AI Scams Are Rising: How Finance Can Fight Back

Consumers are getting more anxious about AI scams—and they’re not being paranoid. Over the last 12 months, fraud teams across banks and fintechs have seen the same pattern: scams are becoming more personalised, more convincing, and faster to execute because attackers are using AI to scale the “human” parts of fraud.

In the AI in Finance and FinTech series, we usually talk about AI’s upside—better fraud detection, smarter credit decisioning, and more personalised banking. This time, the spotlight is on the downside: AI-assisted social engineering. And here’s my stance: if financial institutions treat this as “a customer problem” instead of a product and risk problem, they’ll lose trust faster than they can buy it back.

This matters because trust is the whole business model. When customers think “AI = scams,” they don’t just avoid suspicious links—they avoid new digital features, they stop engaging with self-service, and they question whether their bank can keep them safe.

Why consumers are increasingly concerned about AI scams

AI scams feel different because they remove the friction scammers used to have. Fraudsters no longer need strong writing skills, time to research victims, or a call centre full of people. They can generate persuasive scripts, spoofed messages, and deepfake content quickly—and iterate until something works.

What AI changes in the scam playbook

Traditional scams relied on volume (spray-and-pray emails) or labour (long phone calls). AI adds three accelerants:

• Personalisation at scale: Attackers can tailor messages using scraps of publicly available info, breached data, or social media content.
• Better “last-mile” persuasion: Natural language tools produce fluent, confident messages with fewer red flags.
• Rapid testing: Scammers can A/B test wording, timing, and channels like a growth marketer—except the “conversion” is your customer authorising a payment.

The result is a more believable scam that demands less effort from the criminal.

The scam types customers are noticing (and fearing)

In Australia, the scam formats that drive the most fear are usually the ones that mimic real financial interactions:

1. Bank impersonation scams (SMS, email, phone): “We detected suspicious activity—verify now.”
2. PayID/instant payment manipulation: “I sent too much—please refund” or “Confirm this PayID to receive funds.”
3. Deepfake voice calls: A “manager,” “family member,” or “bank staffer” voice that sounds plausible enough under stress.
4. Investment and crypto scams: AI-written content, AI-generated spokesperson videos, fake apps, and fabricated performance graphs.
5. Job and invoice fraud (SME-targeted): fake supplier changes, altered bank details, highly polished invoices.

Consumers aren’t just worried about losing money. They’re worried about being tricked into doing the wrong thing while believing they’re being careful.

How AI is both causing and solving fraud in financial services

The same capabilities that help banks spot fraud can help criminals bypass controls. That’s the uncomfortable symmetry of AI.

Where banks and fintechs are vulnerable

Fraud losses often happen at the seams—between channels, teams, and customer moments. Common weak points include:

• Over-trusting “authenticated” channels: A customer who passes login checks may still be under coercion or following scam instructions.
• Fragmented signals: Contact centre hears one story, digital channel sees another, payments system sees a third.
• Speed of real-time payments: Instant rails reduce recovery windows from days to minutes.
• UX that prioritises conversion: If the product experience makes it too easy to add a payee and send funds immediately, scammers will exploit that flow.

If you’re building in fintech, treat the payment journey like a high-risk workflow, not a checkout funnel.

Where AI helps (when deployed responsibly)

AI-based fraud detection works best when it combines behaviour, network signals, and payment context—not just static rules.

What strong programs do differently:

• Use behavioural biometrics (typing cadence, navigation patterns, device posture signals) to spot “this isn’t how this customer usually behaves.”
• Apply entity resolution to connect related accounts, devices, payees, and mule networks.
• Run real-time anomaly detection on payment patterns: new payee + unusual amount + unusual time + unusual device = higher risk.
• Add scam-specific models that look for authorised push payment patterns (customer is “authorising,” but under deception).

The goal isn’t “block everything.” It’s intervene at the right moment with the right friction.

A practical definition: An AI scam is fraud where AI helps create, personalise, or deliver deception that convinces the victim to take an action that benefits the attacker.

The new baseline: transparent AI, not invisible AI

Trust doesn’t come from hiding AI—it comes from showing customers how you’re protecting them. When customers believe a bank is using AI in secret, they assume it’s either spying on them or missing obvious scams.

What “transparent AI” looks like in fraud and scam prevention

Transparency doesn’t mean exposing model weights. It means explaining outcomes in plain language:

• “We paused this payment because it matches a common scam pattern: first-time payee + urgent language + unusual amount.”
• “This call might not be from us. We’ll never ask for your one-time passcode.”
• “You can confirm a real bank call by hanging up and calling the number on your card.”

In my experience, the simplest explanations drive the highest compliance. Overly technical warnings get ignored.

Design friction that customers accept

Customers hate friction—until they lose money. Then they ask why nobody stopped them.

Here are interventions that tend to perform well because they feel protective rather than punitive:

• Confirmation delays for high-risk new payees (seconds to minutes, not days), paired with a clear reason.
• Contextual scam prompts right before the final “send” action, not earlier in the journey.
• Dynamic payee risk scoring (flag known mule patterns, mismatched names, high-risk banks or accounts).
• Out-of-band verification when scam risk is high (push notification in-app instead of SMS).

This is a product decision as much as a fraud decision.

What banks and fintechs should do now (a pragmatic playbook)

If your scam strategy is mostly “customer education,” you’re underpowered. Education helps, but you need detection, intervention, and recovery built into the operating model.

1) Build scam detection as a first-class capability

Many organisations still treat scams as “fraud minus chargeback.” That’s a mistake.

Actions that move the needle:

• Stand up a scam taxonomy (impersonation, investment, romance, invoice, remote access, etc.) and tag cases consistently.
• Train models on authorised push payment scam labels, not just unauthorised account takeover.
• Add contact centre signals into fraud scoring (e.g., the customer called twice, seems coached, or refuses to answer verification questions).

2) Improve identity and communications hygiene

Scams thrive on confusion about what’s real.

Make your brand harder to impersonate:

• Reduce reliance on SMS as a trust channel for sensitive actions.
• Standardise outbound comms: one tone, one format, predictable behaviour.
• Push customers toward in-app secure messaging for account-specific issues.
• Implement strong controls around number spoofing mitigation and call verification processes.

3) Train staff for “AI-shaped” scams

Frontline teams are now part of the model.

Give contact centre and branch staff:

• A short scam triage script (identify coercion, urgency cues, remote access apps, “keep this secret” language).
• Clear escalation paths to a scam specialist queue.
• Authority to place temporary payment holds with customer-friendly explanations.

4) Treat recovery as a product feature

Customers judge you on what happens after the mistake.

Operationally, strong programs:

• Launch rapid recall workflows for instant payments and interbank coordination.
• Provide a simple in-app “I think I’m being scammed” button.
• Track time-to-intervention as a KPI (minutes matter).

5) Governance and regulation: prepare for stricter expectations

Regulatory frameworks for AI in finance are tightening, and scams will be a pressure point. Boards and regulators are increasingly asking two questions:

• Can you explain why the system intervened (or didn’t)?
• Are you monitoring bias, drift, and false positives—especially where vulnerable customers are involved?

If your fraud AI can’t produce a clear rationale, you’ll struggle to defend decisions to customers, internal risk teams, and regulators.

“People also ask”: quick answers teams need

Are Australian consumers ready to trust AI in finance? They’ll trust AI that visibly protects them. They won’t trust AI that feels like automation for the bank’s convenience.

What’s the difference between AI fraud detection and AI scam prevention? Fraud detection often targets unauthorised activity (account takeover). Scam prevention targets authorised payments made under deception. The signals and interventions differ.

Do warning screens actually stop scams? Generic warnings get skipped. Contextual prompts tied to the exact risk pattern—right before payment—stop more scams and create better evidence trails.

Will deepfakes become a mainstream banking risk? Yes, especially for voice channels and identity verification edge cases. The bigger risk is not perfect deepfakes—it’s “good enough” under time pressure.

What to do next: protect customers and earn trust

Consumer concern about AI scams is a signal you can act on. Banks and fintechs that respond well will do two things at once: they’ll reduce losses and they’ll make customers feel protected during high-stress moments.

If you’re building or upgrading an AI-based fraud detection program, focus on the intersection of real-time payments, customer behaviour, and clear interventions. Don’t aim for a black-box model that silently blocks transactions. Aim for a system that can explain itself, nudge customers at the right time, and support rapid recovery when things go wrong.

The forward-looking question for every product and risk leader going into 2026: When scammers use AI to sound exactly like “legitimate banking,” what will your customer experience do differently in the final five seconds before money leaves the account?