Wells Fargo’s fraud team warns that generative AI has pushed online scams to a new level, one where even experienced professionals are struggling to tell what’s real and what isn’t.
That email from your vendor could have the correct logo, the right tone, even an invoice number that matches your records perfectly, and still be fake. This situation is what makes the current wave of AI-powered scams so dangerous. Â
Generative AI has eliminated the warning signs you used to rely on
For years, the standard advice for spotting a phishing email was straightforward. Look for typos, check for odd formatting, and question anything unusual. Wells Fargo’s fraud team has stated that scammers are no longer using those outdated methods because generative AI can now produce flawless, undetectable content.
Criminals are using large language models to generate phishing emails, fake invoices, and deceptive text messages that pass every visual and grammatical test. The technology enables scammers to automate and scale their operations to target more organizations simultaneously, according to the bank’s advisory notes.
“As technology continues to evolve, so do cybercriminals’ tactics,” said FBI Special Agent in Charge Robert Tripp. “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”
AI-generated phishing emails now achieve click-through rates more than four times higher than their human-crafted counterparts, a 2024 Brightside AI study cited by Vectra AI found.
The volume of these attacks is staggering and growing at an alarming pace. Phishing reports increased 466% in early 2025 compared to the prior year, driven largely by AI-generated phishing kits, Sift’s 2025 Digital Trust Index reports.
Deepfake video and voice cloning are the newest weapons targeting your finances
The threat from AI-powered fraud extends far beyond your email inbox and into phone calls and video conferences you assume are safe. Wells Fargo highlights that criminals are now impersonating trusted sources with deepfake calls, images, and videos that can sound or look like someone you know.
One case made international headlines when fraudsters stole more than $25 million from a Hong Kong-based company after staging a deepfake video call. A finance employee authorized a series of payments because every participant on the call appeared to be a real coworker, according to the bank’s advisory notes.
Voice cloning has become the most accessible attack vector for criminals today. Scammers need as little as three seconds of audio to create a clone with an 85% match to the original speaker, a 2023 McAfee study cited by DeepStrike found.
Payment fraud is surging, and your bank may not be able to stop it
The financial damage from AI-enhanced scams is not abstract or distant from your daily life. Nearly four out of five organizations were victims of attempted or actual payment fraud in 2024, up from 65% in 2022, according to the 2025 Association for Financial Professionals (AFP) Payments Fraud and Control Survey.
Business email compromise remained the top avenue for payment fraud, cited by 63% of organizations in the AFP survey. Wire transfers reclaimed the top spot as the most vulnerable payment type targeted by these scams, surging from 39% to 63% of reported incidents.
When an employee authorizes a payment or unintentionally shares bank account details, the resulting transactions look like regular payments. Your bank or payment provider may have no mechanism to distinguish the fraudulent transaction from a legitimate one, Wells Fargo’s fraud team explains.
Recovery rates paint a grim picture for victims who lose money to these schemes. Only 22% of organizations recovered 75% or more of funds lost in 2024, a sharp drop from 41% the year before, the AFP survey shows.
DexonDee/Shutterstock
The $25 million Hong Kong deepfake case shows what ordinary people faceÂ
The Hong Kong deepfake heist that Wells Fargo references in its advisory warrants close attention because it reveals how such attacks operate in practice. The criminals did not simply send a convincing email but staged an entire video conference with multiple AI-generated participants.
The finance employee on the call believed every person on screen was a real colleague. The deepfakes were so convincing that the employee authorized a series of large payments without triggering any internal alarm or suspicion whatsoever.
More Personal Finance:
- Retirees following 4% rule are leaving thousands on the table
- Fidelity says a $500 policy could protect your entire net worth
- Fidelity’s 4 Roth strategies could save your family a fortune in taxes
Businesses lost an average of nearly $500,000 to deepfake-related incidents in 2024, according to DeepStrike. Fraud losses in the United States facilitated by generative AI could climb to $40 billion by 2027, the Deloitte Center for Financial Services projects.
These numbers should concern you, even if you work nowhere near corporate finance. The same technology used to target businesses is being deployed against individual consumers through voice-cloning scams, fake customer service calls, and fraudulent payment requests via text.
How scammers are using AI to earn your trustÂ
Wells Fargo’s advisory highlights a tactic that goes beyond simple impersonation and into long-term manipulation. Automated chatbots and other generative AI tools help criminals build trust with a target over days or weeks before making their move, the bank warns.
Scammers can quickly gather your information from social media and other public sources, then conduct detailed conversations across multiple channels. They use specific personal details to make their requests feel natural, familiar, and completely legitimate.
Consumers reported losing $12.5 billion to fraud in 2024, the highest annual total ever recorded, according to the Federal Trade Commission.
The FBI’s Internet Crime Complaint Center recorded more than $16.6 billion in cybercrime losses in 2024, a 33% year-over-year increase, the Bureau noted in its annual report.
5 steps to protect yourself against the next scamÂ
Step 1: Upgrade your email filtering before it is too late
Wells Fargo recommends implementing an AI-based secure email gateway that uses behavioral analysis to filter out imposter domains and business email compromise attempts. The more suspect emails you catch before they reach your inbox, the safer you are.
More than 82% of phishing emails now use AI technology in some form, according to Tech Advisors. Your current spam filter may not be equipped to handle the latest generation of AI-crafted messages that bypass traditional detection.
Review your email security settings today and enable advanced phishing protections if your provider offers them. A few minutes of setup time can prevent thousands of dollars in potential losses down the road.
Step 2: Verify every payment request through separate channels
If a vendor emails you requesting a change to payment instructions, do not hit reply, as you could be responding directly to the imposter. Instead, call your known contact using the phone number you already have on record, Wells Fargo advises.
If a manager or business leader contacts you with an unusual financial request, follow up using a different communication method entirely. Be especially cautious of any payment you are asked to keep secret, send to a new payee, or complete with extreme urgency.
Create a written policy for your household or business that requires verbal confirmation before any payment exceeding a set dollar threshold is processed. Even a $500 threshold adds a meaningful layer of protection against AI-powered fraud.
Step 3: Require accountability for every payment approvalÂ
Wells Fargo recommends dual custody for payments and user administration, the advisory explains. Have one person initiate a payment and a separate person, ideally using a different computer, approve the transaction before any funds are released.
This dual-approval system gives you a second opportunity to catch fraudsters. Train both the initiator and the approver to ask questions and look for suspicious activity at every step.
The same principle applies to your personal finances at home. If you share accounts with a spouse or partner, agree that neither of you will authorize a large transfer without first confirming it with the other.
Step 4: Build a habit of healthy skepticismÂ
Scammers manufacture urgency because urgency bypasses your critical thinking. Any message demanding immediate payment, threatening account closure, or requiring action before the end of business deserves extra scrutiny from you.
Teach everyone in your household to pause before acting on any financial request received by phone, email, or text message. If the request is legitimate, the sender will understand a brief delay while you confirm the details.
Be skeptical of any communication asking you to switch to a different platform for further discussion. Scammers often move conversations away from monitored channels where their activity could be flagged and stopped.
Step 5: Freeze your credit and monitor your financial accounts weekly
Even if you have not been targeted yet, placing a credit freeze with Equifax, Experian, and TransUnion prevents criminals from opening new accounts in your name. You can do this for free at each bureau’s website in just a few minutes.
Monitor your bank accounts, credit card statements, and investment accounts weekly for any transactions you do not recognize. Early detection is often the difference between recovering stolen funds and losing them permanently, fraud experts warn.
Request a free Identity Protection PIN from IRS.gov to prevent criminals from filing fraudulent tax returns using your Social Security number. This step takes less than 10 minutes and provides year-round protection against tax identity fraud.
Enable two-factor authentication on every financial account and email address you use. Even if a scammer obtains your password through a phishing attack, this additional security step blocks access without your physical device present.
The old playbook for spotting scams is dead
Wells Fargo’s warning reflects a fundamental shift in how fraud operates across every financial channel you use daily. The traditional advice of looking for bad grammar and suspicious links no longer applies when AI replicates every element of a legitimate communication.
Your defense now depends on process and verification rather than perception and instinct. Confirmation protocols, dual-approval systems, and active credit monitoring tools are your new first line of defense against increasingly sophisticated threats.
AI will continue to disrupt the way we live and work, with both positive and negative consequences, Wells Fargo’s fraud advisory concludes. Individuals and businesses that stay current with evolving threats will have the best chance of protecting their finances.
The next scam that reaches you will not look like a scam at all, and that is exactly why you need to build protections that work, even when your eyes and ears cannot tell the difference between real and fake.
Related: Vanguard reveals why smart investors still fall for scams