AI in fraud: Biggest Threat or Best Defense?

A corporate finance employee in Hong Kong receives an urgent video call from their CFO. The face on the screen is familiar, the voice unmistakable. Without hesitation, they authorize a $25 million wire transfer—only to discover later that their CFO never made the call.

In the US, a man panics when he hears his mother’s voice on the phone, begging for help. She’s been kidnapped, the caller claims. Terrified, he sends hundreds of dollars through Venmo—only to realize too late that the voice was an AI-generated fake.

In Italy, a prominent entrepreneur answers a call from what sounds exactly like the country’s Defense Minister. The request is urgent: send millions of euros to a foreign account to secure the release of kidnapped Italian journalists. But the real Minister never made the call.

These are just three of many recent cases where deepfake technology and AI-driven fraud have been used to deceive victims—and the scale of the problem is staggering. According to the Global Anti-Scam Alliance, in 2024, consumers worldwide lost over $1 trillion to scams.

Clearly, something needs to be done. But to fight back effectively, we must first understand the battlefield. So how exactly are cybercriminals exploiting AI?

1. AI-Powered Social Engineering

While deepfake scams dominate headlines, AI is probably having the biggest impact in the background, helping scale the “logistical” side of fraud at unprecedented levels. What once took days, even weeks, can now be executed in minutes, targeting thousands of people with hyper-customized scams that feel disturbingly real.

Long gone are the days of improbable phishing emails from Nigerian princes riddled with typos. AI-based chatbots are now able to craft grammatically perfect, real-time responses tailored to victims' profiles, social media activity, and even leaked private conversations. These highly customized messages are created in seconds, making phishing attacks and social engineering strategies nearly indistinguishable from genuine communication.

2. Credential Stuffing and Account Takeovers

When it comes to financial fraud, this is how it usually goes: fraudsters take stolen email and password pairs - usually from known data breaches or acquired through phishing - and test them across multiple services, exploiting the fact that many people still reuse the same credentials.

But what was once a manual and time-consuming process, or at least a highly technical operation limited to skilled hackers, has now been industrialized through Fraud as a Service (FaaS). 

Today, pre-built fraud kits—equipped with AI-driven credential stuffing tools, botnets, and phishing frameworks—are readily available on the dark web, drastically lowering the barrier to entry for cybercriminals and increasing the frequency and impact of account takeover attacks.

3. Synthetic Identity Fraud

AI-generated fraud extends beyond impersonation or identity theft—it also makes it easy to create entirely fabricated identities. 

In this case, fraudsters use AI-powered tools to source and generate realistic combinations of names, addresses, VAT or Social Security numbers, and financial histories, blending real and fake data to pass identity verification checks. Additionally, AI helps refine these synthetic profiles over time by simulating normal consumer behavior, such as building a credit history, making small transactions, or even interacting with financial institutions. This allows fraudsters to secure loans, credit applications, and engage in money laundering without triggering traditional fraud detection systems.

Because synthetic identities don’t belong to real individuals, there’s no victim to report the fraud, making them especially hard to detect and increasingly favored by cybercriminals.

4. Voice Cloning

Ever picked up a call from an unfamiliar number, only to be met with silence? There's a chance a fraudster was on the other end, recording your voice. With just a few seconds of audio, AI can now clone voices with near-perfect accuracy.

Once cloned, these voices can be used to bypass voice authentication systems, create personalized messages to manipulate loved ones, orchestrate elaborate romance scams, or trick employees into transferring large sums of money directly into fraudsters’ hands.

5. Video Deepfakes

Compared to synthetic voices, full-fledged deepfake videos take longer to create, but the potential rewards make them particularly attractive for fraudsters.

In these cases, criminals use AI-powered deep learning models to generate highly realistic videos of executives, politicians, or public figures—allowing them to impersonate key decision-makers with alarming accuracy. These manipulated videos are then used to request employees to transfer large sums of money,  spread misinformation, or manipulate stock prices.

Fighting Back with AI-driven Open Source Intelligence

The picture may seem grim—fraudsters now have AI-powered tools that make traditional defense methods increasingly ineffective. But the same technology that enables cybercrime can also be used to stop it.

AI-driven Open Source Intelligence (OSINT), in particular, is emerging as one of the most effective countermeasures. By analyzing vast amounts of publicly available data, OSINT tools can identify deepfake anomalies, trace fraudulent transactions, and expose synthetic identities before it’s too late.

The most advanced fraud prevention solutions available combine biometric activity tracking, behavioral analytics, and AI-powered pattern recognition with OSINT techniques and deep online due diligence to detect and stop fraud attacks in real time. 

The applications are endless, and as these next-generation tools become more integrated into digital ecosystems, our collective ability to prevent fraud will only grow stronger.

Take synthetic identity fraud, for example. These AI-generated personas may look real on the surface, but OSINT tools expose them by cross-referencing identity data across multiple sources, revealing inconsistencies in online behavior and digital history. By analyzing social media activity, IP information, and biometric data, fraud prevention teams can separate real individuals from fabricated identities, blocking fraudulent accounts.

When trying to commit account takeovers, fraudsters rely on brute force attacks, testing thousands of stolen credentials in seconds. Also in this case AI-driven OSINT can fight back by analyzing subtle user behaviors. Mouse movements, keystroke patterns, and device fingerprints are nearly impossible to replicate, allowing fraud detection systems to distinguish real users from bots with remarkable accuracy. Then, when an anomaly is detected, access can be blocked before any damage is done.

Even AI-powered social engineering scams can be intercepted before they reach potential victims. The market already offers OSINT tools that constantly scan phishing domains, leaked databases, and the dark web, identifying fraudulent schemes before they gain traction. AI-driven chat analysis can even detect subtle but suspicious linguistic patterns that might go otherwise unnoticed, flagging malicious messages before they land in inboxes.

Finally, deepfake voice and video scams can be unmasked instantly with the right tools. While AI-driven detection solutions can already analyze voice timbre, facial micro-expressions, and metadata inconsistencies automatically, OSINT can play a crucial role in verifying email addresses, phone numbers and devices used by fraudsters, adding another critical layer of protection.

At the end of the day, AI-driven fraud isn’t just a cybersecurity challenge—it’s an economic equation. Fraudsters rely on automation, volume, and repetition, but when OSINT solutions increase detection rates and reduce success margins, fraud’s return on investment plummets. Companies that leverage OSINT not only prevent fraud before it happens but also make fraud itself an unprofitable and less attractive activity. 

So, while the battle against AI-driven fraud is far from over, with the right AI tools and OSINT strategies, it’s one we can still win.