CYBERCRIME AND ONLINE FRAUD IN NIGERIA: UNDERSTANDING THE LEGAL CONSEQUENCES

By Richarmond O. Natha-Alade

Introduction

The rapid advancement of information and communication technology has transformed the way individuals, businesses, and government institutions communicate, transact, and conduct daily activities. From online banking and e-commerce to social media and electronic governance, technology has become an indispensable part of modern life. While these innovations have created immense opportunities for economic growth and social development, they have also given rise to new forms of criminal activity.

Cybercrime and online fraud have emerged as significant threats to individuals, businesses, financial institutions, and governments worldwide. Cybercriminals exploit digital platforms to commit offences such as identity theft, phishing, hacking, cyberstalking, business email compromise, advance-fee fraud, and electronic payment fraud. These offences often result in substantial financial losses, reputational damage, emotional distress, and disruption of business operations.

In Nigeria, the growing prevalence of cybercrime has necessitated a robust legal response. To address these challenges, the Nigerian legislature enacted the Cybercrimes (Prohibition, Prevention, etc.) Act 2015, which was subsequently strengthened through the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024. Together, these laws establish the primary legal framework for preventing, investigating, and prosecuting cyber-related offences.

This article examines the concept of cybercrime, the legal framework regulating cyber offences in Nigeria, and the legal consequences that may arise from engaging in online fraud and related criminal activities.

Understanding Cybercrime and Online Fraud

Cybercrime refers to criminal activities committed through the use of computers, digital devices, communication networks, or the internet. Online fraud, a major category of cybercrime, involves the use of electronic means to deceive individuals or organisations for unlawful financial or economic gain.

The increasing dependence on digital technology has created opportunities for criminals to exploit vulnerabilities in computer systems, financial networks, and online platforms. Common forms of cybercrime in Nigeria include:

• Phishing and identity theft;
• Business Email Compromise (BEC);
• Advance-fee fraud (commonly known as “419” fraud);
• Credit card and ATM fraud;
• Electronic payment fraud;
• Unauthorized access to computer systems and networks;
• Cyberstalking and online harassment;
• Data theft and privacy violations;
• Computer-related forgery; and
• Malware and ransomware attacks.

These offences can affect both private individuals and corporate entities, often resulting in severe economic and reputational consequences.

Legal Framework Governing Cybercrime in Nigeria

1. Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (as Amended in 2024)

The Cybercrimes Act is the principal legislation governing cybercrime in Nigeria. It establishes a comprehensive legal and institutional framework for the prevention, detection, investigation, prosecution, and punishment of cyber offences.

The Act applies throughout the Federal Republic of Nigeria and provides mechanisms for addressing cyber offences that affect Nigerian interests, even where elements of the offence occur outside the country.

Among other things, the Act criminalises various forms of cyber misconduct, including:

Unlawful Access to Computer Systems

Section 6 of the Act prohibits unauthorized access to computer systems, networks, or protected information. Individuals who gain access to computer systems without lawful authority may be liable to imprisonment, fines, or both.

Computer-Related Forgery

Section 13 criminalises the alteration, deletion, suppression, or falsification of computer data with the intention of deceiving another person.

Computer-Related Fraud

Section 14 specifically targets online fraud by criminalising electronic deception, manipulation of computer systems, and fraudulent electronic communications intended to cause financial or economic loss.

Identity Theft and Impersonation

The Act prohibits the unauthorized use of another person's identity, credentials, or electronic profile for fraudulent purposes. Identity theft and impersonation are among the most common cyber offences prosecuted under the Act.

Cyberstalking and Online Harassment

The Act also criminalises the use of electronic communications to threaten, harass, intimidate, blackmail, or cause emotional distress to another person.

2. Criminal Code Act

In Southern Nigeria, the Criminal Code complements the Cybercrimes Act by criminalising offences such as obtaining property by false pretences, forgery, conspiracy, fraudulent conversion, and cheating. Depending on the facts of a case, cyber offenders may be prosecuted under both the Criminal Code and the Cybercrimes Act.

3. Penal Code Act

Similar provisions exist under the Penal Code applicable in Northern Nigeria. The Penal Code criminalises offences including cheating, impersonation, forgery, and criminal breach of trust.

4. Money Laundering (Prevention and Prohibition) Act

Cybercrime frequently generates illicit proceeds. Where offenders conceal, transfer, convert, or integrate such proceeds into the financial system, they may face additional charges under the Money Laundering (Prevention and Prohibition) Act.

5. Evidence Act 2011

The prosecution of cybercrime offences often relies heavily on electronic evidence. Emails, text messages, electronic records, social media communications, computer-generated documents, metadata, and digital transaction records may all be admissible in evidence where the requirements of the Evidence Act are satisfied.

Sections 84 and related provisions of the Evidence Act provide the framework for the admissibility of electronically generated evidence in Nigerian courts.

Enforcement Agencies

Several government institutions are responsible for combating cybercrime and enforcing cybersecurity laws in Nigeria. These include:

• The Economic and Financial Crimes Commission (EFCC);
• The Nigeria Police Force National Cybercrime Centre;
• The Independent Corrupt Practices and Other Related Offences Commission (ICPC);
• The Nigerian Financial Intelligence Unit (NFIU); and
• The Office of the National Security Adviser (ONSA).

The establishment of specialised cybercrime units within these agencies reflects Nigeria's commitment to addressing emerging technological threats and enhancing cybersecurity enforcement.

Judicial Approach to Cybercrime

Nigerian courts have consistently recognised the serious economic, social, and security implications of cybercrime. In recent years, courts have demonstrated a willingness to impose sanctions aimed at deterrence, accountability, and the protection of victims of online fraud and related offences.

The judiciary has also played an important role in interpreting the provisions of the Cybercrimes Act and balancing the need for effective law enforcement with the protection of constitutional rights. As cyber threats continue to evolve, judicial decisions will remain critical in shaping the development of cybercrime jurisprudence in Nigeria.

Legal Consequences of Cybercrime and Online Fraud

Individuals convicted of cybercrime offences may face severe legal consequences, including:

1. Imprisonment

Depending on the nature and gravity of the offence, offenders may be sentenced to varying terms of imprisonment under the Cybercrimes Act and other applicable laws.

2. Monetary Fines

Many cyber offences attract substantial fines, which may be imposed independently or alongside custodial sentences.

3. Asset Forfeiture

Courts may order the forfeiture of funds, bank accounts, computers, mobile devices, digital assets, and other property connected with the commission of cyber offences.

4. Restitution and Compensation

Victims of cybercrime may be entitled to restitution, compensation, or recovery of funds lost through fraudulent online activities.

5. Professional and Reputational Consequences

A conviction for cybercrime often extends beyond criminal sanctions. Offenders may suffer loss of employment, professional disciplinary action, travel restrictions, reduced business opportunities, and long-term reputational damage.

6. Liability for Attempt and Conspiracy

The law does not merely punish completed offences. Individuals who attempt, conspire, aid, abet, counsel, or facilitate cybercrime may also be prosecuted and punished under applicable laws.

Challenges in Prosecuting Cybercrime

Despite significant legislative and institutional advancements, several challenges continue to affect the effective prosecution of cybercrime offences. These include:

• The cross-border nature of cybercrime;
• Difficulties in identifying anonymous offenders;
• Rapid technological developments;
• Limited technical expertise and resources;
• Jurisdictional complexities; and
• Challenges relating to the preservation and authentication of digital evidence.

Nevertheless, increased international cooperation, improved digital forensic capabilities, public awareness initiatives, and institutional reforms continue to strengthen Nigeria's capacity to combat cyber threats.

Preventive Measures for Individuals and Businesses

While law enforcement plays a crucial role in combating cybercrime, prevention remains the most effective form of protection. Individuals and businesses should adopt proactive cybersecurity measures such as:

• Using strong and unique passwords;
• Implementing multi-factor authentication;
• Conducting regular cybersecurity training for employees;
• Verifying financial transactions before execution;
• Maintaining updated antivirus and security software;
• Protecting confidential information through encryption and secure storage; and
• Reporting suspected cyber incidents promptly to relevant authorities.

By adopting these measures, individuals and organisations can significantly reduce their exposure to cyber threats and online fraud.

Conclusion

Cybercrime and online fraud pose significant threats to Nigeria's economic development, financial system, and national security. Through the Cybercrimes (Prohibition, Prevention, etc.) Act 2015, as amended in 2024, Nigeria has established a comprehensive legal framework for preventing, investigating, and prosecuting cyber offenders.

The legal consequences of cybercrime are severe and may include imprisonment, substantial fines, asset forfeiture, restitution orders, and lasting reputational damage. As technology continues to evolve, individuals and organisations must remain vigilant by implementing effective cybersecurity measures and ensuring compliance with applicable laws.

Combating cybercrime requires a collaborative effort involving government agencies, law enforcement authorities, businesses, legal practitioners, and the public. Through sustained enforcement, public awareness, and responsible use of technology, Nigeria can continue to strengthen its digital economy while protecting citizens from the growing menace of cybercrime and online fraud.

At Sun Natha Alade & Partners, we remain committed to providing legal guidance on cybersecurity, technology law, regulatory compliance, digital investigations, and related legal matters. Seeking timely legal advice can be crucial in preventing cyber risks and protecting both personal and corporate interests in an increasingly digital environment.

Disclaimer

This article is provided for general informational and educational purposes only and does not constitute legal advice. Readers are encouraged to seek professional legal counsel regarding any specific legal issue or circumstance. Receipt of this article does not create a solicitor-client relationship between the reader and Sun Natha Alade & Partners.

Author

Richarmond O. Natha-Alade
Legal Practitioner | Corporate & Commercial Law Enthusiast | Cybersecurity and Technology Law Advocate