The changing face of scams

• Investment scams, which range from fake property opportunities to cryptocurrency fraud, have been on the rise with the latter skyrocketing. Victims are often lured with promises of “too good to be true” returns.
• Payment redirection or invoice scams pose a growing risk for small and medium businesses, where fake invoices or altered account details trick companies into transferring funds to offshore criminals. Victims may also be directed to pay via account details or QR codes, which can be randomly generated. This tactic is effective as many people don’t verify QR codes before paying.

How AI is fuelling the scam economy

• Offering scams “as-a-service”: Sophisticated cybercriminals develop complete AI-powered phishing kits which are sold to less experienced scammers, lowering the barrier to entry for would-be cybercriminals while exponentially increasing the number of scams.
• Personalised attacks: Scammers use AI to research and gather information from social media and the internet to build rich and detailed profiles of targets quickly.
• Generating convincing content: Cybercriminals use AI to develop realistic phishing emails, deepfake audio and malicious QR codes to target victims.
• Scaling of operations: Small scam rings can now reach a wider number of victims by automating multiple social engineering campaigns.

Using AI to combat scams

1.  Detecting scams in real-time by monitoring transactions, verifying account and payment details, and blocking high-risk payments instantly.
2. Improving human decision-making: some banks now use AI to listen in on customer calls and transcribe conversations, alerting staff to suspicious cues.
3. Identifying patterns of fraudulent behaviour from bot-led account takeovers to anomalies in business payment flows.

What Australian businesses can do to mitigate scams

• Verify invoices: Cross-check large or unusual payments with partners, suppliers and financial institutions directly before processing.
• Train staff and frontline workers: Provide training for finance, customer service, and IT staff to spot scams and anomalies and know the right course of action.
• Protect customer data: Layer defences with AI-driven fraud detection, bot protection, and multi-factor authentication.
• Establish a scam response playbook: Know who to alert (IT, legal, communications, law enforcement) and how to respond if fraud occurs.
• Educate customers and partners: Proactively communicate about emerging scams to the various stakeholders in your organisation to strengthen your supply chain.

What to do if you fall victim

• Follow established procedures with haste but do not panic.
• Notify affected partners and customers immediately.
• Contact their bank to attempt to block or recall fraudulent transactions.
• Report the incident to Scamwatch, the Australian Cyber Security Centre (ACSC) and relevant authorities.
• Review internal processes to prevent recurrence.

A shared responsibility