a business owner personally authorises payments through voice notes, staff members naturally become conditioned to respond quickly.

That speed can become a vulnerability.

A convincing AI-generated request may arrive during a busy workday, creating pressure to act immediately rather than verify independently.

Cybersecurity specialists warn that this combination of urgency, familiarity and trust makes AI-enabled impersonation particularly dangerous.

Nigeria’s growing cybercrime challenge

The concerns emerge against the backdrop of an already expanding cybercrime problem.

The Economic and Financial Crimes Commission (EFCC) has repeatedly warned about the scale of cyber-enabled criminal activity within Nigeria.

According to the anti-graft agency, cyber-attacks have become one of the fastest-growing categories of crime globally, with increasing digital adoption exposing both individuals and organisations to greater risks.

The Commission previously disclosed that by September 2021 it had secured about 978 convictions, with approximately 80% linked to cybercrime and cybercrime-related offences.

Those figures were recorded before generative AI became widely accessible.

Today, cybersecurity experts fear that AI could dramatically lower the barriers to sophisticated fraud by giving criminals access to tools that previously required extensive technical expertise.

Instead of manually crafting phishing campaigns, attackers can use AI to generate personalised messages.

Instead of impersonating executives through text alone, they can now imitate voices.

Instead of targeting hundreds of victims, they can potentially target thousands simultaneously.

The economics of cybercrime are changing.

And not in favour of businesses.

The human firewall is weakening

Many organisations still think about cybersecurity primarily as a technology problem.

They invest in antivirus software.

They strengthen passwords.

They install security updates.

All of those measures remain important.

However, AI-powered impersonation attacks expose a different reality: the most vulnerable component of any security system is often human behaviour.

The Nigeria Inter-Bank Settlement System (NIBSS) has consistently identified social engineering as a major contributor to fraud within the financial ecosystem.

Social engineering succeeds because it manipulates people rather than machines.

Generative AI supercharges that manipulation.

A fake website can be detected.

A suspicious email can be filtered.

But what happens when the fraudster sounds exactly like the managing director?

What happens when the message reflects the executive’s actual communication style?

What happens when the request appears entirely consistent with previous instructions?

These are the questions businesses must now confront.

AI fraud: Lessons from global incidents

The threat is not theoretical.

Around the world, organisations have already encountered AI-enabled impersonation attempts involving senior executives and financial transactions.

One widely reported incident involved an attempt to impersonate the chief executive of WPP, one of the world’s largest advertising companies, using AI-generated identities and communications.

Such cases demonstrate how rapidly cybercriminal tactics are evolving.

What was once considered advanced nation-state capability is increasingly becoming available through consumer-facing AI applications.

Voice cloning software is becoming cheaper, easier to access and more powerful.

The democratisation of AI innovation is bringing enormous benefits.

Unfortunately, it is also democratising sophisticated fraud capabilities.

Why this matters for Nigeria’s digital economy

The timing of this threat is particularly significant.

Nigeria is aggressively pursuing digital transformation across government, banking, commerce, education and public services.

The country’s growing fintech sector depends on trust in digital systems.

Small businesses increasingly rely on mobile banking and online transactions.

Remote work continues to expand.

Digital commerce is becoming more mainstream.

Every one of these developments creates economic opportunities.

They also expand the attack surface available to cybercriminals.

The National Information Technology Development Agency (NITDA) has repeatedly warned about the growing cybersecurity exposure associated with digital transformation.

The agency notes that cyber incidents can trigger substantial financial losses, reputational damage and operational disruption.

AI-enabled fraud introduces a new layer of complexity because it targets trust itself.

If organisations become unable to verify the authenticity of communications, the efficiency gains delivered by digital tools may become harder to sustain.

What businesses must do now

The most important lesson for Nigerian SMEs is that cybersecurity can no longer be viewed solely as an IT responsibility.

It has become a business governance issue.

Experts increasingly recommend introducing verification procedures that do not rely exclusively on voice recognition or messaging platforms.

Financial transfers should require independent confirmation.

Sensitive requests should trigger secondary verification.

Unusual payment instructions should be validated through separate communication channels.

Dual approval mechanisms should become standard practice.

Most importantly, employees must be trained to understand that familiar voices can now be manipulated.

The goal is not to create fear.

It is to create awareness.

Just as organisations once learned to question suspicious emails, they may soon need to question suspicious voice notes—even when those voice notes appear to come from trusted colleagues.

The future of AI fraud has arrived

For decades, cybersecurity awareness campaigns taught users to be cautious of unknown callers and suspicious links.

Generative AI is rewriting those rules.

The next cybercriminal may not hide behind a fake identity.

They may hide behind a perfect imitation of a real one.

For Nigerian SMEs navigating an increasingly digital economy, that reality presents both a challenge and a warning.

The challenge is technological.

The warning is deeply human.

In the age of AI-powered impersonation, trust remains essential for business, but trust alone may no longer be enough.

The next major cyber attack may not begin with a malware infection or a compromised password.

It may begin with a voice that sounds exactly like someone you know.