How AI Empowers Scammers in Banking Fraud Schemes

AI-Driven Deepfake Impostor Scams

Artificial intelligence has enabled fraudsters to bypass anti-spoofing and voice verification systems by creating highly convincing counterfeit identification and financial documents. One of the most notorious examples occurred in 2024 when a UK engineering firm, Arup, lost approximately $25 million after scammers used AI-generated deepfakes to impersonate senior executives during a live video call, tricking an employee into transferring funds.

Deepfakes rely on generator and discriminator algorithms to produce digital replicas of a person's face and voice that are realistic enough to fool humans and machines alike. These fakes can be created from as little as one minute of audio and a single photo, and can be used in prerecorded or live interactions anywhere.

AI-Generated Fake Fraud Alerts

Generative AI models can mass-produce fake fraud warnings to deceive customers. For example, if hackers breach an electronics retailer's website, their AI system might call customers pretending to be the bank, warning them of fraudulent transactions. These calls often request sensitive information like account numbers and security question answers, exploiting urgency and trust to extract data.

Because AI can rapidly analyze data, it can tailor such calls with real facts, making the deception more believable.

Personalization Aids Account Takeovers

Scammers often use stolen login credentials instead of brute-forcing passwords. Once inside an account, they change passwords, backup emails, and multifactor authentication details to lock out the real user. AI complicates defenses by introducing unpredictable elements.

Personalization is a powerful weapon: AI can time attacks during busy periods like Black Friday and customize messages based on a victim's habits, increasing engagement. Advanced language models enable generation of large volumes of authentic-looking, persuasive, and relevant emails, domain spoofing, and content personalization.

AI-Powered Fake Website Scams

Generative AI can rapidly create fake financial websites with realistic designs and dynamic content. Scammers can clone investment or banking platforms, complete with interactive features such as live chat staffed by AI models simulating financial advisors.

In one case, fraudsters cloned the Exante investment platform, tricking victims into depositing money into a JPMorgan Chase account. Exante's compliance chief noted multiple similar scams and suggested AI tools enabled scammers to act quickly and target many victims before detection.

AI Circumvents Liveness Detection

Liveness detection uses biometric data to verify if a person on camera is real and matches their ID, typically blocking use of old photos or videos for authentication. However, AI-powered deepfakes can bypass these tools, allowing criminals to impersonate real individuals or fake personas to facilitate fraud like money muling.

Pretrained AI models capable of evading major liveness detection systems are commercially available for a few thousand dollars, making sophisticated fraud accessible.

Synthetic Identities and New Account Fraud

Generative AI helps fraudsters create synthetic identities by combining real and fake information, such as authentic Social Security numbers with fictitious names and addresses. These identities can establish credible financial histories, fooling know-your-customer (KYC) systems and enabling large-scale credit abuse.

Advanced AI algorithms manage these synthetic personas by mimicking human financial behavior, such as timely payments and loan applications, to avoid detection and maximize illicit earnings.

Defensive Measures for Banks

Consumers should use strong passwords and be cautious with personal information. Banks must implement robust security measures to combat AI-driven scams:

1. Multifactor Authentication (MFA): Since biometrics can be spoofed, MFA remains a critical barrier. Customers must be educated never to share MFA codes.

2. Enhanced KYC Procedures: Banks should adopt advanced techniques to detect synthetic identities, including prompt engineering methods that can reveal AI-generated data.

3. Behavioral Analytics: Machine learning systems can detect subtle anomalies in user behavior, such as mouse movements or access patterns, which AI forgers cannot perfectly replicate.

4. Comprehensive Risk Assessments: Screening at account creation for discrepancies and recent identity emergence can prevent fraudsters from opening multiple accounts. Temporary holds or limits during verification help reduce mass fraudulent activity.

AI has lowered the technical barrier for scammers, making it essential for financial institutions to be vigilant and proactive in deploying advanced security solutions to protect customers and assets.