Phishing attacks in Qatar and the Middle East are rising, fuelled by AI-powered scams and deepfake technology, with Qatar-specific threats targeting residents through banks, logistics, and donation scams.

Phishing and online stealth attempts increased substantially in the second quarter of 2025, driven by the use of artificial intelligence (AI)-powered deception techniques and innovative evasion techniques, according to the latest data.

Cybersecurity and digital privacy company Kaspersky’s latest figures have revealed that the Middle East, including Qatar, has become a prime target, with phishing attempts increasing by 21.5% compared to Q1 2025.

In a statement to Doha News, the company highlighted Qatar-specific insights that differ slightly from those in the region.

“Kaspersky statistics show that phishing attempts in Qatar decreased very slightly in the first half of this year compared to the same period last year, to reach a total of 708,427 attempts blocked by Kaspersky,” the statement said.

Yet the threats and vulnerability to financial losses and data breaches due to AI-powered phishing are on the rise in Qatar, mirroring the global trend, according to Ankit Bharathan, co-founder and CEO of Doha-based cybersecurity firm Secneural.

“AI is fundamentally reshaping adversary tactics, enabling threat actors to scale and sophisticate their operations,” Bharathan said.

How AI is making Arab world more vulnerable to phishing

At its core, phishing does not differ much from a real-life scam. It utilises technology to deceive and exploit human trust.

In a typical phishing operation, attackers impersonate trusted entities through various means to trick people into revealing sensitive information, often card numbers, passwords and bank details.

From an urgent text alert requesting a change in bank details to a legitimate-looking website that asks for credentials to thwart an apparent threat to one’s social media account, phishing takes several forms.

With the advent of AI, especially the development of large language models capable of impersonating humans, these have only become more convincing and faster to execute, according to Kaspersky.

“AI has elevated phishing into a highly personalised threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams,” it said in a statement.

Such anthropomorphic tendency has translated into localised lures as well as well-timed scam attempts, making people more vulnerable to falling into those traps, explained Bharathan.

“Attackers are impersonating well-known regional logistics providers to deliver phishing SMS messages. These are written in Arabic and customised with victim details, tricking users into clicking fraudulent delivery links,” he added.

Some of the most common phishing attempts in Qatar and the region include spinning up donation drive websites during Ramadan and Eid, impersonating government services, and travel-related scams, Bharathan added.

In addition to LLMs, sophistication in generating audio and video deepfakes has emerged as a more convincing means of phishing. Such advanced methods have enabled attackers to gain access to biometric identifiers, as well as handwritten signatures.

“Attackers are no longer satisfied with stealing passwords,” said Olga Altukhova, a security expert at Kaspersky.

“They’re targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences,” Altukhova explained.

Awareness and proactiveness are key

Recent reports have identified data from the GCC as one of the most-demanded in the cybercriminal services market, making the region a favourable target for attempted data collection and breaches. The region’s growing market is also a lure.

Qatar’s Ministry of Interior, as well as the National Cyber Security Agency, have repeatedly warned against phishing attempts while also conducting regular awareness campaigns.

Entities such as banks, supermarkets, and logistics providers, among others, have intensified their messaging to address the widespread issue.

The central bank also runs a national campaign to tackle financial phishing attempts, whereas the Qatar Financial Information Unit also has a specialised wing.

In addition to mitigation and awareness, reports have highlighted the importance of real-time intelligence and proactive risk mitigation in tackling the growing number of phishing attempts.

For Bharathan, that entails balancing “people, process, and technology equally”.

“It is crucial to recognise that AI-enabled threats cannot be fully eradicated,” he told Doha News.

“But their success rate can be sharply reduced by layering people, process, and technology controls.”