Artificial intelligence is changing the way cybercriminals target companies, and businesses in the UAE are increasingly facing scams that look and sound far more realistic than before. A new global study by insurer QBE found that 21 per cent of UAE organisations experienced an AI-linked cyber incident during the past 12 months. While this is below the global average of 29 per cent, cybersecurity experts say the real concern is not only the number of incidents, but how convincing these attacks have become.
AI is helping fraudsters write better emails, imitate trusted voices, create fake identities and produce documents that look almost identical to real business records. As a result, many scams no longer carry the obvious warning signs that employees were once trained to spot.
AI Scams Now Look Like Normal Business Activity
According to Sam Tayan, Regional Vice President for META at cybersecurity company Illumio, the most dangerous AI-powered scams are becoming harder to detect because they often appear to be routine business communication. Instead of suspicious messages filled with spelling mistakes or awkward wording, employees may now receive polished emails that match the tone, timing and style of legitimate workplace conversations.
This shift is especially dangerous for companies where finance, procurement, human resources and senior management teams regularly handle urgent requests, payment approvals, supplier documents and confidential information.
AI-Powered Phishing Is a Major Threat
One of the most common risks facing UAE companies is AI-powered phishing. Traditional phishing emails were often easier to detect because they included poor grammar, strange formatting or generic language. AI has changed that. Fraudsters can now generate messages that are personalised, professional and adapted to the target company’s usual communication style.
These emails may appear to come from a colleague, supplier, customer or senior executive. They may refer to real projects, use convincing business language and arrive at a time that matches normal company activity.
According to Illumio, AI-powered phishing now accounts for more than 90 per cent of digital breaches in the UAE, while phishing incidents rose by 32 per cent in the first quarter of 2026.
Fake Suppliers and Business Email Compromise
Another serious threat is business email compromise, where cybercriminals impersonate suppliers, business partners or executives to trick employees into making payments or sharing sensitive information. AI makes these attacks much more believable. Criminals can create convincing invoices, contracts, email threads and supporting documents that closely resemble legitimate supplier paperwork.
A finance employee may receive what appears to be a normal payment request from a trusted vendor. A procurement team may be sent a fake contract update. An accounts department may be asked to change bank details for an existing supplier. Because the documents look professional and the communication style may match previous emails, employees may not realise they are dealing with a fraud attempt until money has already been transferred.
Deepfake CEOs and Voice Fraud
Deepfake technology is also becoming a growing concern for UAE businesses. Criminals can now use AI-generated voices to impersonate company leaders over phone calls, voice notes or online meetings. A manager may receive what sounds like a real request from the CEO or another senior executive asking for an urgent fund transfer, confidential file, password reset or one-time verification code.
The danger is that the voice may sound familiar enough to reduce suspicion, especially if the request appears urgent or comes during a busy workday. These attacks can be particularly effective in companies where employees are used to acting quickly on instructions from senior leadership.
Synthetic Job Candidates Create HR Risks
Human resources departments are also facing a new type of AI-enabled fraud: synthetic job candidates. AI tools can be used to create realistic professional identities, polished resumes, fake work histories and even live video appearances. In some cases, companies may unknowingly interview or hire individuals who are not who they claim to be. This can create major security risks, especially if the person gains access to internal systems, customer data, financial platforms or confidential business information.
For UAE companies hiring remotely or across borders, identity verification is becoming more important than ever.
Invoice and Contract Fraud Targets Finance Teams
Procurement and finance teams are among the most attractive targets for AI-generated fraud. Criminals can create fake invoices and contracts that look highly similar to genuine supplier documents. They may copy branding, formatting, signatures and payment language to make the request appear authentic.
The goal is often to redirect payments to a fraudulent bank account or manipulate purchasing processes before the company notices the difference. Because AI can produce convincing paperwork at scale, businesses can no longer rely only on the appearance of a document to decide whether it is real.
Why These Scams Are Harder to Detect
The biggest challenge with AI-powered scams is that many traditional warning signs have disappeared. In the past, employees were often told to look for spelling errors, strange wording, unusual greetings or poor formatting. Those signs still matter, but they are no longer enough.
Modern AI scams can be well written, localised and carefully timed. They may reference real business activity and use language that sounds natural for the company or industry. This means businesses need stronger verification systems rather than relying only on employee instinct.
Many UAE Businesses Still Lack Response Plans
The QBE report also suggests that many organisations may not be fully prepared for AI-linked cyber incidents. Nearly one-third of UAE businesses surveyed do not have cyber insurance, while 27 per cent do not have an incident response plan.
This matters because even well-trained employees can make mistakes when scams are highly realistic. Businesses need to assume that some attacks may get through and focus on limiting the damage when they do.
How UAE Businesses Can Reduce AI Scam Risk
Experts say companies should strengthen internal controls and make verification part of everyday operations. For payment requests, businesses should use multi-step approval processes and verify bank detail changes through a separate trusted channel. Employees should be trained to confirm unusual requests directly, especially when money, passwords or sensitive data are involved.
Multi-factor authentication can also reduce risk, but companies should avoid relying only on one-time codes if employees can be tricked into sharing them. Finance and procurement teams should review supplier details carefully, while HR departments should strengthen identity checks during recruitment.
Access controls are also important. Employees should only have access to the systems and data they need for their roles, reducing the damage if an account is compromised.
AI Scams Are Becoming a Business Risk, Not Just an IT Problem
AI-linked cybercrime is no longer only a technical issue for IT departments. It is a business risk that affects finance, procurement, HR, leadership teams and daily operations. As deepfake voices, fake suppliers, synthetic identities and AI-written phishing emails become more convincing, UAE companies need to update their security habits.
The strongest protection will come from a mix of awareness, verification, access control, response planning and cyber insurance. For businesses in the UAE, the message is clear: AI scams are becoming harder to spot, so companies need systems that can stop fraud even when the message looks completely real.