Protect Your Business from Online Fraud in Senegal in 2026

In Senegal as elsewhere, online fraud no longer targets only large banks. SMEs, traders and even associations are prime targets because they handle money and protect their access poorly. The good news: most attacks exploit simple human mistakes, and a few habits are enough to cut most of the risk.

Why SMEs are ideal targets

A large bank has a security team. A ten-person SME does not. Fraudsters know this: they cast a wide net, automate their attacks and bet that one victim in a hundred will bite. Most of the time you are not personally targeted, you are caught in a dragnet. It is precisely because the attack is not sophisticated that simple gestures neutralize it.

Threat 1: phishing

Phishing is a message, by email, SMS or WhatsApp, that imitates a trusted source to steal a password or a code. A fake email from your bank, a fake alert from your operator, a fake message from IT support. The trap contains a link to a page that looks like the real one but captures what you type.

How to recognize it

Beware of artificial urgency, "your account will be blocked within an hour", spelling mistakes, odd sender addresses and any link asking for your credentials. The golden rule: never click a received link to log in. Open the official site yourself in your browser. A bank or operator will never ask for your code by message.

Threat 2: the fake-supplier fraud

This is the most costly scam for businesses. A fraudster poses as a regular supplier and sends an invoice with a new account number, claiming a change of bank. The accountant pays without checking, and the money is gone. A variant: the fake executive who orders an urgent, confidential transfer by email.

The fix

Set a simple, non-negotiable rule: any change to a supplier's bank details must be confirmed by a phone call to the known number, never the one given in the email. For large transfers, require dual approval by two people. This single discipline stops almost all of these frauds.

Threat 3: mobile money and WhatsApp fraud

Mobile money scams are massive: fake transfer-received SMS, requests to "send back" an amount supposedly sent by mistake, fake agents asking for your secret code. On WhatsApp, account hijacking is common: a fraudster takes control of one of your contacts' accounts and asks for money or a verification code while pretending to be them.

Never share your mobile money secret code or a verification code received by SMS, with anyone, ever. No legitimate operator will ask for it. If a contact urgently asks you for money on WhatsApp, call them to verify before paying.

Threat 4: account takeover

The theft of access to your email, social media or online banking is often the gateway to everything else. A weak or reused password is enough. The fix comes down to two measures: a unique, long password per service, managed through a password manager, and two-factor authentication enabled everywhere possible.

Mini case study: Teranga Voyages avoids disaster

Teranga Voyages, a fictional but representative Dakar travel agency, received in 2025 an email appearing to come from its partner carrier, announcing a change of bank account for the monthly settlement. The accountant was about to update the beneficiary. But six months earlier the agency had set a rule: any change of bank details is confirmed by a call to the known contact.

The call revealed that the carrier had sent nothing: the email was fraudulent, its address imitating the partner's by a single letter. The transfer would have meant several million francs lost. Lesson: it was not expensive software that saved the agency, but a simple procedure, written down and respected. Technology helps, but human discipline remains the first line of defense.

The minimal action plan for an SME

Enable two-factor authentication on all critical business accounts. Adopt a password manager so you never reuse a password again. Write and post a procedure for validating payments and changes of bank details. Train your teams in one hour on the signs of phishing. Back up your data regularly offline or in the cloud. And designate a reference person to contact at the slightest doubt.

What to do in case of an incident

Act fast. Immediately change compromised passwords, contact your bank or operator to block a transaction, and keep all evidence, screenshots and emails. Report the fraud to the relevant authorities. The sooner you react, the better your chances of limiting the loss.

FAQ

How do I tell if an email is phishing?

Beware of urgency, mistakes, strange sender addresses and any link asking for your credentials. When in doubt, do not click and contact the organization through an official channel you already know.

Is two-factor authentication really useful?

Yes, it is the most effective measure for its cost. Even if a fraudster steals your password, they cannot log in without the second code. Enable it everywhere.

A supplier announces a change of bank account, what do I do?

Never pay the new account without confirming by a phone call to the number you already know, not the one in the email. This is the most costly and most easily avoided fraud.

I was robbed via mobile money, can I get the money back?

Contact your operator immediately and report to the authorities. Recovery depends on speed. The most important thing is prevention: never share your secret code.

Do I need a big budget to protect myself?

No. The most effective measures are free or very cheap: two-factor authentication, a password manager, validation procedures and team training.

Let's talk about your project. If you want to audit your company's digital security and put the right habits in place, we support you simply. Message us on WhatsApp +221 77 596 93 33.