How AI misuse is fanning digital crime in businesses

Among the growing threats are AI-generated phishing campaigns, where criminals use generative AI tools to create realistic emails, messages and documents designed to trick employees into surrendering passwords, financial credentials or access to company systems.

Unlike traditional phishing emails that were often riddled with spelling mistakes and generic wording, AI-generated attacks can now mimic internal corporate communication styles, local dialects and industry-specific terminology with remarkable accuracy.

“Email remains the fastest and cheapest path to initial access. What has changed is the level of refinement that AI enables in crafting the message that gets someone to click,” Microsoft said in a recent report.

AI enables attackers to localise content and tailor messaging to specific roles within organisations, increasing the likelihood that targets will trust and open malicious communications.

“When AI is embedded into phishing operations, we are seeing click-through rates reach 54 percent, compared to roughly 12 percent for more traditional campaigns. That is a 450 percent increase in effectiveness,” the US tech giant said.

Cybersecurity experts say finance departments, procurement teams and senior executives are becoming prime targets because AI tools can convincingly imitate suppliers, customers, and even company leadership.

Another emerging threat is deepfake fraud. Advances in generative AI now allow criminals to clone voices, manipulate video, and create highly realistic fake content that can impersonate executives, business partners or public officials.

It is commonly known as ‘CEO fraud’, and businesses globally have reported cases where employees authorised fraudulent payments after receiving AI-generated voice calls appearing to come from senior management.

As these generative AI tools become cheaper and more accessible, analysts warn that East African firms face growing exposure to executive impersonation scams and financial fraud.

Security researchers say attackers are also distributing fake AI productivity applications, browser extensions, and “AI assistants” that secretly install malicious code on users’ devices to steal passwords, banking credentials, and confidential company information.

The boom in generative AI tools has created an ideal environment for such scams, with users often eager to download unfamiliar AI applications without verifying authenticity.

Data from the Russian cybersecurity firm Kaspersky shows password stealer attacks in Kenya rose by 83 percent year-on-year in 2025, while spyware attacks increased by the same margin.

Across Sub-Saharan Africa, password-stealer attacks rose by 56 percent while spyware attacks climbed 53 percent. Experts say some of these attacks are increasingly linked to AI-themed lures targeting unsuspecting users and employees.

The Communications Authority of Kenya (CA) data shows that 4.56 billion cyber threat incidents were detected in the country in the quarter to December, marking a 441.27 percent jump from the previous quarter’s 842 million incidents.

The regulator linked the rise to inadequate system patching, limited user awareness of phishing and social engineering and the increasing use of AI-driven and machine-learning tools by malicious actors. The emergence of AI agents (systems capable of autonomously carrying out tasks on behalf of users) is creating another cybersecurity risk.

As businesses increasingly deploy AI agents to automate workflows, analysts warn that these systems can also become attack vectors because they often interact with sensitive corporate systems, databases and third-party applications with limited human oversight.

“AI-powered cybersecurity tools alone will not suffice. Integrating human oversight, governance frameworks, AI-driven threat simulations and real-time intelligence sharing is critical.” Michael Siegel, director of cybersecurity at the MIT Sloan School of Management, said in a recent paper.

For businesses in sectors such as finance, healthcare, and telecommunications, it creates major risks around data privacy, intellectual property leakage, and regulatory compliance.

To counter the growing misuse of AI, cybersecurity experts are recommending self-healing software – programs that use AI and machine learning to autonomously detect, diagnose, and fix system anomalies; self-patching systems; and zero-trust security architectures that assume every access request could be malicious.

Companies are also investing in autonomous defensive systems that use machine learning and real-time analytics to identify suspicious activity, deploy deceptive traps, and respond to attacks before they escalate.

→ [email protected]

Follow our WhatsApp channel for the latest business and markets updates.