PYMNTS Intelligence Banner June 2024

Scammers Using GenAI to Improve, Scale Phishing Attacks

Financial scams have become increasingly sophisticated with the use of generative artificial intelligence (AI).

Criminals armed with generative AI tools can easily create realistic videos, fake IDs, false identities and convincing deepfakes of company executives, CNBC reported Wednesday (Feb. 14).

The impact of these scams is significant, according to the report. A recent survey by the Association for Financial Professionals revealed that 65% of organizations experienced attempted or actual payments fraud in 2022, with 71% of those who lost money being compromised through email. Larger organizations with annual revenue of $1 billion were found to be the most susceptible to email scams.

Phishing emails are among the most common scams, where fraudulent emails resembling trusted sources trick individuals into clicking on links that lead to convincing-looking fake websites, the report said. These emails often request personal information, which can then be used by criminals to gain access to bank accounts or commit identity theft.

Spear phishing is a more targeted approach, with emails tailored to specific individuals or organizations based on research into job titles, colleagues’ names and other relevant information, per the report.

Generative AI has made it increasingly difficult to distinguish between what is real and what is not, according to the report. Previously, wonky fonts, odd writing or grammar mistakes could be indicators of a scam, but now criminals can use generative AI to create convincing phishing and spear phishing emails. They can even impersonate company executives, using their voice for fake phone calls or their image in video calls.

The rise of automation and the increasing number of websites and apps handling financial transactions have further exacerbated the problem, the report said. Payment solutions like PayPal, Zelle, Venmo and Wise have expanded the playing field for criminals, providing more opportunities for attacks. Additionally, the use of application programming interfaces (APIs) by traditional banks to connect apps and platforms has created another potential point of attack.

Criminals leverage generative AI to quickly create credible messages and use automation to scale up their attacks, per the report.

PYMNTS Intelligence has found that generative AI is revolutionizing finance and banking. While the technology is introducing challenges like data security and systemic decision-making risks, it is also enhancing consumer interactions and risk models, according to “Banking on AI: Financial Services Sector Harnesses Generative AI for Security and Service,” a PYMNTS Intelligence and AI-ID collaboration.