13 Million Phishing Attempts in Algeria: Kaspersky’s 2026 Enterprise Defense Wake-Up

The Number That Should Be in Every Algerian Board Pack

For most Algerian CFOs and IT directors, “phishing” still sounds like a 2018 problem solved by a Microsoft 365 license. The 2024 Kaspersky data says the opposite. According to Algerie360’s coverage of the Kaspersky report, more than 13 million phishing attempts were blocked against Algerian users in 2024 — a 17% increase on 2023. On top of that, nearly 750,000 malicious email attachments were intercepted, and total cyberattacks against the country crossed 70 million events.

For perspective, Kaspersky’s global press release puts the worldwide total at 893 million phishing attempts in 2024, up 26% from 710 million in 2023. Algeria, with a population of roughly 47 million, absorbed almost 1.5% of the global volume — a share well above its slice of global internet users. The same release notes that 47% of corporate email traffic was spam, and attackers leaned heavily on brand impersonation of Booking, Airbnb, TikTok, and Telegram alongside crypto-themed lures around Hamster Kombat and TON wallets.

Three things make these numbers actionable for Algerian enterprises in 2026: the speed of growth (17% local vs 26% global means attackers are still scaling their Algeria operations), the email-attachment vector (750,000 attempts is a credible compromise pipeline), and the legitimacy of the timing — Algeria adopted its 2025-2029 National Cybersecurity Strategy on March 3, 2026, giving boards a regulatory tailwind to fund the work.

What 70 Million Cyberattacks Actually Look Like in an Algerian Network

The 70 million figure is not “70 million successful breaches.” It is the count of detection events Kaspersky’s installed base in Algeria saw across the year — phishing URLs blocked, malicious attachments quarantined, exploit attempts stopped, infected files flagged. The useful interpretation is volumetric: an average Algerian enterprise with 500-2,000 endpoints, depending on its industry exposure, will see thousands of these events per month even without a targeted campaign.

The composition matters more than the headline number. Globally, Kaspersky’s 2026 Global Report on Security Services shows that exploitation of public-facing applications, valid accounts, and trusted relationships account for more than 80% of all initial-access vectors in 2025. Trusted-relationship attacks — where a vendor or partner is compromised first and used as the launchpad — climbed from 12.8% to 15.5% year-over-year. For Algerian banks, hydrocarbons firms, and telcos that run dense supplier ecosystems (oilfield services, payment switch partners, network integrators), that single shift is the most important signal in the report.

The local variant of this pattern is the classic invoice fraud sequence: a compromised partner mailbox sends a payment-redirection request from a real domain, and the receiving Algerian finance team — operating under the same MS365 tenancy with no domain-based message authentication enforced — wires funds to an attacker-controlled IBAN. Multiple Algerian banks have absorbed losses of this shape in the last 18 months. None will speak publicly, but the Africa Newsroom Kaspersky press section tracks the regional cadence well enough to confirm the pattern is regional, not anecdotal.

Why Algeria Is Being Scaled, Not Targeted

It is tempting to read 13 million phishing attempts as evidence of a state-grade campaign against Algeria. The evidence does not support that framing. The dominant brand impersonations Kaspersky catalogued — Booking, Airbnb, TikTok, Telegram, Hamster Kombat — are global consumer lures, not Algeria-specific ones. The Algerian victim profile being optimised for is the salaried employee with a personal Gmail, a corporate Outlook, and a credit card or wallet usable for fraud monetisation. Attackers are scaling a generic Arabic-and-French phishing kit, not commissioning a bespoke one for Sonatrach or BNA.

That changes the defensive priority. The right question is not “are we being targeted?” — it is “do we sit downstream of an industrialised phishing supply chain, and have we hardened the choke points it has to pass through?” Those choke points are well known: the corporate email gateway, the identity provider, the browser, the helpdesk that resets MFA, and the brand surface (lookalike domains, fake login pages, fake mobile apps) that attackers use to harvest credentials before any email is sent.

The macro context confirms the urgency. The International Telecommunication Union’s 2024 Global Cybersecurity Index places Algeria in Tier 3 (“establishing”), recognising solid policy and legal frameworks alongside a clear opportunity to scale operational capacity in step with the threat. The 2025-2029 strategy is the vehicle for that next step. As the national operational layer continues to mature, individual enterprises have the parallel opportunity to invest now in their own controls and absorb today’s volume themselves.

What Algerian CISOs Should Do Now

1. Move the email gateway from “antivirus tier” to “active-defence tier” within 90 days

Most Algerian enterprises still run an inline antivirus on top of Exchange or Microsoft 365 and call that the email security stack. Against a 13-million-attempt-per-year volume, that posture leaks. The 90-day upgrade target is: enforce DMARC at p=reject on every owned domain, enable Kaspersky’s recommended advanced anti-phishing on the primary mail gateway (or a peer product — Proofpoint, Mimecast, Cisco Secure Email), and turn on attachment sandboxing for every external email. Specifically reject macros and unsigned executables at the gateway, not at the endpoint. The 750,000 malicious attachments figure should be read as your annual lower bound on quarantine events — under-provisioned licences will silently fail-open. Budget a per-mailbox-per-year line of US $10-30 for this tier and stop debating it in steering committees.

2. Stand up a brand-protection and lookalike-domain monitoring service for the bank/telco brand

Phishing campaigns against Algerian targets reuse the same trick: register a near-miss domain (cpa-bank-dz dot com, djezzy-promo dot net, ooredoo-alger dot info), stand up a clone of the real login page, and run paid social plus SMS to drive Algerian victims to it. The defensive response is a managed brand-protection feed that monitors newly registered domains containing your brand strings across the top 30-40 TLDs (.com, .net, .info, .dz, .africa, .top, the new gTLDs), plus takedown SLAs of 24-48 hours through registrar abuse channels and Cloudflare-style intermediaries. Several vendors run this as a service for US $20-60K per year per brand — well under the cost of a single successful credential-harvest incident on a customer-facing portal. A documented brand-protection runbook should sit alongside the existing fraud-prevention controls at every major Algerian bank and telco — CIB Algeria, BNA, AGB, Djezzy, Mobilis, and Ooredoo — and 2026 is the right window to put one in place.

3. Mandate phishing-resistant MFA (FIDO2/passkeys) on every privileged and finance-adjacent account by end-2026

SMS OTP and push-based MFA are the two factors the 2024-2025 attacker toolkits explicitly defeat — adversary-in-the-middle frameworks (Evilginx, Tycoon 2FA, EvilProxy) replay the session token in real time, and “MFA fatigue” push bombing wears down users until one approves. The only deployable defence at scale is hardware-backed phishing-resistant MFA: FIDO2 security keys or platform passkeys bound to a verifier on the same origin. Scope the rollout in three tiers: privileged IT and security accounts first (Q3 2026), then finance, treasury, and procurement (Q4 2026), then customer-facing branch staff (H1 2027). The hardware cost is roughly US $25-50 per key per user, dwarfed by the SOC-hours saved on MFA-fatigue triage alone. Pair this with a documented helpdesk-callback policy: no MFA reset without a verified out-of-band call to a number the requester does not control.

4. Build a 24/7 SOC capability — buy it before you build it

The 70-million-attack volume is not survivable on a 9-to-5 detection schedule. Algerian enterprises with under 5,000 employees should not attempt to stand up an in-house 24/7 SOC in 2026 — the analyst market is thin, salaries are climbing 25-40% year-over-year, and the institutional knowledge takes 18-24 months to compound. The right move is a managed detection and response (MDR) contract with a vendor that has Arabic-and-French analyst coverage and visibility into the regional threat actors. Kaspersky, Sekoia, Orange Cyberdefense, Deloitte, and PwC all sell into the Algerian market; expect to pay US $40-120 per endpoint per year for full MDR coverage with documented response SLAs. Specify the contract by mean-time-to-acknowledge (≤15 minutes for critical alerts) and mean-time-to-contain (≤4 hours), not by analyst headcount. Re-evaluate the in-house option once you cross 8,000-10,000 endpoints.

5. Run a quarterly red-team phishing test calibrated to the 13M-attempt landscape

The single fastest way to convert the Kaspersky data into board-level urgency is to commission a quarterly phishing simulation that mirrors the live threat — Arabic-and-French Booking, Airbnb, and TON wallet lures pointing at a lookalike of your real login portal. Target a 10-15% click rate as the baseline finding (the global enterprise average per multiple security-vendor benchmarks), then drive it under 3% within 12 months through targeted retraining of the click-prone cohorts. Publish the click-rate trendline to the board every quarter. Pair this with a “report-phishing” button in Outlook and Gmail that feeds the SOC queue, and reward — do not punish — the first 10 employees per month who flag a real campaign. The cultural shift from “IT problem” to “every-employee problem” is what makes the technical controls above stick.

The Bigger Picture

The 13 million figure is not a one-year spike — it is a baseline. Algerian enterprises that ignored the 2023 number have already been hit; the ones that ignore the 2024 number will be hit harder in 2026 as attacker tooling continues to industrialise. The corrective frame is to treat 2025-2026 as the window in which Algerian banks, telcos, and large industrials transition from “antivirus + firewall” to “identity + email gateway + MDR + brand protection,” with a CISO who reports to the CEO and a board that reviews phishing-test trendlines every quarter. The 2025-2029 National Cybersecurity Strategy gives that work official cover. The Kaspersky data gives it a number the CFO can underwrite. The next 12 months are when the choice between leading the curve and absorbing the losses gets made.

Frequently Asked Questions

Sources & Further Reading