Kenya is rapidly emerging as a digital powerhouse in Africa, with internet and mobile phone usage consistently on the rise. By 2028, the country's digital economy is expected to contribute Sh662 billion to the Gross Domestic Product (GDP).
Yet, this impressive growth brings with it significant challenges, particularly in the realm of cybersecurity.
Microsoft's latest research reveals a troubling trend: AI-powered fraud attacks are escalating worldwide. As Kenya's digital marketplace expands, the risk of cyber threats grows proportionally, underscoring the urgent need for robust security measures to keep pace with the accelerated pace of digital growth.
AI is lowering the technical bar for cybercriminals, making it easier and cheaper to generate believable content for attacks at an unprecedented rate.
In Africa, generative AI is driving a new wave of fraud. The National Kenya Computer Incident Response Team (KE-CIRT/CC) reported a significant rise in AI-generated phishing attacks and deepfake scams in the first quarter of this year, making social engineering tactics more convincing and harder to detect.
Overall, 2.5 billion cyber threat events were detected across the country between January and March 2025, a staggering 201.85 percent increase from the previous period.
Deepfake incidents in Africa surged sevenfold from Q2 to Q4 of 2024, as AI tools made it easier to create fake identities and manipulate biometric data.
AI tools are empowering cybercriminals to create sophisticated and convincing scams. By leveraging fake product reviews, AI-generated websites, deepfakes and voice cloning, these malicious actors can launch scams at an unprecedented scale, while maintaining a facade of legitimacy.
It's imperative for both businesses and individuals in Kenya to stay vigilant and informed, as these AI-driven threats continue to evolve.
To help people across the country stay one step ahead, Microsoft’s Cyber Signals report offers insight into the most insidious AI scams on the rise.
Kenya's e-commerce adoption is surging, according to Statista, with user penetration surpassing regional averages. As the third largest e-commerce market in Africa, Kenya is making significant strides.
However, the rise of AI has enabled the rapid creation of fraudulent e-commerce websites, which can now be set up in minutes. These sites mimic legitimate ones, making it difficult for consumers to distinguish between real and fake. AI-generated product descriptions, images and reviews deceive customers into trusting these fake merchants.
AI-powered chatbots further complicate matters by interacting convincingly with customers, delaying chargebacks with scripted excuses and manipulating complaints to maintain a professional facade.
Job and employment fraud is also on the rise. Just earlier this year, the Kenyan government warned citizens about job scams abroad.
Generative AI has made it easier for scammers to create fake job listings, profiles and email campaigns, making fraudulent offers harder to detect. What’s more, AI-powered interviews and automated emails enhance the credibility of these scams.
To tackle this issue, job platforms should implement multifactor authentication to verify employer accounts and use fraud-detection technology to spot fake interviews created by AI, where facial expressions and speech might not match naturally.
Job hunters should watch for signs of job fraud, such as requests for payment, offers that seem too good to be true, unsolicited interview requests via text and no formal communication channels. Scammers may also ask for personal information for "verification."
Job seekers should validate websites by checking for secure connections (https) and using tools like Microsoft Edge’s typo protection.
Tech support scams are deceiving people into paying for unnecessary services by pretending there are problems with their devices or software. Scammers gain access to computers remotely, allowing them to steal information and install harmful software.
Even without the use of AI, tech support scams are very dangerous. In April 2024, Microsoft Threat Intelligence reported that a cybercriminal group called Storm-1811 exploited Windows Quick Assist by pretending to be IT support. They used voice phishing techniques to impersonate legitimate organisations and gain access to users' devices.
Scammers often pretend to be IT support from well-known companies, using social engineering to gain trust and access. Storm-1811's attacks show how social engineering can bypass a company’s security defenses. It involves gathering information about victims and creating credible lures via phone, email or text.
AI tools can make these tactics more effective by quickly organising and generating information.
To effectively counter these scams, it's important to educate employees about the correct procedures for getting helpdesk support. Implementing Zero Trust principles, which enforce the least amount of access necessary for accounts and devices, can also help reduce the damage if an account is compromised.
Employees should be aware that unsolicited tech support offers are often scams, and always seek tech support from trusted sources.
In our rapidly evolving digital economy, the sophistication of AI scams highlights the paramount importance of vigilance and education. By embracing multifactor authentication and Zero Trust principles, we can fortify our defenses and build a resilient digital future for all Kenyans.
The writer is the Microsoft Country Manager, Kenya
