News
The New Confidence Game: How AI Is Supercharging Fraud, and How Not to Become the Mark
The old scam email was easy to mock. It arrived in broken English, promised a fortune, and asked for urgent help moving money from a distant prince. The new scam does not look like that. It may sound like your daughter. It may write like your boss. It may imitate your bank’s tone perfectly, generate a fake investment dashboard in seconds, translate romantic manipulation into flawless Czech, English, Spanish, or Japanese, and keep the conversation going for weeks without sounding tired, inconsistent, or suspicious. Artificial intelligence has not invented fraud, but it has changed its economics. It has made deception cheaper, faster, more personal, and more scalable.
Fraud Has Become an AI Productivity Problem
Fraud is, at its core, a business of persuasion. Criminals need to find targets, earn trust, create urgency, and move money before doubt sets in. Large language models are useful to them for the same reason they are useful to legitimate companies: they reduce the cost of writing, research, translation, personalization, and customer-style interaction.
That matters because the global scam economy is already enormous. In the United States, the Federal Trade Commission said consumers reported losing more than $12.5 billion to fraud in 2024, a 25 percent increase from 2023. The FTC also noted that the share of people who reported losing money rose sharply, even though overall fraud reports were roughly stable. In other words, the problem was not simply more noise. Scams were becoming more effective.
The FBI’s Internet Crime Complaint Center reported a similar pattern in cyber-enabled crime. Its 2024 report recorded $16.6 billion in reported losses, with phishing, spoofing, extortion, and personal data breaches among the most common complaint categories. Investment fraud, especially cryptocurrency-related investment fraud, produced the largest reported losses, at more than $6.5 billion.
AI slots neatly into this environment. It does not need to “hack” anything in the cinematic sense. It helps criminals perform the social part of crime with industrial efficiency. A scammer who once struggled to write a convincing corporate email can now generate ten polished versions. A fraud ring that once needed native speakers can now operate across languages. A fake broker can maintain hundreds of warm, emotionally intelligent conversations. A phishing page can be supported by chatbots that answer questions, calm doubts, and nudge victims toward payment.
The End of the Obvious Red Flag
For years, people were told to watch for spelling mistakes, awkward grammar, strange formatting, and robotic language. That advice is now dangerously incomplete. LLMs are very good at removing the old tells. They can produce emails that sound like a bank, a recruiter, a government agency, a crypto exchange, a supplier, or a senior executive. They can adapt tone by audience: formal for a finance department, affectionate for romance scams, technical for developers, urgent for customer support, and bureaucratic for fake tax or legal notices.
Europol has warned that large language models can help criminals generate more convincing phishing messages, impersonation scripts, and multilingual fraud content. The agency’s concern was not that AI would create entirely new categories of crime overnight, but that it would make existing criminal methods easier to execute at scale.
That is the central shift. AI lowers the skill floor. A mediocre scammer can sound professional. A non-native speaker can impersonate a local institution. A small crew can behave like a call center. A criminal with stolen data can feed it into a model and produce tailored messages: “You recently ordered a replacement card,” “Your invoice for the April campaign is attached,” “Your wallet verification failed after your last transaction,” or “Your son listed you as an emergency contact.”
The result is a world where “it looked professional” no longer means “it was legitimate.” Professionalism itself has been automated.
Voice Cloning and the Return of Emotional Panic
One of the most frightening AI-enabled scams is voice cloning. Modern tools can generate a convincing imitation of a person’s voice from a short sample. The Federal Trade Commission has warned that voice cloning can be misused in emergency scams, including the familiar “grandparent scam,” where a caller pretends to be a relative in distress and asks for money immediately.
The psychological design is brutal. The victim does not receive a calm request to verify a bank transfer. They hear panic, crying, urgency, and a familiar voice. The scenario is usually constructed to suppress rational checks: there has been an accident, an arrest, a kidnapping, a lost phone, a medical emergency, or a legal crisis. The caller may say, “Please don’t tell anyone,” or “I only have one call,” or “The lawyer needs payment now.”
AI does not have to be perfect to work here. It only has to be convincing for a short, emotionally charged moment. People recognize loved ones by context as much as by sound. If the call arrives late at night, if the caller says the right family name, if the voice is close enough, and if the situation feels urgent, many people will act before they think.
The defense is not to become a forensic audio expert. The defense is to create a family verification protocol before a crisis happens. Families should agree on a private phrase, a callback rule, or a second-channel check. A real emergency can survive a 60-second verification. A scam often cannot.
Deepfake Video and Executive Impersonation
Voice is only part of the problem. Deepfake video has moved from novelty to operational fraud. A widely reported case involved engineering firm Arup, where a worker in Hong Kong was reportedly tricked into transferring about $25 million after fraudsters used deepfake participants in a video meeting to impersonate company executives. The lesson is not that every Zoom call is fake. The lesson is that visual presence is no longer absolute proof of identity.
This matters for companies because payment fraud depends on authority. Criminals do not need to compromise every employee. They need one person with access, one process exception, one urgent invoice, one “confidential acquisition,” one “new supplier account,” or one instruction that appears to come from the CFO.
AI video and audio make business email compromise more dangerous because they can reinforce the lie across channels. A fake email can be followed by a fake voice note. A fake Slack message can be followed by a short video call. A fake vendor request can be supported by a polished website, fabricated documents, and AI-generated staff profiles.
The best defense is procedural, not emotional. Large payments, supplier bank-account changes, crypto treasury movements, payroll changes, and executive requests must require independent verification through known channels. A video call can be part of a process, but it should not override controls.
AI Makes Phishing Personal
Traditional phishing was broad. AI-enabled phishing can be intimate. Criminals can scrape social media, leaked databases, company websites, LinkedIn profiles, blockchain activity, and public posts, then generate messages that refer to real projects, colleagues, events, investments, or purchases.
A developer might receive a message about a GitHub issue. A crypto user might receive a fake wallet security alert after posting about a token. A conference attendee might receive a fake invoice for a side event. A startup founder might receive a pitch from a fake investor who references a recent funding announcement. A finance manager might receive a payment request written in the exact tone of a real supplier.
ENISA’s 2025 threat landscape described AI as a defining part of the cyber threat environment and highlighted AI-supported phishing as a major social-engineering concern. Even where exact measurements vary by sector and methodology, the direction is clear: phishing is becoming more automated, more polished, and more context-aware.
This is why the old “don’t click suspicious links” advice feels inadequate. The modern link may not look suspicious. The sender may appear known. The message may refer to something real. The better rule is: do not trust the channel just because the content feels relevant. Verify the action being requested.
Crypto Scams: Where AI Meets Irreversible Money
Cryptocurrency has become one of the most attractive arenas for AI-assisted fraud because payments are fast, global, and often irreversible. Once a victim sends funds to a scam wallet, recovery is difficult. Criminals know this, and they design scams around the emotional and technical features of crypto markets.
The FBI reported that cryptocurrency-related investment fraud drove the highest losses among reported cybercrime categories in 2024. These scams often involve fake trading platforms, manipulated dashboards, romance-driven investment schemes, and long-term confidence operations sometimes called “pig butchering.”
AI strengthens every stage of that pipeline. It can create attractive fake investment brands, generate market commentary, produce fake white papers, write Telegram and Discord posts, invent team biographies, simulate customer-support chats, and maintain romantic or mentor-like conversations. It can also help criminals localize their scripts. A victim in Prague, London, Dubai, or Singapore may receive a message that feels culturally and linguistically native.
In crypto, the scam often starts with trust rather than technology. Someone builds a relationship, offers a “low-risk” opportunity, shows screenshots of profits, and encourages a small initial deposit. The victim may even be allowed to withdraw a small amount early. That withdrawal is bait. It proves the platform is “real” and prepares the victim to commit more capital. The dashboard then shows rising profits, but when the victim tries to withdraw a larger amount, fees, taxes, verification deposits, or liquidity charges suddenly appear.
AI does not need to break blockchain cryptography. It only needs to persuade a human to sign the transaction.
Fake Customer Support and Recovery Scams
One of the cruelest AI-assisted fraud categories is the recovery scam. The victim has already lost money. They search online for help. They post in a forum, complain on social media, or contact what appears to be a recovery specialist. The scammer then appears, often with professional language and fabricated credentials, promising to trace funds, unlock accounts, reverse transactions, or pressure exchanges.
LLMs make these schemes more convincing. They can generate legal-sounding documents, case updates, blockchain analysis summaries, fake police-style reports, and reassuring messages. The victim is emotionally vulnerable, embarrassed, and desperate to believe there is a path back. The criminal sells hope.
The rule is simple: anyone who guarantees recovery of stolen crypto for an upfront fee should be treated as suspicious. Legitimate investigators, exchanges, law firms, and law enforcement agencies do not need your seed phrase, do not ask you to connect your wallet to a random recovery portal, and do not guarantee blockchain recovery as if it were a customer-service refund.
Romance, Companionship, and Synthetic Intimacy
AI is particularly powerful in romance scams because it can sustain attention. Human scammers have limited time. Chatbots do not. They can send affectionate messages every morning, remember details, ask follow-up questions, mirror emotional language, and escalate intimacy gradually. They can generate photos, voice notes, and long explanations. They can be patient.
The fraud may begin on a dating app, social network, gaming platform, professional network, or messaging app. The scammer avoids meeting in person but always has a plausible reason: military deployment, offshore work, illness, business travel, family obligations, or fear after a previous relationship. Eventually money enters the story. It may be a medical bill, travel cost, customs fee, business emergency, frozen bank account, or investment opportunity.
AI-generated intimacy is dangerous because victims are not only losing money. They are making decisions inside an emotional relationship. Shame then prevents reporting. That silence benefits criminals.
The protective habit is to separate affection from finance. A person who has never met you in real life should not receive money, crypto, gift cards, banking access, identity documents, or investment capital. The moment a remote romantic contact introduces money, the relationship has crossed into risk territory.
Job Scams and the Professionalization of Fake Opportunity
AI has also improved fake recruitment. Fraudsters can create polished job descriptions, company websites, HR emails, interview scripts, employment contracts, onboarding portals, and fake recruiter profiles. Some scams aim to steal personal data. Others ask victims to buy equipment from a fake vendor, pay a “training fee,” receive and forward stolen funds, or unknowingly become money mules.
OpenAI has reported disrupting malicious uses of AI that included scams, deceptive employment schemes, and other forms of abuse. The important point is that criminals are experimenting with AI across the whole fraud lifecycle, from first contact to credibility-building to operational support.
Job scams are effective because they target ambition and financial pressure. The victim wants the opportunity to be real. The scammer offers remote work, high pay, flexible hours, fast hiring, and minimal friction. AI fills in the professional details that once might have exposed the operation.
Real employers do not usually hire entirely through encrypted messaging, ask applicants to pay fees to unlock salary, send checks for equipment purchases before employment is verified, or require workers to move money through personal accounts. A job that turns your bank account into infrastructure is not a job.
Fraud-as-a-Service and the Industrialization of Deception
AI-enabled fraud is not only about individual criminals typing prompts. It is becoming part of a broader underground service economy. Criminal groups can sell phishing kits, deepfake tools, stolen identity packages, fake exchange templates, automated chat scripts, synthetic profile bundles, and laundering services.
This is the darker version of software-as-a-service. Instead of helping a small business launch a marketing campaign, the tooling helps a criminal group launch a scam campaign. Templates reduce setup time. Automation increases volume. AI improves conversion. Stolen data improves targeting.
The UK has seen fraud remain a major crime category, with Cifas reporting a record level of fraud cases in 2025 and warning that AI contributed to more industrialized and scalable scams.
For individuals, this means scams may feel less random. For companies, it means attackers may appear more organized and more persistent. For society, it means fraud prevention cannot depend only on telling people to be careful. Platforms, banks, telecom companies, AI providers, exchanges, app stores, and law enforcement all have a role. But personal defenses still matter because the final step in many scams is human authorization.
Why Smart People Fall for AI Scams
One of the most damaging myths about fraud is that only naïve people fall for it. That is false. Good scams exploit normal human traits: trust, urgency, helpfulness, ambition, loneliness, fear, greed, duty, and love. AI helps criminals tune the message to the trait.
A finance employee may fall for authority. A parent may fall for fear. A crypto trader may fall for opportunity. A job seeker may fall for hope. A lonely person may fall for companionship. A founder may fall for investor interest. A senior citizen may fall for family panic. A technically skilled person may fall for a message that accurately references their tools, wallets, repositories, or recent transactions.
The defense begins with dropping shame. Fraud is adversarial persuasion. The victim is not “stupid.” The victim is targeted. That distinction matters because shame delays reporting, and delayed reporting reduces the chance of stopping payments, freezing accounts, warning others, or preserving evidence.
The New Rules of Verification
In the AI era, identity must be verified through process, not vibe. A familiar writing style is not enough. A familiar voice is not enough. A familiar face on a screen is not enough. A realistic website is not enough. A professional document is not enough. A dashboard showing profit is absolutely not enough.
The safest mental model is “trust the relationship, verify the request.” Your boss may be real, but the payment instruction may be fake. Your bank may be real, but the text message may be fake. Your child may be safe, even if a cloned voice says otherwise. A crypto exchange may exist, but the support account messaging you on Telegram may be an impostor.
Verification should happen through a separate, known channel. If an email asks for payment, call the person using a number already saved in your records, not the number in the email. If a relative calls in distress, hang up and call them back directly, or contact another family member. If your bank texts you, open the bank app yourself rather than clicking. If a recruiter contacts you, check the company domain, the recruiter’s history, and whether the role appears through official channels. If a crypto platform promises returns, assume the burden of proof is on them, not on your skepticism.
Build Friction Around Money
Scammers hate friction. They want speed, secrecy, and emotional momentum. Your goal is to slow the transaction down.
For individuals, this means creating personal rules before pressure arrives. No investment decision during the first conversation. No crypto transfer because of a romantic contact. No payment to a new bank account without a callback. No gift cards for debts, taxes, bail, tech support, or government fees. No seed phrase typed into any website. No remote-access software installed at the request of “support.” No urgent transfer that cannot wait ten minutes for verification.
For families, especially those with elderly relatives, it means discussing scams without condescension. Set up a code word. Agree that no real family member will be offended by verification. Create a trusted contact list. Encourage reporting suspicious calls early. Make it normal to ask, “Could this be a scam?” before money moves.
For businesses, it means formal controls. Payment changes should require multi-person approval. Vendor bank details should be verified through known contacts. Executives should not be able to bypass controls through urgent messages. Employees should be trained on deepfake scenarios. Finance teams should have a “stop the line” culture where questioning a suspicious instruction is rewarded, not punished.
Protect the Data That Feeds Personalization
AI scams become more convincing when criminals have more context. Some of that context comes from breaches. Some comes from public oversharing. Some comes from professional profiles, social media, blockchain transparency, and old posts that reveal family structure, travel, workplace hierarchy, interests, or financial behavior.
You do not need to disappear from the internet, but you should reduce unnecessary exposure. Avoid posting real-time travel details. Limit public family information. Be careful with voice and video samples if you are a public figure, executive, or high-net-worth individual. Review privacy settings. Remove unused accounts. Use unique passwords and a password manager. Enable multi-factor authentication, preferably through an authenticator app or hardware key rather than SMS where possible.
In crypto, compartmentalization is especially important. Do not publicly connect your identity to wallets holding meaningful funds. Use separate wallets for public activity, trading, long-term storage, and experimentation. Treat wallet signatures with the same caution as payments. A malicious signature can drain assets even if you never “sent” a normal transfer.
How to Read an AI-Era Scam
The most reliable scam indicators are no longer spelling mistakes. They are behavioral patterns.
A scam usually creates urgency. It discourages outside advice. It asks for secrecy. It changes communication channels. It introduces money, credentials, remote access, crypto transfers, gift cards, or identity documents. It makes verification feel rude, dangerous, or unnecessary. It rewards fast action and punishes hesitation.
AI can polish language, but it cannot make a bad request safe. A stranger promising guaranteed returns is still dangerous. A bank asking for your password is still not your bank. A support agent asking for your seed phrase is still a thief. A romantic partner you have never met asking for investment money is still a major risk. A boss asking you to ignore payment controls is still a governance failure.
Focus less on whether the message looks real and more on what it wants you to do.
What to Do If You Think You Have Been Scammed
Speed matters. If money has moved through a bank, contact the bank immediately and say you may be the victim of fraud. Ask whether the transfer can be recalled or frozen. If crypto has moved, gather transaction hashes, wallet addresses, screenshots, chat logs, website names, emails, phone numbers, and timestamps. Do not confront the scammer in a way that gives them time to erase evidence.
Report the incident to the relevant national cybercrime or fraud authority. In the United States, that may include the FBI’s Internet Crime Complaint Center and the FTC. In other countries, reporting channels vary, but banks, local police, consumer protection agencies, and national cybercrime units are typical starting points.
Just as important: do not let the original scam become a second scam. After posting about fraud, victims are often contacted by fake recovery experts. They may claim they can hack the scammer, reverse a blockchain transaction, or retrieve funds for an upfront payment. That is usually another trap.
AI Is Also Part of the Defense
The picture is not entirely bleak. Banks, exchanges, cybersecurity companies, telecom providers, and platforms are using AI to detect unusual behavior, identify synthetic accounts, flag suspicious transactions, analyze scam language, block malicious domains, and detect deepfake patterns. AI can help defenders move at the speed of attackers.
But defensive AI has limits. It may stop many attempts before they reach users, but it will not stop every convincing message, every cloned voice, every fake support account, or every manipulated relationship. The human layer remains essential.
This is why the best anti-scam posture is not paranoia. It is disciplined verification. You can still use digital tools, invest, work remotely, date online, trade crypto, and communicate globally. But the default assumption has to change. In an AI-mediated world, seeing and hearing are no longer the same as knowing.
The Practical Mindset: Calm Suspicion
The right response to AI fraud is calm suspicion. Not panic, not withdrawal from the internet, and not blind trust in detection tools. Calm suspicion means pausing when money, identity, access, or secrecy enters the conversation. It means verifying through another channel. It means making rules before emotion takes over. It means telling family members and colleagues that verification is normal, not insulting.
AI has given scammers a better costume department, a better writing team, a better translation desk, and a tireless customer-support operation. It has not changed the fundamental weakness of most fraud: the scam needs you to act before you verify.
That is where the balance of power can still shift. The most effective anti-fraud technology in your life may be a simple sentence: “I’ll check this independently and get back to you.”
A legitimate person will understand. A scammer will push.