AI-Driven Scams and Deepfake Threats to Identity Security
AI technologies are rapidly transforming the landscape of cybercrime, enabling scammers to create highly convincing deepfakes and personalized attacks that are increasingly difficult for individuals and organizations to detect. Recent research and industry reports highlight a surge in AI-powered scams, with over 70% of consumers encountering scams in the past year and deepfake audio and video emerging as top concerns. Attackers are leveraging social media as a primary channel to target victims, exploiting the widespread use of mobile devices, which often lack adequate security protections. The sophistication of these attacks is exemplified by incidents such as the $25 million fraud at Arup, where a deepfaked videoconference deceived an employee into transferring company funds.
The growing threat of deepfakes and synthetic media is driving a cybersecurity arms race, as organizations struggle to keep pace with evolving attack techniques. Security leaders are increasingly focused on strengthening identity controls, as insurers now scrutinize the maturity and enforcement of identity and access management practices before offering coverage. Research also reveals that current identity document verification systems are hampered by limited and non-diverse training data, making them vulnerable to advanced fraud tactics. As AI continues to lower the barrier for attackers, both technical and human-centric defenses must adapt to counter the risks posed by synthetic identities and technology-enhanced social engineering.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Multiple reports highlight rising fraud and deepfake security risks
Several industry reports and coverage published on 2025-11-21 highlighted growing concerns around AI-powered scams, weaknesses in identity document fraud detection, insurer scrutiny of identity security controls, and the expanding threat posed by deepfakes. The references describe trend reporting and research findings rather than a discrete breach, takedown, or vulnerability event.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Convenience culture is breaking personal security
helpnetsecurity.com
Open sourceResearch shows identity document checks are missing key signals
helpnetsecurity.com
Open sourceWhat insurers really look at in your identity controls
helpnetsecurity.com
Open sourceEmerging threat from deepfakes leads to cybersecurity arms race
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Identity Impersonation and Cybercrime Tactics
Cybercriminals are increasingly leveraging artificial intelligence to automate and enhance identity impersonation, making traditional security measures less effective. Attackers now use AI-generated voice messages and deepfakes to convincingly mimic executives and employees, enabling sophisticated business email compromise schemes and fraudulent financial transactions. The widespread availability of generative AI tools, combined with vast amounts of personal data from previous breaches, allows threat actors to craft highly personalized phishing messages and social engineering attacks that reference real company projects and colleagues, significantly lowering the barrier to entry for such operations. Security experts warn that AI-driven attacks are fundamentally changing the threat landscape, with phishing attempts becoming nearly impossible to detect and self-evolving malware presenting new challenges for defenders. The rise of digital doppelgangers and AI-powered adversaries underscores the urgent need for organizations to adopt zero-trust security models and advanced identity verification techniques, as conventional employee training and perimeter defenses are no longer sufficient to counter these evolving threats.
Mar 21, 2026
Surge in Deepfake-Driven Fraud and Synthetic Identity Threats
Artificial intelligence-powered scams, particularly those leveraging deepfakes and synthetic identities, escalated significantly in 2025. Experts warn that the quality and volume of deepfakes have reached a level where they are nearly indistinguishable from authentic media for most people, enabling fraudsters to deceive victims on a global scale. Voice cloning and visual deepfakes have been used to facilitate large-scale scams, while the emergence of synthetic entities has further blurred the line between real and fake identities, complicating fraud detection for financial institutions. The misuse of stablecoins and lax cryptocurrency oversight have created new avenues for cross-border fraud, with experts predicting these trends will intensify in 2026. Industry leaders emphasize the urgent need for improved data, reporting, and regulatory measures to counteract these evolving threats. The rapid proliferation of generative AI tools has enabled "pig butchering" scams and other fraud operations to target vast populations, underscoring the growing risk posed by synthetic media and AI-driven deception in the financial sector and beyond.
Mar 21, 2026
AI-Enabled Social Engineering and Scams Using Deepfakes and Automation
AI is accelerating and scaling social engineering by automating reconnaissance, targeting, and victim engagement, reducing both the cost and skill required to run convincing phishing and fraud campaigns. One reported evolution is the use of **AI agents** to collect open-source intelligence and conduct live, interactive conversations with targets with minimal or no human involvement, enabling high-volume, continuously running scam operations that can adapt in real time. Deepfake-enabled impersonation is further eroding trust in voice and video communications, including calls and meetings, with examples cited of finance staff being deceived into transferring **millions** after interacting with fabricated “executives.” Recommended mitigations emphasize shifting from human-sense validation to process-based controls—e.g., enforced verification procedures, out-of-band checks, shared authentication phrases (“safe words”), and emerging *content provenance* approaches—because traditional, predictable detection models are increasingly strained by the speed, personalization, and adaptability of AI-driven attacks.
Mar 21, 2026