The essentials in 30 seconds
According to the Global Cybersecurity Outlook 2026 of the World Economic Forum, the 73% of the organisations were affected by cyber fraud in 2025. Global losses from AI fraud will reach US$1.4 trillion by 2027. Scammers only need 3 seconds of your voice to create a clone with 85% precision. The key to staying safe: always verify via a second channel, use secret passwords with your family, and be wary of any sense of urgency.
Why are AI scams so dangerous in 2026?
Artificial intelligence has democratised tools that previously required sophisticated technical teams. Today, creating a voice deepfake costs barely US$30 and a convincing fake video from US$50. Just two years ago, a single minute of professional deepfake video cost up to US$20,000. This fall in prices has led to a surge in attacks: deepfake scams have increased by 700% only in 2025, according to ScamWatch HQ.
The most alarming thing is the speed. A phishing email that would take a human 16 hours of research to write convincingly, AI generates in 5 minutes with equivalent or superior quality. And according to KnowBe4 and SlashNext, the 82.61% of phishing emails already contain AI-generated content.
6 AI scam types you should know about
Video deepfake
Scammers create fake video calls by impersonating executives, family members or public figures. A real-life example: an employee at Arup transferred US$25.6 million following a video call with a deepfake of the company’s chief financial officer. In Q4 2025, the following were detected 159,378 instances unique deepfakes.
Voice cloning
Only with 3 seconds of audio (a single social media video is enough), a voice clone is created with 85% accuracy. Fortune reported that voice cloning crossed the “indistinguishable threshold” in 2026: the human ear can no longer tell the difference. One in four Americans has already received an AI voice scam.
AI phishing
AI-generated phishing emails achieve click-through rates 4 times bigger than the manuals. Hoxhunt reports that 40% of Business Email Compromise (BEC) emails are primarily generated by AI. They perfectly mimic the tone and writing style of real people.
AI-generated fake images
Photos of fake products, manipulated screenshots of bank transfers, and profiles of people who don't exist. Scammers use them to create fictitious identities on dating apps, marketplaces and social media, building trust before asking for money.
Emails and messages written by AI
AI generates texts without spelling or grammatical errors, eliminating one of the classic signs of a scam. It can personalise mass messages using social media data, creating a false sense of familiarity. They are used in romance, job, and financial scams.
Investment bots and cryptocurrencies
AI-powered chatbots simulating financial advisors, promising guaranteed returns. They use celebrity deepfakes to promote fraudulent platforms. Automated “pump and dump” schemes manipulate cryptocurrencies with AI-coordinated fake accounts.
Comparison: How each scam works and how to spot it
| Type of scam | How does it work | How to detect it |
|---|---|---|
| Video deepfake | Video call or pre-recorded video with a cloned face of a real person | Irregular blinking, fixed stare, imperfect lip syncing, blurry edges around the facial outline |
| Voice cloning | Phone call with cloned voice of family member, boss, or trusted person | Tone too consistent, absence of micro-pauses, no natural filler words. Ask for secret keyword |
| AI phishing ⚠️ | Hyper-personalised emails that mimic the exact tone of a real contact | Verify sender domain, do not click urgent links, confirm through another channel |
| False images | AI-generated product images, people or documents | Reverse image search, erroneous details in hands/fingers/text, missing metadata |
| AI-generated messages | Personalised mass texts with social media data | Excessive grammatical perfection, artificial urgency, requests for personal data or money |
| Investment bots | Chatbots that simulate advisors with “guaranteed returns” | No one can guarantee returns. Verify the entity in your country's official records. |
5 steps to protect yourself from AI scams
These measures are free, can be implemented in under a week, and stop the majority of attacks. You don't need to be a tech expert to apply them.
- Set up a secret keyword with your family and work team Agree on a word or phrase that only you and your trusted individuals know. If you receive an “urgent” call from a family member asking for money, ask for the keyword. If they don't know it, hang up. Change the keyword every month.
- Always verify via a second channel No transfer, password change or financial decision should be carried out with a single communication. If your “boss” emails you asking for an urgent transfer, call them. If they call you by phone, confirm it by email or message.
- Enable two-factor authentication (2FA) on all your accounts Even if a scammer obtains your password through phishing, 2FA blocks access. Use authentication apps (Google Authenticator, Authy) instead of SMS, which can be intercepted.
- Distrust all urgency The number one tool of scammers is time pressure. “You have 10 minutes to transfer,” “your account will be blocked,” “I need this NOW.” No legitimate institution will pressure you into making immediate financial decisions.
- Limit your voice and video footprint on social media Scammers extract audio from public videos on Instagram, TikTok, and YouTube to clone voices. Set your profiles to private or reduce the amount of content with your voice exposed publicly.
Tools to check and protect yourself
Useful tools: Google Reverse Image Search to check suspicious images. Norton Deepfake Protection (available on mobile) to detect potential video deepfakes. Have I Been Pwned (haveibeenpwned.com) to check if your data has been leaked. VirusTotal to analyse suspicious links before clicking. And the most powerful tool: your own critical judgment and verification from multiple sources.
Important: No deepfake detection tool is 100% reliable. Automated detectors have significant error rates, particularly with the most advanced models from 2026. The best protection is always human verification by a second channel.
Red flags: warning signs you shouldn't ignore
- Extreme urgency. “You need to transfer NOW”, “your account will be suspended in 1 hour”. Scammers want you to act before you think.
- Request for payment in gift cards, cryptocurrencies, or untraceable transfers. No bank, company, or legitimate institution asks for gift card payments.
- Unexpected contact with correct personal information. Someone knowing your name, address, or bank doesn't mean they're legitimate. Leaked data is sold on the dark web.
- Guaranteed investment returns. They don't exist. No AI bot, advisor, or platform can guarantee profits. If they promise you fixed returns, it's a scam.
- They ask that you don't tell anyone. Secrecy is the favourite tool of scammers. Any legitimate request can be checked with third parties.
- They request passwords, 2FA codes, or bank details by phone or email. Your bank will never ask for your full password. No legitimate service needs your 2FA code via chat.
- Video or call with strange visual/auditory details. Irregular blinking, blurred edges on the face, overly uniform tone of voice, absence of natural pauses or background noise.
Frequently asked questions
Can my voice be cloned using social media audio?
Yes. According to a McAfee study, scammers only need 3 seconds of audio to create a voice clone with 85%-level accuracy. A short video from Instagram, TikTok or YouTube is all that’s needed. That’s why it’s important to check your social media privacy settings and limit the amount of public voice content.
How do I know if a video call is a deepfake?
Look for these signs: irregular blinking or a fixed stare that doesn't match the conversation, blurred edges around the face, imperfect syncing between lips and audio, and stiff facial movements when turning the head. If you have any doubts, ask the person to make a specific, unexpected gesture (touch their ear, show an object). Real-time deepfakes still struggle with unpredictable movements.
Can AI write scam emails that are indistinguishable from genuine ones?
Pretty much. By 2026, 82.61% of phishing emails will already contain AI-generated content, according to KnowBe4. AI eliminates spelling mistakes and can personalise messages using public data from your social media accounts. The best defence isn’t to look for spelling mistakes, but always check the sender's domain and confirm unusual requests via a second channel. Learn more about how verify AI-generated information.
What do I do if I've already fallen victim to an AI scam?
Act fast: 1) Contact your bank immediately to try and block the transaction. 2) Change the passwords for all compromised accounts. 3) Enable 2FA where you don't have it. 4) Report it to the local cybercrime authorities and the platform where it occurred. 5) Document everything (screenshots, emails, phone numbers) as evidence. The sooner you act, the better your chances of recovering funds.
AI tools such as ChatGPT Are they dangerous in themselves?
No. Legitimate AI tools like ChatGPT, Claude, or Gemini have security barriers that prevent them from directly generating malicious content. The problem lies with unrestricted underground tools and the malicious use of accessible technology. AI is a tool: it can be used for Productivity and creativity or fraud, depending on who uses it.
Do you want to learn how to use AI safely and productively?
Explore our practical guides to artificial intelligence.
Last updated: March 2026. Data verified with sources from McAfee, Fortune, World Economic Forum, KnowBe4, SlashNext and Keepnet Labs.
You may also be interested in
EN 
ES 
PT 
DE 
FR