Just as artificial intelligence (AI) is becoming a big part of businesses and everyday life, cybercriminals are also leveraging its power to enhance their tactics.
A recent study found that nearly 60% of all online fraud cases in 2024 involved AI-powered scams, a number that hasn’t stopped growing as scams become more sophisticated.
AI’s ability to mimic voices, faces, and even videos is making scams more personal and harder to detect.
Experts from Psono.com have warned about how scammers are now using AI to launch highly convincing attacks, including voice cloning and phishing emails. These advancements are creating added risks to personal data and financial security.
Let’s explore the various types of AI-powered scams plus ways to protect yourself from falling victim.
1. AI-Powered Scams: The Rise of Deepfakes
AI is now being used to create deepfakes, which can impersonate voices, faces, and even video footage of family members, friends, or colleagues. Through harvesting data from social media profiles, scammers can generate realistic recordings or videos that ask for money or sensitive information.
This new level of impersonation makes it alarmingly difficult to distinguish genuine requests from fraudulent ones.
What to Do: If you receive an unexpected request from someone you know, always ask them questions that only the real person could answer. A vague or incorrect response is a red flag. Be cautious and verify before acting.
2. Gift Card Scams: Targeting Your Shopping Habits
During peak shopping seasons, scammers use AI to analyse online shopping patterns and target victims with gift card scams. They may impersonate a loved one or a store, asking for gift cards to resolve an emergency or issue. Once the gift card codes are shared, they are quickly redeemed, resulting in financial loss for the victim.
What to Do: Never share gift card information with anyone, especially if the request is unexpected or urgent. Always contact the person or company directly through verified channels to confirm the request before taking any action.
3. Vishing: The Telephone Scam
Vishing, or voice phishing, involves fraudsters impersonating trusted institutions, such as banks or government agencies, over the phone. They create a sense of urgency, claiming suspicious activity on your account, and pressure you into providing sensitive information.
What to Do: Legitimate organizations will never ask for sensitive information over the phone. If you receive such a call, hang up immediately and contact the institution directly using a verified number.
4. Smishing: The Phishing Text
Smishing scams are delivered through text messages, often posing as account updates or delivery alerts. The goal is to trick the recipient into providing personal credentials or downloading malicious software.
What to Do: Always check the sender’s number. If it doesn’t match the official organisation, it’s likely a scam. Don’t click on any links in unsolicited messages and verify the content with the company before acting.
5. Clone Phishing: Malicious Copies of Real Emails
Clone phishing occurs when scammers replicate legitimate emails, such as receipts or notifications, and replace the links or attachments with malicious ones. The familiarity of the original email makes the fraudulent one harder to spot.
What to Do: Always check the sender’s email address carefully. Hover over any links to see where they lead and, if in doubt, contact the sender directly via official communication channels.
6. Social Media Phishing: Fraud on Social Networks
Phishing on social media involves hackers using fake or compromised profiles to send messages that appear to come from trusted contacts. These messages may offer giveaways or ask for urgent action, often aiming to steal login credentials or other personal details.
What to Do: Never click on links sent through unsolicited messages. Double-check any request through official channels, and be cautious of login pages that look suspicious.
7. Man-in-the-Middle Attacks: Public Wi-Fi Hazards
Hackers can intercept data sent over unsecured public Wi-Fi networks, such as in cafes or airports, to steal passwords or banking information. These attacks are often unnoticed by the user but can have devastating effects.
What to Do: Avoid accessing sensitive accounts over public Wi-Fi. Use a Virtual Private Network (VPN) for added security, and ensure websites are encrypted by looking for “https://” in the URL before entering any personal information.
8. Ransomware: A Growing Threat
Ransomware attacks encrypt files or lock devices and demand payment to restore access. These attacks often begin with phishing emails or malicious downloads and can be financially ruinous.
What to Do: Regularly back up important files to an offline location and avoid downloading suspicious attachments. If attacked, report the incident to the authorities and seek professional assistance to mitigate the damage.
9. DNS Spoofing: Fake Websites Designed to Deceive
DNS spoofing involves redirecting users to fake websites that closely resemble legitimate ones. These fake sites are designed to steal login credentials or credit card information from unsuspecting visitors.
What to Do: Always double-check website addresses before entering any sensitive information. Look for “https://” in the URL, and consider using tools that protect against DNS attacks.
10. Fake Job Offers: The Scam Job Posting
Scammers often post fake job offers that promise high pay or flexible work arrangements, asking for payment or personal information upfront. These scams typically target those looking for remote work or those seeking employment during economic downturns.
What to Do: Before providing personal details or making payments, ensure the job offer is legitimate. Research the company thoroughly and contact them directly through verified channels to confirm the offer’s authenticity.
Sascha Pfeiffer, CEO of Psono, commented on the growing threat of AI in cybercrime, saying, “AI is changing how scammers operate, making their attacks more personal and harder to spot. They use tools to mimic voices, create fake videos, or send messages that seem to come from trusted contacts. It’s now easier than ever to fall for a scam, whether it’s a text from a friend asking for help or a gift card offer from a favourite store. Staying alert is important, as these scams can lead to serious financial losses. Under no condition should you share very personal data, such as passport details or credit card CVV, via email, phone, or any other method that can be easily accessed by hackers.”
Pfeiffer further advised, “If you hear the voice of a close person asking for help, take extra precautions to verify their identity by asking specific questions or details only they would know, ensuring you’re speaking to the real person.”
Stay Vigilant to Protect Yourself
AI is evolving and so are the tactics used by cybercriminals. Scams are becoming more realistic, personalised, and harder to detect. However, staying vigilant and adopting simple security practices will help individuals protect their personal information and avoid falling victim to these sophisticated attacks.
Always verify requests, question any unusual behaviour, and remember that your data is valuable—take steps to keep it safe.
