At the recent SecureHER seminar held at the Nelson Mandela University’s Business School, Professor Kerry-Lynn Thomson stressed the importance of cyber security and adopting a ‘zero trust’ mentality. (Photo: Supplied) 
In a world where a single click or call can cost you everything — from your savings to your identity — the latest wave of AI-powered scams is leaving South Africans more vulnerable than ever. That warning came loud and clear this week at Nelson Mandela University, where cybersecurity experts gathered to arm women with the tools to fight back.
Held in honour of South Africa’s approaching Women’s Day, the seminar tackled topics across the spectrum of cyber, financial, educational and personal safety. But it was Professor Kerry-Lynn Thomson’s sobering warning on the rise of AI-enabled cybercrime that left the audience with a new sense of urgency.
Fraud is rising — and getting personal
According to the Southern African Fraud Prevention Service (SAFPS), there was a 600% increase in incidents of fraud from 2018–2022. Digital payments in particular have come to represent the highest proportion of financial loss attributed to fraud – consumers lost over R740 million in 2022.
In May at the SAFPS annual summit, CEO Manie van Schalkwyk said, “Fraud has evolved and is becoming more sophisticated, more targeted and more personal.”
Read more: Fraud prevention service saves clients more than R5bn as scams soar in 2024
The new face of cybercrime
Thomson, a leading cybersecurity expert at the Institute of Information Technology Professionals South Africa and a professor at Nelson Mandela University, agreed, painting a picture of a rapidly shifting digital landscape — one where malicious actors exploit the very technologies designed to improve our lives. “Artificial intelligence is only going to get better and better,” she cautioned. “We are entering an era where it will become increasingly difficult — if not impossible — to distinguish what is real from what isn’t.”
She warned of the growing prevalence of deepfakes, synthetic voices and AI-generated scams that prey on people’s trust. “Cybercriminals are playing a long game. They research you, mimic your family and friends, and then use that information against you,” she said. The result? People aren’t just losing money. They’re losing their identities, their privacy, and in many cases, their dignity.
According to Prof Thomson, three of the most common AI-enabled attacks are:
- Investment and cryptocurrency scams, often accompanied by AI-generated adverts or fake videos featuring celebrities promising massive returns. “Those ‘too good to be true’ opportunities usually are,” she said.
- Highly convincing phishing emails, now written without the spelling and grammatical errors that used to give them away. “AI makes them perfect — polished, professional, and sometimes even personalised,” she noted.
- Business Email Compromise (BEC), where scammers use voice cloning and deepfakes to impersonate senior executives, requesting urgent payments or access to confidential data.
“Cybersecurity incidents are increasing year on year, both for individuals and organisations, and threat actors are constantly finding new ways to exploit us using AI and emerging technologies,” said Thompson.
Her advice? Adopt a “zero trust mindset”— an approach that’s less about paranoia and more about pause.
“It’s not about removing trust, it’s about establishing it. Think before you react. Social engineers thrive on emotional triggers like fear and panic. So when something feels urgent or emotionally charged — a message, a phone call, a WhatsApp — take a breath, pause, and verify.”
Real-world stories brought home the importance of everything Thomson said. Professor Margaret Cullen, the event organiser, shared her brush with cybercrime. “I received a call from my bank, or so I thought, very late at night. They were asking for details that were just a bit too confidential. I knew something was not right,” she said. “I ended the call immediately. But it was a close one.”
Nomfezeko Gqadu also opened up about her experience. “I just noticed that I couldn’t make or receive any calls. My phone was completely dead. I couldn’t access WhatsApp or anything,” she recalled. “Then I quickly got hold of a lady I know who is tech-savvy. She dialled a few things and got it sorted. But I could see there had been several attempts to get into my banking apps.”
Prof Thomson emphasised that while there was no “silver bullet” for online security, there are steps South Africans can take to protect themselves. “Two-factor authentication—or even better, multi-factor authentication—is one of the most effective tools available,” she said. “Yet so many people still haven’t enabled it.”
Other critical steps include using a password manager to create unique, strong passwords for every account, keeping all devices updated, and installing reputable antivirus software. “Reusing passwords across multiple platforms is still one of the most common mistakes,” she warned.
The South African Banking Risk Information Centre (Sabric) also recently issued an urgent warning that criminals are using artificial intelligence to clone voices, impersonate bank officials and trick unsuspecting victims into handing over their life savings.
Read more: AI-powered scams drain South Africans’ bank accounts — here’s how to protect your money
How to protect yourself from fraud
Sabric recommends these steps to avoid becoming a victim:
- Be wary of investment offers promising guaranteed returns. If it sounds too good to be true, it probably is.
- Never download banking apps from links sent via WhatsApp, SMS, or email. Always use official app stores.
- Verify before you trust. If someone claims to be from your bank, hang up and call the official number directly.
- Banks will never ask for your PIN, OTP, or banking passwords.
- Report suspicious activity. Contact your bank and report fraud attempts. DM