When scammers use AI: Recognizing the latest sophisticated tactics

Thảo Nguyên
4 hours ago
3 min read

Artificial Intelligence (AI) is being weaponized by malicious actors to orchestrate increasingly sophisticated technological traps. The emergence of intelligent tools has transformed scams - ranging from spoofed emails to voice-cloning schemes - into highly realistic and unpredictable threats.

How AI powers cybercriminals

According to experts from cybersecurity firm McAfee, cybercriminals are actively exploiting AI to accelerate the speed, expand the scale, and enhance the personalization of their attacks.

*Cybercriminals are heavily exploiting AI to accelerate the speed, scale, and personalization of cyberattacks*

Abhishek Karnik, an expert at McAfee, noted that AI tools help orchestrate highly elaborate phishing (email) and smishing (SMS) scenarios, heavily exploiting victims' trust, confusion, or sense of urgency. In particular, the deployment of deepfake audio and video technology has pushed impersonation tactics to an unprecedented level of persuasiveness.

From a professional standpoint, Incident Response analyst Taylor Peltzman pointed out that while AI does not alter the core objectives of scams, it serves as a launchpad that makes the execution significantly more efficient and accessible.

Leveraging machine learning algorithms and Natural Language Processing (NLP), AI can automatically scan data to generate highly personalized messages tailored to the target's psychology. Notably, to bypass security filters, attackers frequently use AI to initiate casual, conversational emails first. They patiently wait for the victim to respond and show interest before delivering malicious links or dangerous attachments in subsequent stages.

Unmasking common AI-driven scams

Most current attack scenarios rely on social engineering, exploiting human vulnerability, fear, or trust to steal personal and financial information. Therefore, the most fundamental defense principle is to always pause and verify, and never rush to click on links or provide credentials before authenticating the sender.

*Users should always remain vigilant when using personal devices. Always double-check information and never rush to click on links or share data before verifying the sender*

Below are the common AI-powered schemes and how to recognize them:

Impersonation scams: Attackers pose as family members in an emergency or pretend to be authorities (such as law enforcement, banks, or government agencies) to demand urgent information or wire transfers. Peltzman warns that modern deepfake and voice-cloning technologies can now accurately mimic a real person's appearance, voice, and even writing style.
Online shopping traps: Generative AI tools allow malicious actors to quickly spin up fraudulent websites, advertisements, or emails offering non-existent goods at steep discounts, complete with fake reviews to lure buyers.
"Pig butchering" scams: Victims are lured into high-yield investment channels like cryptocurrency. Initially, the platform allows them to withdraw small profits to build strong trust. AI then analyzes each individual's risk tolerance to predict when they will deposit the maximum amount of money, at which point the scammers abscond with all the funds and disappear.
Romance scams: Scammers create fake social media profiles and use generative AI to draft mass streams of sweet, personalized messages to nurture virtual relationships over weeks or months. Once trust is established, they fabricate financial hardships to borrow money and sever all communication.
Payment app spoofing: Fraudsters send fake invoices or payment demands using urgent language, deliberately mimicking the interface and phrasing of legitimate payment platforms.
Fake delivery notifications: Capitalizing on online shopping habits, attackers send fraudulent shipping alerts via text or email, claiming a fee is required to deliver the package. Generative AI allows them to flawlessly replicate the communication style of reputable logistics companies.
Bogus prizes: Victims receive notifications claiming they have won major prizes but must pay an upfront processing fee or hand over personal data. To boost credibility, AI is used to build entire contest websites that look entirely authentic.
Fake charity appeals: Fraudsters masquerade as humanitarian organizations to solicit donations. They use AI-powered search tools to scan posts from philanthropically minded individuals, then send tailored phishing emails that mirror the operational style of legitimate charities to approach them.

When users are tricked into clicking unfamiliar links, downloading malicious files, or purchasing non-existent services, the consequences are severe. Victims face not only the risk of device compromise, ransomware, or direct financial loss, but also identity theft, leading to devastating financial and emotional tolls.

The integration of AI is making cyber traps vastly more sophisticated and elusive. Clearly identifying these tactics and maintaining a steadfast habit of verifying information before acting remains the strongest shield to stay safe against this wave of high-tech fraud.