The rapid expansion of East Africa’s digital economy is outstripping its security foundations, as fraudsters increasingly use artificial intelligence to exploit the region’s mobile-first infrastructure.
According to the 2026 Digital Identity Fraud Report by Smile ID, the landscape of cybercrime in East Africa has reached a critical turning point.
While the region remains a global leader in digital payments, with mobile money now accounting for 53% of Kenya’s GDP, this digital maturity has inadvertently widened the attack surface.
In 2025 alone, Kenya recorded a staggering 4.5 billion cyber threat events, losing an estimated KSh 29.9 billion ($230 million) to cybercrime.
A significant finding in the report is the emergence of what experts call an “execution gap.”
Despite 74% of East African organisations ranking cyber risk as their top strategic priority, only 29% currently conduct regular tabletop exercises to prepare for breaches.
This lack of operational resilience is being exploited by attackers who have shifted their strategy from “breaking in” to “logging in.”
By using AI-generated deepfakes and stolen credentials, fraudsters are now targeting the very trust layers that mobile money systems rely on, with nearly 48% of regional attacks now focused on authentication.
The report highlights a particularly sharp rise in sophisticated biometric attacks within the region.
In Tanzania, deepfake-driven fraud attempts surged by a massive 317% over the last year, while Kenya saw an 87% increase in mobile banking fraud.
These statistics underscore a shift toward “injection-style” attacks, where criminals use emulators to bypass smartphone cameras and feed synthetic media directly into verification systems.
Smile ID reported that across Africa, these injection attempts reached 100,000 per month in 2025, a trend that has now been elevated to a central threat category for 2026.
As the tactics become more industrialised, the “Modern Fraudster” in East Africa is increasingly identified as young, tech-savvy, and operating within coordinated networks.
In one instance, Smile ID traced more than 160,000 fraudulent attempts back to just 100 facial identities, with some individual faces appearing over 12,000 times across multiple platforms.
This level of automation allows criminal syndicates to move funds across platforms at scale, often targeting high-value actions such as account recovery and device changes rather than initial sign-ups.
“Fraud is no longer a ‘KYC’ problem — it is a continuous cybersecurity challenge,” said Mark Straub, CEO of Smile ID. “AI enables fraudsters to operate at unprecedented scale and sophistication. Effective defence now requires network intelligence.”
To counter this, the report advocates for a “network defence” model.
By leveraging internally tuned Large Language Models (LLMs) and privacy-preserving metadata, Smile ID has been able to surface hundreds of thousands of examples of coordinated abuse that would otherwise appear legitimate in isolation.
For East African businesses, the message from the 2026 report is clear: as identity enters the “security era,” staying ahead of AI-driven threats requires moving beyond one-time checkpoints toward continuous, ecosystem-wide protection.