How to spot and avoid AI scams

With advances in AI, scams are becoming more sophisticated – here’s what to look out for
Tali Ramsey

What is an AI scam?

An AI scam uses artificial intelligence (AI) to create the content of the scam, which could feature text, video, audio and images. Fraudsters typically use generative AI tools, including chatbots and image, video and audio-generation software to create these scams.

Generative AI refers to AI tools that 'generate' text, images and other content, usually in response to prompts.

This software is free and accessible to anyone with a computer and internet connection, because it's also used for legitimate purposes. However, its increased accessibility has led to a surge in scams that use AI.

Essentially, AI makes scams more convincing and harder to spot, which means it's important to become familiar with these new methods to stay one step ahead of the scammers.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

Types of AI scams

Deepfakes

A deepfake is a video where the person in it has been digitally altered to appear as a different person.

Fraudsters use this technique to make it appear as if someone, usually a popular celebrity or trusted person, is saying something they're not.

For example, they can make it seem like a celebrity is promoting their phoney investment scheme with words from their own mouth. Meanwhile, the video is a complete fake.

Deepfakes can also be used to steal people's identities or to pass verification checks and access victims' accounts as well as to create images of completely non-existent people.

How to spot these scams:

  • Some deepfakes use lip-syncing, so watch the video carefully for lip-syncing that's slightly off.
  • Pay attention to details in the quality – do the hair, lighting and skin tone of the person look believable? Is there any blurring in the video?
  • Listen out for strange background noises or robotic voices.
  • Look for unnatural expressions –  it's hard to mimic natural blinking, and AI often lacks facial emotion and AI body movements can seem off.
  • Where does the video come from? If it's not an official account or if it's an account you've never heard of and you haven't seen the video anywhere else, be wary.

Deepfake scam ad

Can you spot the signs of this scam ad?

This fake video shows an AI-generated image and voice of Elon Musk apparently promoting an investment opportunity. The video is a complete fake and a scam.

Voice cloning

Voice cloning is when a person's voice is recorded and then used to create audio content of that person speaking.

Fraudsters can use a voice recording of someone to make them say anything that they want them to.

In scary examples we've come across, scammers have used the voice of a person to create a more menacing version of the 'Hi mum and dad' scam.

Victims receive calls out of the blue from a loved one in distress who eventually needs them to transfer money for some made-up emergency.

How to spot these scams:

  • The caller likely won't say much – perhaps they'll just say something short like 'please help me'.
  • Laugh to see if they're a real person – Vidby, an AI-powered voice translation company, says that AI has difficulty recognising and responding to laughter, so saying something off-topic could trip it up. You could also test it and see if it's able to sing, Vidby suggests that 'for more effect, ask to sing the song in a language other than the original. This is a very difficult task for AI.'
  • Listen for unusual background noises and unexpected changes in the tone of the caller that indicate you aren't having a real-time conversation with a person. Vidby also suggests listening out for unusual pauses.
  • Ask the caller for as much detail as possible, as only the real person will know these.
  • You're asked to make a payment using gift cards or cryptocurrencies, as these are typical of scams.

Listen to our podcast on the future of scams (from 18 mins 16 secs) to hear a conversation our host had with an AI scam caller – could you spot it?

Phishing messages

Phishing messages sent via text and email, as well as scam social media posts and adverts. They attempt to prompt you into following a phishing link that will ask for personal and/or financial information.

This is typically done by impersonating well-known brands and asking you to update your account information or to follow a link to receive a prize.

With generative AI tools such as ChatGPT, fraudsters are able to create much more convincing messages, free from the poor spelling and grammar we've always relied on to spot scams.

How to spot these scams:

  • Most genuine companies address you by your name and also include personal account details, such as your mobile phone number or part of your account number.
  • Messages asking for personal and financial data should be treated with caution.
  • Be wary of messages with attachments, as most companies don't include these, and this is how scammers spread malware.
  • All phishing messages contain links. Even though legitimate companies also send messages with links, you should hover over the link to see if it leads to the brand's official website.
  • Brands will use their official email addresses, so always check the sender's address on emails.
  • Always check the number that texts are sent from – although numbers can be spoofed, a seemingly random number is always a red flag.
  • Scammers want to push you to act quickly, so be wary of a sense of urgency.
  • Check the branding for blurred or pixelated images that don’t use the company’s latest brand colours.

Staying protected

Some methods of safeguarding yourself from these scams include:

  • Downloading effective antivirus onto your devices to fight malware.
  • Being wary of any out-of-the-blue, unexpected contact.
  • Verifying any information you're given with the brand or person it claims to be from. This can be done by checking official accounts and websites or contacting the friend or relative 'calling' using a different method.
  • Not disclosing any personal or financial information over text, email or phone or on any website you visit before you've verified its legitimacy.
  • Being wary of anyone prying or pressuring you into handing over any sensitive information.
  • Watching out for a sense of urgency.
  • Creating a password among your family and friends and asking them to repeat it in emergencies, or asking them a question only they'd know the answer to.

Reporting AI scams

On social media, there are usually three dots in the top right-hand corner to report scam posts and ads.

Report scam texts by forwarding them to 7726 and report emails by sending them to report@phishing.gov.uk.

Phishing websites can be reported to the National Cyber Security Centre (NCSC).

If you become the victim of a scam, call your bank immediately using the number on the back of your bank card and report it to Action Fraud, or call the police on 101 if you’re in Scotland.

Follow Which?'s latest scam updates and sign up to our free Scam Alert Service.

Related articles

More on this