As Nigerian businesses and individuals increasingly depend on cloud platforms and online communications, cybersecurity experts are raising alarms over a silent yet growing threat, digital deception. From fake emails mimicking senior executives to suspicious late-night messages requesting urgent transactions, cybercriminals are now relying more on human manipulation than complex malware. This shift in attack strategy has exposed significant gaps in traditional cybersecurity systems. An earlier published opinion piece shed light on how cybercriminals are now shifting from traditional malware attacks to more subtle, behaviour-based tactics that exploit trust and human psychology.

Nnennaya Halliday, a cloud security engineer at Netskope, reaffirms the growing danger. “We’re no longer just battling viruses or phishing links,” she says. “Today’s cybercriminals are studying how we talk, how we behave, and how we interact. That’s what makes them so effective.”

The previous article explained that with more individuals and organisations relying on digital tools to communicate and conduct business, the digital space has become a fertile ground for deception. “When someone receives an email from a colleague or superior, they don’t immediately question its legitimacy. That’s the trap,” Halliday explains. “Attackers are using this to their advantage.”

These attacks often come in forms many Nigerians are familiar with: an urgent late-night message, an unexpected request for approval, or a familiar name asking for sensitive information. But while the tactics may appear simple, they are highly strategic. “It’s no longer about brute force,” says Halliday. “It’s about blending in.” Unlike in the past, where firewalls and antivirus software served as primary defences, experts now say those tools are not enough. “Traditional security systems are good at catching what they’re programmed to look for,” Halliday explains, “but deception often hides in what appears normal.”

Behavioural changes have become key indicators of cyber threats. Halliday offers an example: “Imagine an employee who usually logs in between 9am and 5pm. Suddenly, you notice logins at 2 a.m. from a different country. That’s a red flag. The behaviour doesn’t match the pattern.” This shift has led cybersecurity experts to adopt more intelligent, adaptive systems, many powered by artificial intelligence. These systems monitor language patterns, emotional tone, and user behaviour, learning over time what constitutes ‘normal’ activity and flagging anomalies that suggest otherwise.

“AI has changed the game,” Halliday says. “It can tell the difference between someone working under pressure and someone pretending to be that person. It’s not just looking for errors. It’s looking for context.” Language, too, plays a key role in spotting deception. According to the earlier publication, deceptive messages may use fewer first-person pronouns, overly vague or detailed descriptions, and emotionally charged language designed to manipulate.

“People don’t realise how much they give away through language,” says Halliday. “Even phrases like ‘to be honest’ can indicate a lack of sincerity.”
The combination of user behaviour analytics and network forensics is giving cybersecurity teams a much-needed advantage in staying ahead of threats. These tools allow them to trace how data moves, where it goes, and who is accessing it, revealing suspicious patterns that would otherwise remain hidden. Still, experts caution that these technologies must be deployed responsibly. “Monitoring people’s behaviour comes with serious ethical concerns,” Halliday says. “There must be transparency, strict controls, and a clear respect for privacy. You can’t fight deception by becoming intrusive.”

For Nigerian businesses, the lesson is clear: the days of relying solely on antivirus software are over. Halliday concludes, “It’s time to take digital deception seriously. The threat is no longer just technical; it’s psychological. And that makes it even more dangerous.”