AI – The new face of fraud

Technology is evolving faster than ever,  and so are the criminals who use it. While artificial intelligence (AI) is transforming the way businesses operate, it’s also creating a new wave of sophisticated fraud that’s catching many South African companies off guard.

From AI-generated emails that sound just like your CEO to deepfake videos convincing enough to authorise million-rand payments, digital deception has entered a new era.

If you think your business is too small to be targeted, think again.

The rise of AI-driven fraud

In recent years, South Africa has seen a spike in cybercrime, with small and medium-sized businesses being particularly vulnerable. According to the South African Banking Risk Information Centre (SABRIC), online business fraud has increased sharply, and criminals are now using AI to make their scams far more convincing.

Here’s how it works:

• Voice cloning allows fraudsters to replicate a person’s voice from just a few seconds of audio, such as a social media video or a podcast clip.
• Deepfake videos use AI to generate realistic images and videos of people saying or doing things they never did.
• AI-written emails or WhatsApp messages mimic tone, writing style, and signature details, making traditional “phishing” scams far harder to spot.
  

What used to be an obvious scam now looks frighteningly legitimate.

Real-world examples of AI fraud

While most South African cases are still under investigation or kept private, international incidents highlight the scale of the problem, and they’re a warning sign for local businesses:

• In one widely reported case, a UK company lost over R3 million after a finance employee received a deepfake phone call from a “CEO” authorising a wire transfer.
• A similar technique was used to mimic the voice of a German executive in a cross-border payment scam.
• Locally, several South African firms have reported AI-generated phishing campaigns that perfectly match their branding and communication style.

The message is clear: AI-driven fraud is no longer futuristic… It’s happening now!

Why South African businesses are at risk

South Africa’s business landscape presents a perfect storm for this kind of crime:

• Many companies are digitally active but under-protected, especially SMEs.
• Email and WhatsApp remain primary communication channels, both easy targets for impersonation.
• Limited cybersecurity budgets mean fraud awareness training is often overlooked.
• The rise of remote and hybrid work has made verification protocols less rigorous.

Even one fake message or call can lead to a financial loss, data breach, or reputational crisis.

Spotting the signs

AI-generated scams are designed to feel familiar and urgent. Watch for red flags such as:

• Messages from executives requesting unusual or time-sensitive payments.
• Subtle errors in grammar, formatting, or contact details.
• Emails that bypass normal approval chains or urge secrecy.
• Video or audio calls where speech patterns seem slightly off or unnatural.
• Unexpected changes in banking details or supplier payment instructions.
  

If something feels “off,” it probably is.

The financial and compliance impact

The impact of AI-related fraud goes far beyond the immediate loss of money.

• Cash flow disruption: Even small fraudulent transfers can destabilise operations.
• Reputational damage: Customers and partners lose confidence quickly after a security breach.
• Regulatory risk: Companies that fail to protect data or funds may face penalties under South Africa’s POPIA and Cybercrimes Act.
• Operational downtime: Recovering from a fraud incident can take weeks and involve costly investigations.
  

How businesses can protect themselves

Preventing AI-enabled fraud requires both technology and awareness.

Here are practical steps every South African business should take:

1. Strengthen verification protocols

• Always confirm payment requests through multiple channels (e.g. phone call + email).
• Set strict rules for authorising large or unusual transactions.
• Verify voice or video instructions directly with the person involved.
  

2. Educate your team

Fraud awareness training is no longer optional. Employees should know what deepfakes are, how to recognise AI-generated content, and when to escalate suspicious communications.

3. Secure your systems

• Enable two-factor authentication for all financial systems.
• Regularly update passwords and access permissions.
• Use reputable cybersecurity software and backup solutions.

4. Protect your digital footprint

The less personal and professional data online, the less material fraudsters can use. Be cautious about sharing video or voice content that could be cloned.

5. Work with trusted advisors

Accountants and consultants can play a key role in identifying unusual financial patterns or flagging inconsistencies that may indicate fraud.

AI isn’t the enemy. Complacency is.

AI itself isn’t the problem; it’s how it’s used. Forward-thinking businesses are adopting AI tools for automation, analytics, and decision-making. But the same power can be turned against you if your internal controls and verification systems don’t evolve too.

Stay alert, informed and protected

AI and deepfake fraud represent a new frontier in financial crime. One where what you see and hear can’t always be trusted. South African businesses that rely on trust, communication, and quick decision-making are especially vulnerable. But awareness is the first line of defence. By tightening controls, training teams, and partnering with professionals who understand both technology and finance, you can protect your business from becoming the next victim.