By Gareth Stokes
The application of artificial intelligence (AI) and machine learning in audio and video production has introduced new vectors for cybercriminals seeking to compromise your security. Entering 2025, criminals are increasingly using deep fake videos of business leaders or celebrities to convince ordinary South Africans to invest in scams; but it turns out this is just the tip of the cybercrime iceberg.
Africa is under constant cyberattack
FAnews, supported by Emerald Risk Transfer, invited Craig Rosewarne, the MD of Wolfpack Information Risk, to brief the country’s financial and risk advisers on recent developments in the broad cyber security realm, and offer some tips on how to keep them and their clients ‘safe’ online. The presenter kicked off the 90-minute webinar by informing the audience that cybercrime impacted everyone in South Africa, and that Africa was firmly in the cross-hairs of international cybercrime syndicates.
“Financial gain is the main motivator for those perpetrating cybercrimes,” said Rosewarne. Companies like Wolfpack use a wide variety of online tools to get near real-time overviews of global cyberattack activity. Using these tools, one can get a sense of where cyberattacks originate, and where their main thrusts are directed. There is conclusive evidence of cybercrime syndicates operating out of Russia, Ukraine, and even Africa, with Nigeria featuring prominently, and South Africa starting to find its feet.
You need only scan the news feeds to appreciate the scale of the problem. In January 2025, the South African Weather Service disclosed that its ICT-base systems had been disrupted by a cyberattack led by ransomware-as-a-service group Ransom Hub. And in March, JSE-listed poultry producer, Astral Foods, warned that a cybersecurity incident would cut about R20 million from its half-year earnings. The group said the 16 March attack had caused downtime in processing and deliveries to customers.
Protecting just 290 million data subjects
Then, in April, telecoms giant MTN issued a rather vague statement saying that “a cybersecurity incident had resulted in unauthorised access to personal information of some MTN customers in certain markets.” Some customers, in certain markets is not particularly helpful from a firm serving over 290 million customers across 16 countries. It has since emerged that this compromise affected 5700 customers linked to MTN Ghana. On the plus front, a recent Interpol ‘sting’ saw a large syndicate begin taken down, with over 300 arrests across Africa.
Suffice to say, cybercriminals are diverting hundreds of millions of dollars from African business and household accounts each year. To add insult to injury, this category of crime is now so pervasive that threat actors can launch attacks using cybercrime-as-a-service platforms. Leading crime syndicates offer these sophisticated tools to criminal affiliates. “Criminals are working together in very sophisticated ways,” Rosewarne said. They extort money from victims through a range of channels including phishing emails; malicious hosted websites; or by hacking, encrypting, and ransoming target systems or websites, to name a few.
To fully understand how to protect yourself and your clients from the threat, you need to appreciate the ‘human hacking’ techniques that these criminals employ. Rosewarne shared his insights by describing some of the main cybercrimes that household consumers might fall prey to, beginning with malicious hosted websites in the online shopping realm. In short, a cybercriminal sets up a near-perfect clone of a top brand’s website, offers deep discounts, and steals your money by taking payments for a fictitious order and / or compromising your card details. The warning sign is usually in the domain name, but the criminals have become really good at masking this.
Quick ‘tells’ to watch for
There are some quick ‘tells’ to look out for. One way is to use a website called the Way Back Machine internet archive. This website gives a useful graph of the history of a website, including its creation date; your Spidey-senses should be tingling if that time-tested brand’s website has just been established. Other tricks include using Google to search the website name with the word ‘scam’ appended; checking the URL on Scam Adviser; or visiting and searching the well-known consumer review website, Hello Peter. A quick warning: scammers have long been known to pay for glowing online reviews, so it is worth weighing user comments carefully.
Finding love online is fraught with pitfalls. Romance scams are a type of advance-fee fraud or confidence trick that fall under the larger umbrella of social engineering cybercrime. As Rosewarne pointed out, whether you use Facebook Messenger, WhatsApp, or a dating app like Tinder, you can never be entirely sure who is on the other end. You might think you are interacting with your perfect companion while the ‘human’ on the other side of the conversation is actually a cybercriminal, seeking to gain your trust and exploit your loneliness. AI has entered this space, with romance scams now supported by deep fake images, videos, and voice clips.
For example, a single operator in Eastern Europe can use AI to generate dozens of realistic fake profiles, then mobilise a team to target thousands of victims across dating platforms and social media. The array of AI websites that will help Jane or Joe average create a realistic image, video, or voice file is insane; and you can be sure the cybercriminals are using the best of these tools to ply their trade (sic). Wolfpack suggests some tools that you can use to spot fakes including Tin Eye, to investigate an image source; Deepware.ai, to interrogate video; or Resemble.ai, to test voice. But even with these tools, the line between fake and real is blurring.
Good old phishing, smishing etc.
The webinar then moved on to the tried-and-tested practice of email- and SMS-based social engineering compromises, also called phishing and smishing. Smartphones have allowed these types of attacks to go ‘next level’. Cybercriminals can now embed malicious links in an email or text message or even a QR code, and direct the unsuspecting victim to them at a single click. One of the most successful ruses is to notify users of an outstanding delivery fee on to release a parcel being shipped via a popular courier firm such as DHL or RAM.
“As soon as you click on this link to remit the payment, you get redirected to a cloned website to submit your card details,” Rosewarne said. However, there is a lot happening behind the scenes. Hundreds of cybercriminals are waiting in the wings waiting for you to enter this information; as you type, one of them begins using your data to purchase online vouchers from Amazon or iTunes or similar. You get an OTP, thinking it is for the small courier fee. When you input your OTP on the fake courier payment page, they are able to use it validate whatever online purchase they are making. They will try to fleece your card for as much as possible.
Business email compromise still a threat
Another common attack vector is for cybercriminals to impersonate your colleagues or trusted executives on email, known as a business email compromise (BEC); messenger apps; or social media. Rosewarne shared an example in which attackers posed as him on WhatsApp, sending urgent messages to staff requesting the purchase of iTunes gift cards for important suppliers.
The scam tries to exploit an employee’s willingness to assist a superior, layering in classic social engineering techniques like urgency and flattery. In this instance, a quick-thinking employee saw through the ruse, but many do not.
The threat does not stop at individuals. Non-profit organisations and SMEs are equally in the firing line.
