- Pro
- Security
AI tools now help criminals craft convincing scams that impersonate trusted brands
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
- FBI warns attackers can steal credentials through phishing tricks and quickly take over financial accounts
- Holiday-themed domains lure users into scams designed to capture sensitive information
- Mobile phishing campaigns use trusted names to trigger clicks and downloads
The FBI has reported cybercriminals have stolen more than $262 million from US targets through account takeover schemes in 2025 so far, with individuals, businesses, and organizations across multiple sectors all targeted.
Over 5,100 complaints related to these incidents have been received by the FBI, typically involving criminals gaining unauthorized access to financial accounts, payroll systems, or health savings accounts.
- Amazon Black Friday deals are live: here are our picks!
Social engineering techniques such as phishing emails, fraudulent calls, and texts are commonly used to manipulate victims into revealing login details, and once access is obtained, attackers can reset passwords, take control of accounts, and wire funds to accounts they control, often converting the money into cryptocurrency to obscure the trail.
You may like-
AI scams surge: how consumers and businesses can stay safe
-
Scammers trick over 500,000 victims with fake Google, Bing ads to steal personal info
-
Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know
AI-enhanced phishing and holiday scams
"A cybercriminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support, or technical support personnel," the FBI said.
"The cybercriminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts."
Cybersecurity companies have reported the rising use of AI to create convincing phishing campaigns, fake websites, and social media ads, with Fortinet FortiGuard Labs reporting detecting over 750 malicious, holiday-themed domains in recent months, with campaigns often targeting users with urgency-driven messages tied to events like Black Friday or Christmas, increasing the likelihood of credential theft.
Low-skill attackers can now deploy highly persuasive scams that mimic popular brands such as Amazon and Temu.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over."By openly sharing information like a pet's name, schools you have attended, your date of birth, or information about your family members, you may give scammers the information they need to guess your password or answer your security questions," the FBI said.
Mobile phishing has also increased, with attackers exploiting trusted brand names to trick users into clicking links or downloading malicious updates.
Purchase scams are emerging as a significant threat, with fake e-commerce stores capturing victim payment data and authorising fraudulent transactions for goods that do not exist.
You may like-
AI scams surge: how consumers and businesses can stay safe
-
Scammers trick over 500,000 victims with fake Google, Bing ads to steal personal info
-
Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know
Threat actors continue to exploit vulnerabilities in common platforms, including Adobe, Oracle E-Business Suite, WooCommerce, and Magento.
Some attacks involve multi-stage funnels that use traffic distribution systems to determine the most vulnerable targets before redirecting them to final scam sites.
These operations allow immediate financial gain because victims themselves authorize the payments, with certain campaigns even attempt sequential fraudulent transactions to maximize stolen card value.
Cybercriminals often advertise stolen payment cards on dark web marketplaces, funding further campaigns that compromise additional accounts.
The FBI has issued some recommendations for the public to stay safe from these attacks:
How to stay safe
- Limit personal information shared online
- Monitor financial accounts for unusual activity
- Use unique, complex passwords for all accounts
- Verify URLs before logging into websites
- Be cautious of unsolicited messages or calls claiming to be from financial institutions
- Deploy antivirus software to protect devices from malware
- Enable firewalls to block unauthorized access
- Use identity theft protection to monitor personal information
- Recognize that sophisticated phishing campaigns and AI-driven attacks still pose risks
- Effectiveness depends on consistent implementation across devices and networks
Via The Hacker News
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Efosa UdinmwenFreelance JournalistEfosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
AI scams surge: how consumers and businesses can stay safe
Scammers trick over 500,000 victims with fake Google, Bing ads to steal personal info
Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know
AI-driven cybersecurity threats are now hitting businesses from every angle - here's how to stay safe
Is your business prepared for these growing phishing scams?
Take extra care shopping for Black Friday deals - experts find thousands of fake websites looking to steal your details
Latest in Security
Take extra care shopping for Black Friday deals - experts find thousands of fake websites looking to steal your details
Microsoft Teams guest access could let hackers bypass some critical security protections
Many of us aren't confident we could spot a fake website this Black Friday - so be on your guard
Excited for your Christmas bonus? So are scammers - so make sure you check your emails carefully
Malicious LLMs are letting even unskilled hackers to craft dangerous new malware
Multiple London councils affected by apparent cyberattack
Latest in News
We may see the DJI Osmo Pocket 4 very soon, after this latest leak
Google's AirDrop hack for Android is having some early teething issues
VPN support lands on next-gen Amazon Fire TV Sticks – but only two VPNs are ready
How to watch Heated Rivalry online – watch in UK, US, Canada as the steamy hockey drama hits No.1
Quordle hints and answers for Sunday, November 30 (game #1406)
NYT Strands hints and answers for Sunday, November 30 (game #637)
LATEST ARTICLES- 1I'm a VPN expert, and I've found the 3 Black Friday VPN deals you need to pick up while you still can!
- 2Meta and Google could be about to sign a mega AI chip deal - and it could change everything in the tech space
- 3I used this VPN to create a new, secure identity as a pensioner – now it's 88% off for Black Friday
- 4Talk about a triple threat - IBM says it can now support up to 47PB on a full rack, so load it up
- 5I tested Beyerdynamic’s new gaming headset – it’s an immersive, mid-market gem
