The days of poorly written emails claiming to be from a Nigerian prince are over. Artificial intelligence allows criminals to create scams that can be awfully hard to spot. It also lets them automate their schemes, be more productive, and target more people. Scammers use these methods because they work, and their AI tools and methods are only going to get more sophisticated. Avoiding AI payment scams requires learning how these scammers work, spotting their schemes, and being constantly vigilant against fraud.
What Are AI Scams?
AI scams involve the use of artificial intelligence to gather personal information from the Internet and create targeted phishing attacks, such as a well-written email or social media message.
Scammers also use AI to create deepfake audio and images to impersonate someone. With just a short audio clip of someone’s voice, scammers can use AI to impersonate a friend, family member, or someone you work with.
They can also create official-looking documents, social media profiles, websites, and well-written emails.
Their goal is to trick you into clicking on a fraudulent Internet link, reveal sensitive information, give them access to your bank accounts, or transfer funds into a scammer’s account. They might also try to steal enough personal information to engage in identity theft.
What Are Some Real-Life Examples of AI Scams?
Scams using AI often involve some type of impersonation, such as someone posting a fake celebrity endorsement of a product, or service, or a fraudulent charity. More frequently, scammers have been using highly-targeted scams to go after particular companies or individuals.
In 2024, a scammer used AI to create a deepfake version of the CFO of a large company in Hong Kong. During a video conference meeting, the phony CFO was so believable that he convinced one of the company’s employees to transfer $25 million to the scammer’s account.
Another scammer called a woman in Texas with a deepfake impersonation of her daughter pleading for help, followed by a man who claimed to be holding her daughter. He threatened to hurt the daughter unless the woman transferred money from a local Walmart to an account in Mexico.
Walmart employees suspected the woman was being scammed, called the daughter at work, and confirmed that she was fine.
What Are the Most Common Types of AI Scams?
Scammers use AI to collect personal information and trick people into revealing account numbers, Social Security numbers, and other confidential information. Overall, their goal is to gain access to your financial accounts, convince you to send them money, or click on phishing and malware links.
Voice Cloning Scams
With just a short audio clip from someone’s social media, scammers can use AI to clone their voice and impersonate them. They can even have conversations with their intended victim, using the voice of a relative or a coworker.
A phony “relative” might claim to need help and ask for an emergency transfer of money. Someone could impersonate your boss and tell you to transfer company funds into the scammer’s account.
Scammers have also impersonated the voices of celebrities, to convince their victims to “donate” to a phony charity or get involved in an investment scam.
Deepfake Video Scams
Scammers use AI to generate realistic-looking videos, with cloned voices. The scam might involve a phony “news” report or celebrity endorsement promoting a bogus charity or investment.
As mentioned above, deepfake impersonations can also be used during a video call. A scammer could impersonate a relative or coworker.
Romance Scams
These are also known as “big butchering scams.” Whereas most AI scams involve convincing someone to make a rushed decision, without thinking about it, a romance scam can take several weeks.
A scammer might contact their victim through a dating app or social media platform, using AI to create a phony persona and write affectionate messages. The scammer slowly builds a “relationship” with the victim before stealing their money.
Phishing Attacks
Someone pretending to be from a financial institution, such as a bank or credit card company, contacts a victim and claims the victim’s account has been compromised. This is often in the form of an email or text, although it could also be through a phone call.
The victim might be told to click on a link to either confirm their account or change their password, but they wind up giving the fraudster access to their funds. In some cases, a scammer might ask for account information over the phone and use that to steal the victim’s money.
In other cases, an email or text might ask the recipient to click on a link that installs malware or spyware onto the victim’s computer or phone. These emails might pretend to be from your bank, your employer’s IT department, an online shopping platform, or a subscription service.
How to Spot and Avoid AI Payment Scams
One of the most common tactics of AI scammers is to trick you into making a rushed decision you don’t have time to think about it or to ask someone else for help.
They play emotional games and convince you there’s an emergency, such as a family member who needs money transferred immediately.
If this happens, take the time to consider what you’re doing. If a caller tells you to keep the conversation a secret, that’s a common tactic among AI scammers.
“Act Immediately!”
Another tactic is to claim that your bank or credit card account has been hacked, so you need to act immediately to secure your account by revealing your account information over the phone or clicking on a fraudulent link.
Ask Questions, Use a Safety Word
You might consider having a safety word or a secret phrase among family members that a scammer wouldn’t be able to guess. Another approach would be to ask the other person a question that only the real individual would know.
It should be something that can’t be gleaned from social media, such as a pet’s name or a family vacation spot. You might ask about a recent conversation you had or an old family story.
If someone is impersonating your boss or a coworker, you could ask about a project you’re working on, something that came up during a recent meeting, a company event, etc. You could also contact your boss or coworker at their work phone number, or cell phone number, to ensure you’re not being scammed.
Always Verify
Make sure that you recognize the email address or phone number that someone contacts you from. If it’s an unfamiliar number or email address, it could be a scam. Keep in mind that scammers could use spoofing methods that let them list a phony caller ID number or email address.
If you receive a text, email, or phone call from someone claiming to be from your credit card, you could hang up and call the company directly using the contact information on the back of your card.
Another way to spot a scam is if someone wants you to send money using a wire transfer service, gift card, or cryptocurrency. These methods make it next to impossible to recover your funds.
If a caller tells you to make a wire transfer at your bank, but not to tell anyone the reason for the transfer, that’s a pretty good sign that it’s a scam.
Watch out for Deepfakes
Although AI is getting more sophisticated every day, there are certain things to watch for that could reveal a deepfake scam.
Do the lighting, shadows, and skin tone seem natural, or is something “off” about them? Does their voice and speaking style have a natural cadence, or does it seem monotone and robotic?
Watch for unrealistic and jerky body movements when the other person turns their head, blinks, or raises their hand.
Use Multifactor Authentication (MFA)
More companies and individuals are using multifactor authentication (MFA) as part of their cybersecurity measures, and for good reason. It’s a nearly foolproof way to keep your banking, email, and social media accounts secure. With MFA, you would have to approve any login attempts to your accounts using an app on your smartphone or by entering a code sent via text.
This way, even if a scammer could guess or hack into your password, you could still prevent them from gaining access as long as you had your smartphone.
If you frequently access certain accounts from a particular device, such as your home computer, you could tell whatever platform you’re using to “always trust this device” so you wouldn’t have to approve each logon from the computer.
MFA could also protect your accounts if someone tried to change your password by guessing at your password reset questions and answers.
Use a Password Manager
Passwords must be fairly complicated and hard to guess, so hackers can’t break into your accounts, but remembering multiple passwords can be a chore.
A password manager can solve both problems by generating complex passwords using random characters and symbols for you and storing them in a vault. This way, you would have just one password to remember.
With a web browser extension, you could log into your vault and have the password manager handle your login credentials when you access any of your other accounts.
Your vault password should be complicated and hard for someone else to guess. The more complicated the better, but you would only have to remember that one password to access your other accounts.
Using a password manager with multifactor authentication can improve your security. This way, you would have to approve any logins to your password vault.
Learn More about First Exchange’s Secure Banking Services
If you have any questions about financial security, please contact us or visit one of our seven locations in North Central West Virginia. You can also check out our blog for more financial security tips.
