Having been based back in South Africa for the past year, I have seen a shift in how cybercriminals operate, particularly across emerging markets. Artificial intelligence (AI) and open-source intelligence (OSINT) tools are empowering both defenders and attackers, but the balance has tipped in favour of those with illicit intent. Microsoft’s Cyber Signals report, drawing on trillions of security signals worldwide, warns that this new landscape is “particularly concerning” for South Africa and the broader African continent. Cybercriminals now deploy AI as a force multiplier – using deepfakes, realistic chatbots, and other tricks to make scams more persuasive – while OSINT (publicly available data) lets them profile victims with frightening precision.

Today’s cybercriminals range from organised syndicates and traffickers to fraud rings, and all are using AI and public data to mimic, manipulate, and deceive at scale. And they’re not alone; shareholder activists, environmental campaigners, and corporate agitators are using the same OSINT tools to identify and pressure CEOs and senior executives. In 2024, a record 27 CEOs resigned following activist campaigns – a 170% increase since 2020. While shareholder activism serves legitimate purposes, the same digital intelligence techniques that enable productive engagement can also fuel harassment campaigns, doxing, and coordinated pressure that spills from the boardroom into executives’ personal lives.

A contact in Cape Town recently discovered his own family was being openly monitored. The people tracking them knew his children’s names and schools, his wife’s car, and their daily routines – all gleaned from social media posts, LinkedIn updates and geotagged photos. (They even mapped the family’s hiking route and favourite coffee shop from check-in data.) The family is safe, but this episode was a stark reminder: an online presence can directly enable real-world threats.

An attack can occur anywhere around the world. In late 2024, the CEO of Canadian crypto firm WonderFi was abducted in downtown Toronto during rush hour and released after paying a $1 million ransom. In January 2025, the co-founder of the Ledger crypto firm and his wife were kidnapped at gunpoint in France – both were freed by authorities within a day. Mexico reported roughly 85 kidnappings per month in 2024. And beyond kidnapping, sophisticated fraud schemes are exploding – business email compromise (BEC) attacks on executives, romance scams that bankrupt victims, and human-trafficking rings operating under the cover of fake employment agencies are all on the rise globally.

In South Africa, the situation is even more acute. Figures from the South African Police Service (SAPS) show 17,061 kidnappings in 2023/24 – a 264% increase over ten years. That works out to nearly 47 abductions per day on average. The trend is accelerating; according to the SAPS, kidnapping cases have surged in 2025. From January to March alone, 4,571 cases were reported, an increase of 6.8% compared to the same period in 2024. That means, on average, 51 people are abducted every day in South Africa.

What makes these statistics particularly troubling is the sophistication behind the attacks. Business executives are being systematically targeted by hostile actors and organised crime syndicates who use OSINT to identify high-value targets, then conduct surveillance to establish patterns. For example, since January 2023 there have been at least 20 Portuguese butchery owners and staff kidnapped for ransom in Gauteng, and in just the first half of last year, a law-enforcement task force rescued 12 businessmen and six students who had been abducted. These are not random street crimes; they are intelligence-driven operations that begin weeks before any physical contact.

AI is now a force multiplier for hostile actors and criminals. Microsoft reports disrupting billions of dollars’ worth of AI-powered fraud attempts worldwide between April 2024 and April 2025. We see deepfake videos of CEOs ‘authorising’ fraudulent wire transfers, AI-cloned voices pretending to be family members in distress, and completely AI-generated job postings that look utterly legitimate.

The frightening truth is that hostile actors can now map out our lives in advance using digital breadcrumbs. They identify high-net-worth individuals through open sources: LinkedIn profiles, news articles, property registries, company filings, conference attendee lists, and more. Your social media post about a job promotion, a friend’s Instagram photos of your holiday home, or your spouse’s Facebook check-ins at upscale spots all feed the profile. By the time any real-world surveillance begins, the online research has already answered half the questions. Geotagged family photos pinpoint your home; posts about your child’s school reveal its name; cafe check-ins show your morning routes. Those are just confirmations of what was already on the computer screen.

Understanding what’s already out there

Most people don’t realise how far their ‘public profile’ extends. In our digital audits we look far beyond just Facebook and LinkedIn. We examine official records, property databases, archived web pages, data breaches on the dark web, even facial-recognition matches in open-image search.

I’ve seen families stunned by what’s out there. Information they assumed was private – home addresses, school locations, old social posts they forgot they posted – was sitting in the public domain, accessible to anyone who knows where to look. Each piece of data seems harmless by itself – but together they create a detailed ‘operational blueprint’ for attackers. Once personal data is online, it is extremely hard to erase. The question isn’t “what harm could come from sharing this?” so much as “why was it ever public?” Knowing your full digital footprint – not just what you post, but what others post about you, what appears in databases, and what’s archived – is the first step in any effective security strategy.

The Five A’s: a structured defence framework

In this rapidly evolving landscape, families and firms need a structured approach to remain secure. We have found the Five A’s framework particularly helpful:

• Audit: Engage experts to thoroughly map your online footprint. Find out what information about you, your family, and your business is available online and identify weak spots. Don’t assume invisibility just because you personally don’t post.
• Awareness: Build digital awareness into your family and business culture. Make sure everyone understands the risks of oversharing. Simple habits such as avoiding live social media check-ins, not tagging locations in real time, and thinking twice before posting vacation plans can prevent a lot of leaks.
• Alerts: Use technology to fight technology. Set up active monitoring and alerts for fraudulent use of your identity or images. For example, have systems that notify you if a fake social account or scammer page pops up using your name or photos.
• Authentication: Insist on rigorous verification for any urgent communications. For instance, agree on family ‘code words’ for emergencies, or always confirm big requests via a second independent channel. If someone claiming to be a loved one calls with an emergency ransom demand, pause and verify through a known contact or code phrase.
• Allies: Assemble your crisis response team before an incident. This means trusted investigators, reputation managers, lawyers, and communications professionals who know your situation. When a crisis hits, having these experts on call ensures a coordinated and timely response.

What this means going forward

The threat landscape is evolving faster than most security protocols can keep up. Criminals are using AI to produce convincing deepfakes, leveraging OSINT to build detailed target profiles, and employing sophisticated strategies that eliminate many traditional warning signs.

This information isn’t meant to frighten you – it’s meant to inform you. The statistics demand response: 51 people kidnapped daily in South Africa alone, ransom demands increasing globally, systematic targeting of business executives across multiple continents, and trafficking operations disguised as legitimate employment.

What separates successful security outcomes from catastrophic ones isn’t luck. It’s preparation, awareness, and a willingness to fundamentally rethink how we approach personal and corporate security in the digital age.

The families and firms successfully navigating these challenges understand their complete digital footprint, have systematically reduced unnecessary exposure, and have shaped the narrative to ensure the right information lives in the right places. They’ve trained their people, implemented layered controls, and built strong networks.

Safeguarding the wealthy and their networks today requires a truly global view. The accelerated use of AI means attackers can generate bespoke content at scale, and publicly available data means nothing is ‘too obscure’ to find. Africa’s distinctive digital environment – mobile-first, socially networked, and lightly regulated – simply adds more avenues for attackers to explore. By understanding these regional nuances and extending our defences accordingly, we stay a step ahead.

Your security posture must be as sophisticated as the threats you face. And as sophisticated as those threats are, they can begin with a simple online search.