A year of growth, threats and greater awareness

DAR ES SALAAM: AS the year 2025 comes to an end, one thing has become very clear in Tanzania: Our daily lives are now more connected to the internet than ever before. From paying school fees using mobile money, filing tax returns online, buying products on e-commerce platforms, attending virtual family meetings and using government digital services such as NIDA or TRA, the internet has become a basic tool in modern life.

The internet is now our modern marketplace, office and social square. But with this increased connectivity has also come an increase in cyber threats, criminal activities carried out using computers, phones or the internet.

This is the story of Tanzania’s cybersecurity in 2025: A year of growing pains, stronger defences and a national wake-up call.

In this year-ender article, we look back at how Tanzania managed the growing challenges of cybersecurity in 2025, the major threats we faced, how government and private companies responded and what ordinary citizens learned along the way. We also examine what needs to be done in 2026 and beyond to keep our digital world safer.

Cybercrime on the rise, but awareness also sharpened

Throughout 2025, Tanzania continued to experience online fraud, identity theft, scams, SIM-swap attacks, fake social media accounts and fraudulent mobile money transactions.

Criminals became more advanced, sometimes using Artificial Intelligence (AI) to create convincing fake messages or voice recordings. The year’s defining moment came in April, with what many now call the “Mobile Money Panic.”

A sophisticated criminal group targeted not the mobile money platforms themselves, but thousands of individuals through a wave of simu swap (SIM swap) frauds combined with convincing phishing messages.

Victims received texts appearing to be from their service providers, urging them to “confirm their details” due to “suspicious activity.” Those who clicked found themselves locked out of their accounts as criminals, armed with stolen information, conducted unauthorised transactions.

For example, many people reported receiving SMS messages claiming to be from banks or mobile money operators, asking them to “confirm their password” or “reset their PIN.” Others received WhatsApp messages pretending to be relatives asking for emergency money. These scams became more sophisticated and more convincing.

While the service providers were quick to reimburse many customers, the psychological impact was profound. For the first time, a mass audience understood that a digital threat could directly and swiftly empty their hard-earned savings. It was no longer a story about “big companies abroad”; it was a personal threat in Kibaha, Mwanza and Zanzibar.

ALSO READ: When rights collide: Reviewing the post election situation in TZ

However, the good news is that awareness also improved. More Tanzanians learned to avoid sharing PINs with strangers, verify numbers before sending money, recognise suspicious links and report fraud to relevant authorities such as TCRA, PCCB or the police.

Government regulations and partnerships made progress

The Tanzania Communications Regulatory Authority (TCRA) continued strengthening policies on cybersecurity. The focus in 2025 included tightening SIM registration and validation, promoting data protection standards, enforcing rules on mobile money operators and pushing for secure digital services.

Furthermore, the Personal Data Protection Act came into full force. This law gave teeth to the concern over how our information is collected and used. Companies now face strict rules and heavy penalties for leaking customer data carelessly. This has started to change the conversation, making data protection a business necessity, not an afterthought.

Mobile money: The most targeted sector

2025 showed once again that mobile money remained the biggest target for cybercriminals in Tanzania. With millions of daily transactions happening through systems like M-Pesa, Mixx by Yas, Airtel Money and HaloPesa, criminals followed the money.

Banks facing more sophisticated attacks

Banks faced more technical attacks like phishing, ransomware and attempts to hack systems or steal customer data. Many institutions invested heavily in security upgrades, employee training and backup data centers. Banks also participated in drills and audits to test their resilience.

Growing use of artificial intelligence, both good and bad

In 2025, artificial intelligence began influencing cybersecurity in two ways: Criminals used AI to create fake voice messages and scam emails, while defenders used AI to monitor financial transactions and analyse network activity.

Social media risks expanded

Social media platforms continued being used to spread misinformation, romance scams, bullying and identity theft. Young people, especially students, were among the most vulnerable groups.

Businesses realised cybersecurity affects profitability

For Tanzanian businesses, 2025 was the year cybersecurity spending stopped being optional. Following high-profile attacks, companies, especially in banking, insurance and logistics, invested heavily in training their staff. Employees learned to spot fake emails, use strong passwords, and follow secure procedures.

“We used to think a strong IT guy was enough,” admitted CEO of a Dar es Salaam-based import firm. “Now we know every employee is a security guard. That phishing training we did in August actually stopped a fake invoice scam that could have cost us millions.” Adoption of local, cloudbased security services also grew.

Tanzanian tech firms rose to the occasion, offering affordable monitoring and protection services tailored for Small and Medium-sized Enterprises (SMEs), which form the backbone of our economy. SMEs in Tanzania began feeling the impact of attacks. Many small businesses reported losing money through hacked social media accounts, fake supplier invoices, or stolen customer payment details.

Schools and universities started paying attention

Education institutions faced challenges such as hacked school WhatsApp groups, false fee messages, data leaks of student records and bullying on social platforms.

Digital public services strengthened security

Government digital services continued upgrading their security. Data protection became an important discussion topic.

Cybersecurity job market expanded

Demand for cybersecurity skills increased. Tanzanian companies actively searched for ethical hackers, analysts and digital forensics experts.

The public awakens: “Hakikisha umelindwa” (make sure you’re protected)

Perhaps the most enduring change of 2025 is the shift in public awareness. The “Mobile Money Panic” sparked a national conversation. Radio call-in shows like Dream FM, popular TV programmes like Wasafi TV and even church and mosque announcements began incorporating basic digital safety tips. The mantra became “Hakikisha Umelindwa” (make sure you’re protected).

Simple lessons spread widely:

•Two is better than one: The use of Two-Factor Authentication (2FA) using both a password and a code sent to your phone became mainstream.

•Think before you click: People became more skeptical of toogood-to-be-true offers and urgent messages. •Update, update, update: The annoying “update your app” notification started being seen as a vital security patch, like fixing a hole in a fence. Ordinary citizens reported cybercrime more frequently, helping stop scammers faster.

Major lessons from 2025

1. Cybersecurity is everyone’s responsibility.

2. Mobile money requires constant vigilance.

3. Strong laws help, but awareness is key.

4. Attacks evolve quickly.

5. Education and training remain the best long-term solution. What to expect in 2026 Stronger laws, better education campaigns, tighter social media monitoring, secure mobile systems and cybersecurity in schools will be priorities.

Final word

2025 was a wake-up call. Tanzania experienced more cyber threats but also became smarter and more alert. A secure Tanzania is a prosperous Tanzania, and cybersecurity is the foundation of our digital future.