By Benjamin Abiemo, Head of Cybersecurity Management, Absa Bank Ghana LTD

Your phone rings. A calm, professional voice tells you there has been unusual activity on your bank account. They know your name, sound like someone who works at your bank, and ask you to confirm your identity by sharing a one-time password (OTP) that has just been sent to your phone. You hesitate at first, but the voice is reassuring, the situation feels urgent, and the request sounds reasonable. You read the code aloud. Within seconds, your money is gone.

This is a scenario that is happening across Ghana every single day, to people who are careful, educated, and otherwise vigilant about their finances.

It is not about intelligence

There is a stubborn myth that fraud victims are naive or careless. The evidence, however, says otherwise. An investigation of a wave of mobile money fraud cases in the first quarter of 2025 revealed that many of the victims were lawyers, doctors, and even cybersecurity professionals. The uncomfortable truth is that falling for a well-executed scam has very little to do with how smart you are. It has everything to do with how the human brain responds under pressure.

Research from the 2025 Verizon Data Breach Investigations Report, one of the most comprehensive annual studies of cybercrime globally, found that the human element was a factor in approximately 60% of all data breaches worldwide. Not software vulnerabilities or system failures… people. Globally, there were over 4,000 reported social engineering incidents last year alone, and 85% of those resulted in confirmed data loss. Meanwhile, studies show that the median time for a person to fall for a phishing attempt is less than 60 seconds. That is not enough time for rational deliberation. It is barely enough time to think.

Social engineering, the practice of manipulating people into revealing confidential information, succeeds not because its targets are not smart, but because it exploits the mental shortcuts all human beings rely on. Understanding how those shortcuts are exploited is the first step toward defending yourself against them.

The three levers: urgency, authority, and trust (U-A-T)

Every successful social engineering attack pulls on one or more of three psychological levers. Once you learn to spot them, you can stop them.

URGENCY is the most common. The scammer manufactures a crisis: your account has been compromised, a transaction needs to be reversed immediately, an opportunity will expire within minutes. The goal is to create a sense of panic that hijacks your ability to think carefully. When we feel time pressure, we default to compliance. We stop asking questions and start following instructions. That instinct to act now and think later is exactly what the attacker is counting on.

AUTHORITY is the second lever. Human beings are conditioned from childhood to defer to institutions and figures of authority. When someone says, “I am calling from your bank,” or “This is the fraud department,” it triggers a deeply ingrained response: comply. Earlier this year, a fraudulent scheme circulated on social media and messaging platforms in Ghana, falsely offering Ahomka Loans, a legitimate micro-loan product offered through a partnership between Absa Bank Ghana, MTN, and Jumo. The scammers did not invent a fictitious product. They exploited a real one, created unauthorised links and online forms to harvest sensitive mobile money information, including mobile money PINs. The reason tactics like this are dangerous is precisely because the product is genuine. The authority of a real product, a real bank, and a real partnership was hijacked to make the deception almost indistinguishable from reality. For the record: Ahomka Loans can only be accessed by dialling *170# and selecting Financial Services, then Loans, then Ahomka Loan. There is no other legitimate channel.

TRUST is the third lever, and it is becoming increasingly sophisticated. In another incident this year, a video circulated on social media promoting a scheme called the “Abena Mensah” method, which promised life-changing income from an initial payment of GHS 550. The video featured what appeared to be a series of personal testimonials, all of which were generated using artificial intelligence. It never mentioned Absa Bank by name, but it did not need to: the AI-generated individuals were filmed against a backdrop that included Absa branding and automated teller machines, creating a visual association strong enough for viewers to assume the scheme was linked to the bank. This is trust engineering at its most calculated: the scammers did not need the bank’s endorsement. They only needed its logo in the background.

It is worth knowing that while AI-generated video is improving rapidly, it still carries telltale signs. Lip movements fall slightly out of sync with the audio; you may notice unnatural lighting or skin textures; shadows may not match the scene. Finally, its claims may sound compelling but the video will offer no verifiable company contact, no official website, and no way to confirm the opportunity through legitimate channels. None of these signs is conclusive on its own, but together they are a strong signal that what you are watching may be a scam.

The true scale of the problem

These are not isolated incidents. They are symptoms of a crisis that is growing faster than most people realise.

Ghana’s Cyber Security Authority reported that the country lost more than GH¢19 million to cybercrime in the first nine months of 2025 alone: a 17% increase compared with the same period in 2024. Reported cyber incidents jumped from 1,317 in the first half of 2024 to 2,008 in the first half of 2025, a 52% surge. Online fraud and impersonation account for over 90% of total financial losses. A peer-reviewed survey published in 2025, examining mobile money fraud across six African countries including Ghana, found that between 58 and 72% of all mobile money fraud is attributable to social engineering.

These numbers become even more sobering when you consider the size of the ecosystem under attack. According to the Bank of Ghana’s 2024 Payment Systems Oversight Report, the total mobile money transaction value in Ghana reached approximately GH¢3.01 trillion in 2024, up roughly 57% from 2023. Every one of those transactions represents a potential point of vulnerability, not because the technology is flawed, but because the people using it are human, and humans can be manipulated.

What you can do: pause, verify, protect

If you have read this far, you already have the most important tool at your disposal: awareness. The psychological levers I have described (urgency, authority, and trust) only work when they take you by surprise. Once you know what to look for, you can protect yourself.

PAUSE. When someone creates a sense of urgency, treat that urgency itself as a warning. Legitimate institutions do not require you to act within the next 30 seconds. If a caller, message, or email pressures you to act immediately, that pressure is the single clearest sign that something is wrong. Slow down.

VERIFY. Hang up and call back on a number you know to be genuine; the number on your bank card, your banking app, or the institution’s official website. Never follow a link sent by message, regardless of how authentic it appears.

PROTECT. No legitimate institution (Absa Bank included) will ever ask you for your PIN, password, OTP, or verification code. Anyone who does, regardless of how professional they sound or how convincing their story may be, is attempting to defraud you. Do not scan QR codes or click links from unsolicited messages. Navigate directly to the bank or operator’s official channel.

If you encounter anything suspicious, report it. You can reach Absa Bank Ghana’s 24/7 Contact Centre on +233 30 242 9150 or call the toll-free number (MTN and Telecel only) on 0800 222 333. You can also report security concerns directly to secmon@absa.africa.

The pause that protects you

Social engineering is, at its core, an attack on your ability to think clearly in the moment. Every technique I have described, the manufactured urgency, the borrowed authority, the fabricated trust, is designed to compress your decision-making into a window so small that instinct overrides your judgement.

The most effective defence is not a piece of software or a security protocol. It is the pause between the moment you encounter the offer and the moment you act. That pause is the one thing no scammer can engineer away from you… use it.

ENDS