We often talk about how artificial intelligence is changing things for the better. It speeds up processes across various sectors, helps translate languages, and for some, it is an emotional tool that helps them feel better. But AI tools have also become tools for scammers and fraudsters.
In 2025, Microsoft researchers uncovered that people were 4.5 times more likely to click on a phishing email when it was written by an AI than when it was composed by a human. Microsoft’s 2025 Digital Defense Report revealed that 54% of people click phishing emails when the scammer uses AI, and only 12% do so when it is created by a human.
“Two years ago, there wasn’t a lot of AI being used. In 2025, we’ve seen a massive increase in the amount of AI content and samples attributed to nation-state adversaries,” said Kerissa Varma, Microsoft Chief Security Advisor for Africa at a Cybersecurity roundtable on October 22. This means these cyberattack actors have increasingly used AI to target critical national infrastructure.
Before the 2025 surge in phishing using AI, most phishing attempts looked like a promise of a gift or an urgent warning of a threat to your account — things people may have learned to ignore. Varma explains that AI has made it easier to write fake emails and run scams at scale. Using AI, attackers can do in minutes what would take a human months, including scouring six months of internal emails and documents, and generating a perfectly targeted message.
“It (AI) will use all the knowledge gathered to be able to target a very specific topic that would interest people, and it would be something that they would believe,” Varma explains. “That’s why we’re seeing this massive increase in AI automation.” The risk is that cyber attacks become more frequent, convincing, and harder to trace.
How phishing works
Phishing is designed to trick people into handing over their credentials or clicking on malware. An attacker crafts a message that looks trustworthy and sends it to the recipient so that they do something they otherwise wouldn’t, like clicking a link, opening an attachment, or typing credentials into a fake website. Phishing comes in different flavours, each with its own method and purpose.
One of the most common ones is a ClickFix attack. It starts with a message or pop-up claiming that something is broken and needs repairing. A user clicks it to fix the problem and ends up on a fake page that quietly collects their login details. Nearly half of the incidents Microsoft tracked over the past year began this way.
Then there’s business email compromise (BEC), where attackers impersonate authority. Once inside a company’s email system, they mimic executives, instructing finance teams to move money or share sensitive information. Microsoft’s report reveals that only about 2% of global cyber activity focused on BEC last year, but it accounted for 21% of successful breaches. Nigeria and South Africa were identified as hotspots for BEC attacks in Africa.
Password-spray and brute-force attempts rely more on persistence as attackers spread out their guesses, trying a few passwords across thousands of users, using different IP addresses to stay invisible rather than hammering one account repeatedly and getting locked out. When attackers need a diversion, they turn to email bombing, which is a flood of meaningless messages designed to bury security alerts or overwhelm victims into acting rashly.
Varma emphasised that money remains the main motivator for cybercrime. “Cyber criminals are following the money,” she said, and every new tool that promises higher returns draws them in faster. AI has simply given them a more efficient way to make the same old hustle pay better. According to the Microsoft report, AI has increased the profitability of phishing by about 50%. “The success of using AI to scale phishing is incentivising more AI use,” she adds.
In June, the International Criminal Police Organisation (INTERPOL) released a report that revealed that cybercrime accounts for over 30% of all reported crime in Western and Eastern Africa, with phishing being the most frequently reported cybercrime (34%). Part of the problem is capacity: many African countries still lack the digital forensics tools and response systems to properly investigate and recover from these attacks. Interpol’s report revealed that 30% of African countries reported having an incident reporting system, and only 19% have a cyber threat intelligence database.
Microsoft’s latest report acknowledges this gap and outlines how it plans to step in. The company has a digital crimes unit that uses multiple techniques, including legal and technical strategies, to disrupt syndicates. The company has also embedded AI into its technology to identify encryptions behind attacks.
The report does not list clear visual signs for identifying AI-generated phishing emails. Instead, it stresses user awareness and multi-factor authentication as the strongest defences against phishing. “Just by using multi factor authentication, you can prevent 99% of attacks,” Varma adds.
Microsoft says its approach is rooted in protecting customers directly. “We embed security into everything,” Varma explained, adding that the company learns from every attempted attack to strengthen its defences. She shared how, in 2024, phishing campaigns started using QR codes, and Microsoft responded by updating its systems to detect and block QR code–based phishing, leading to a 90% drop in such attacks within six months. But the challenge is cyclic, she says. As attackers adapt, the technology to counter them does too.
