As artificial intelligence (AI) moves into more companies, fraud, scams, and deepfake imaging becomes more realistic and harder to detect. Cybersecurity experts have pointed out the increasing influx of modern scams such as AI-powered phishing, clone emails, and gift-card fraud that use personal data to create highly convincing attacks.

Understanding how these scams work is essential for CISOs and their teams to protect personal information, corporate data, and money. Experts at Psono.com, which makes an open-source, self-hosted password manager for enterprises, have seen a variety of these scams this year and expect to see more of them in 2025. Below are some of the common scams they’ve seen and actionable steps you can take to safeguard assets and information.

AI-powered scams: Deepfake impersonations Fraudsters are utilizing AI technology to impersonate family, friends, or colleagues. By harvesting voice and video data from social media, they create realistic deepfake recordings to request money or sensitive information. These scams are particularly convincing because they play on emotional connections.

What to do: If you receive an unexpected request, verify its authenticity by asking personal questions only the real individual would know. A vague or incorrect response is a red flag. Always confirm through a separate, trusted communication channel.

Gift card scams: A targeted approach Scammers analyze online shopping habits to tailor gift card schemes. They often pose as trusted contacts or organizations, requesting gift card codes from popular stores. Victims are particularly vulnerable during peak shopping seasons when they may be distracted.

What to do: Be wary of anyone asking for gift card codes as payment or a resolution to a problem. Legitimate organizations do not operate this way. Always verify requests with the source directly.

Vishing: Phone-based fraud Vishing (voice phishing) involves scammers impersonating banks, government agencies, or other trusted organizations. They create urgency – such as warning about “suspicious activity” – to pressure victims into divulging sensitive information like personal identification numbers (PINs) or account details.

What to do: Legitimate organizations will not ask for sensitive information over the phone. If in doubt, hang up and contact the institution using a verified number. Always take time to verify before taking action.

Smishing: Fake text message scams Smishing, or SMS phishing, uses fraudulent text messages that mimic account alerts, delivery updates, or other urgent notifications. These texts often contain malicious links designed to steal login credentials or spread malware.

What to do: Scrutinize the sender’s phone number. If it doesn’t match the official organization, don’t trust it. Avoid clicking suspicious links and double check messages directly with the company.

Clone phishing: Familiar but dangerous Clone phishing replicates legitimate emails – such as receipts or notifications – but replaces links or attachments with malicious ones. The familiarity of these emails makes them highly effective.

What to do: Check the sender’s email address for discrepancies and hover over links to inspect their true destination. If the email seems suspicious, contact the sender through their official channels.

Social media phishing: Exploiting trust Social media phishing involves scammers using fake or hacked profiles to send messages that mimic giveaways or urgent requests. These aim to steal personal data, login credentials, or even money.

What to do: Avoid clicking unsolicited links or entering unexpected contests. Verify messages and profiles through other channels, and double-check URLs for authenticity.

Man-in-the-middle attacks: Public Wi-Fi pitfalls Hackers can intercept data – such as passwords or financial details – sent over public Wi-Fi. These “man-in-the-middle” attacks are common in public spaces like cafés or airports.

What to Do: Avoid logging into sensitive accounts or transacting on public Wi-Fi. Use a VPN for added security and ensure websites are encrypted with “https://.”

Ransomware: Holding data hostage Ransomware attacks encrypt a victim’s files or devices, demanding payment for access. These attacks often originate from phishing emails or fake software downloads and target personal or business data.

What to do: Regularly backup important files offline and be cautious with email links or attachments. If attacked, report the incident to the authorities and seek professional advice.

DNS spoofing: Redirected to fake sites In DNS spoofing, scammers redirect users to fake websites that look like legitimate ones to steal passwords, credit card numbers, or other sensitive details.

What to do: Carefully check website URLs before entering information. Use sites with “https://” and consider tools that protect against DNS attacks.

Fake job offers: Too good to be true Scammers lure victims with enticing job offers, often for remote positions with high pay. They request upfront fees or sensitive information, posing as representatives of reputable companies.

What to do: Research the company thoroughly and verify job offers through official channels. Be cautious of requests for payment or excessive personal information upfront.

A proactive approach to cybersecurity The growing sophistication of online fraud underscores the importance of vigilance and education. By understanding these schemes and adopting preventive measures, you can protect yourself, your loved ones, and your business from financial and emotional harm. Stay informed, trust your instincts, and verify before acting – your caution is the first line of defense against these digital threats.