Africa’s Low Ranking On Phishing Resilience, BBC Breach, TikTok Celeb Accounts Compromised!

**Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense. Per the FBI’s 2022 IC3 Report, 300,497 US-based victims reported phishing incidents in a single year. DMARC with p=reject prevents attackers from spoofing your domain in phishing campaigns.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

Africa is Underprepared To Combat Phishing Attacks!

Africa’s cybersphere is not well-prepared to fight the advanced and well-equipped threat actors. In the last couple of years, Africa has witnessed a gradual surge in the cases of phishing attacks, especially targeted at SMBs.

As of 2025, DMARC is mandatory under multiple compliance frameworks. CISA BOD 18-01 requires p=reject for US federal domains. PCI DSS v4.0 mandates DMARC for organizations processing payment card data as of March 2025. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and Microsoft began rejecting non-compliant email in May 2025. The UK NCSC, Australia’s ASD, and Canada’s CCCS all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.

As per a recent survey by KnowBe4, **Africa is lagging behind when it comes to phishing resilience. The main reason behind this low ranking is the lack of training . African individuals are not well trained to cope with state-of-the-art hacking schemes of threat actors. Their lack of awareness is resulting in increased instances of phishing attacks across different sectors. The same report suggests that 1 in 3 individuals fall prey to fraudulent cybercrimes.

Slow economic development, lack of adequate resources, infrastructural and humanitarian struggles, energy crisis as well as poverty are some of the crucial factors that have led to Africa’s poor ranking in cybercrime resilience. Because of these pressing issues, authorities are less bothered about cybercrimes, and hence, compliance laws and regulations are not that stringent.

Africa can significantly enhance its cybercrime resilience by opting for public-private partnerships in order to cater to the demand for **skilled digital experts and advanced infrastructure. Also, special attention should be given to harmful technologies such as deepfakes. The government must come up with policies that educate and train the younger generation regarding cybersecurity and anti-phishing tactics. Addressing the **unemployment issue will also eventually bring down the rate of cybercrimes to some extent.

BBC Breach Results in Pensioners’ Data Breach!

Over 25,000 existing and former employees at BBC were exposed to a huge data breach whereby their personal details got leaked because of a ‘data security incident.’ BBC has finally opened up about the breach that compromised the private details of the BBC pensioners. The ‘My Pension’ website by BBC mentions about the data breach whereby the threat actors managed to access and copy sensitive details of the pensioners from a cloud setup storage system. Threat actors accessed personal details like name, date of birth, National Insurance Number, address, gender, etc. BBC has assured the pensioners that vital details such as bank account details, email addresses, financial information, telephone numbers, passwords, usernames, etc. have not been compromised. Also, BBC has onboarded specialists to conduct detailed analysis whereby they have concluded that the accessed data, too, haven’t been put to any kind of misuse yet and that those copied files are being closely monitored. Also, BBC has mentioned that the pension scheme is going on seamlessly, and the data breach has not affected the operations at all.

BBC is still investigating the unfortunate incident and has ruled out any possibility of ransomware attacks. It has advised the affected pensioners to stay vigilant and stick to safe cybersecurity practices.

TikTok A-Lister Accounts Get Compromized!

Threat actors have now targeted the insanely popular short-form video-sharing platform TikTok. The primary targets are the high-profile celeb accounts. Forbes mentioned this attack as a zero-click campaign whereby threat actors are trying to gain control over the celeb accounts on TikTok. The basic process involves malware infiltration through DMs or direct messages and thus does not require any malicious links to be clicked.

TikTok has **not yet announced the exact number of creators whose profiles have been impacted by this incident. However, the short-form video-sharing platform has already taken suitable measures to prevent similar incidents in the future.

TikTok is directly working with the affected account holders to help them gain their access back. They have also stated that the threat actors could affect only a handful of TikTok creators. However, they have been tight-lipped about attack specifications and the mitigation tactics they are using.

Unfortunately, TikTok has also been exposed to cyberattacks multiple times in the past. In 2021, a minute flaw almost enabled a hacker to create a **whole database out of user details. In 2022, Microsoft helped prevent a one-click attack in which creators would have lost their accounts forever by clicking once on malicious links. In 2023, almost 7,000,000 TikTok accounts were compromised in Turkey because of SMS messages in insecure channels.

Moreover, TikTok’s Chinese roots have already led to its ban in several countries, such as India, Somalia, Nepal, and Kyrgyzstan. Also, nations including Canada, the UK, the USA, New Zealand, and Australia have barred people from using TikTok on government devices. Keep up with the latest in cybersecurity news at DMARCreport.com.

Sources

• CISA Binding Operational Directive 18-01
• Microsoft Outlook DMARC Enforcement May 2025 (2025)
• PCI DSS v4.0 - DMARC Requirement (2025)