Criminals are now using generative artificial intelligence to clone voices, fabricate video calls, and craft eerily convincing phishing messages, turning familiar fraud schemes into something far harder to spot. The FBI, FTC, and NIST have each issued separate warnings and guidelines about these threats, yet most consumers have not adjusted their habits to match the speed at which scammers are adopting AI tools. What follows are five evidence-backed moves, drawn directly from federal guidance, that can help you keep your money out of reach.
How AI Supercharges Old Scam Playbooks
Generative AI has not invented new categories of fraud so much as it has made the old ones faster, cheaper, and more believable. The FBI’s Internet Crime Complaint Center issued a public service alert documenting how criminals now use generative AI across text, images, audio including vocal cloning, and video to scale financial fraud. The schemes themselves, including romance scams, investment cons, and confidence tricks, are decades old. What has changed is the production quality. A scammer who once needed hours to write a passable English-language email can now generate hundreds of polished messages in minutes, each tailored to a specific target’s social media profile.
The FBI’s San Francisco field office reinforced this point in a separate release issued during RSA week, warning individuals and businesses about AI-enabled phishing and cloning schemes. The agency’s core finding is that AI increases the speed, scale, and automation of existing scam playbooks. That distinction matters because it means the red flags consumers learned years ago, such as poor grammar or robotic phrasing, no longer apply. The new generation of AI-powered messages can sound exactly like a trusted colleague, a bank representative, or a family member in distress.
Move 1: Verify Every Urgent Request Through a Separate Channel
The single most effective defense against AI-generated impersonation is also the simplest: never act on an urgent financial request without confirming it through a completely different communication channel. If you receive a video call from someone claiming to be your boss asking for a wire transfer, hang up and call that person’s known phone number. If a text message from a relative says they need bail money, reach out to another family member before sending anything. This advice aligns with IC3 guidance, which warns that AI-generated audio and video can be convincing enough to fool even cautious people and stresses the importance of independent confirmation before moving money.
The real-world stakes of skipping this step became clear when an impostor used AI to impersonate a senior U.S. official and contact foreign and domestic policymakers through text, encrypted apps, and voicemail, prompting a warning cable from the State Department. If AI-generated impersonation can target high-level government figures across multiple channels, ordinary consumers are even more exposed. The lesson is direct: treat any unexpected request involving money or sensitive information as suspect until you have verified it through a trusted, independent method such as a known phone number, an in-person conversation, or a previously established email address.
Move 2: Establish a Family Safe Word for Emergency Calls
Voice cloning technology can now replicate a person’s speech patterns from just a few seconds of recorded audio, which means a scammer who scrapes a short clip from social media can produce a phone call that sounds exactly like your child, parent, or spouse. The IC3 alert and related FBI messaging recommend that families create a secret word or phrase, agreed upon in advance, that any member can use to prove their identity during an emergency call. This is a low-tech solution to a high-tech problem, and its strength lies in the fact that no AI model can guess a private code it has never encountered or seen written down.
The key to making this work is discipline. The safe word should never appear in text messages, emails, or social media posts where it could be harvested. It should be something memorable but not obvious, unrelated to birthdays, pet names, or other details a scammer could research. Families should rehearse how they will respond if they receive a panicked call that does not include the safe word, and should agree that a missing code is a sign to hang up and call back using a known number. This single habit could meaningfully reduce the success rate of AI-driven voice cloning scams, even as the underlying technology continues to improve and becomes more widely accessible.
Move 3: Report Suspicious Contacts Immediately
Reporting scams may feel futile in the moment, but federal enforcement agencies rely on complaint volume to identify patterns, build cases, and issue public warnings. The FTC has explicitly tied the growth of impersonation fraud to AI-generated deepfakes and voice cloning in its proposal for new safeguards against AI impersonation. The agency’s rulemaking posture includes considering liability for firms that provide tools they know or should know are being used for consumer harm, and those decisions depend heavily on evidence about how scams are unfolding in the real world.
If you suspect you have been targeted, file a report with the FTC at its fraud reporting portal. If personal information has been compromised, use the agency’s identity theft resources to create a recovery plan and follow the recommended steps with your banks and credit bureaus. To reduce the volume of unsolicited calls that serve as entry points for many scams, you can also register your number on the national Do Not Call list. None of these steps guarantee immunity, but together they create a paper trail that strengthens enforcement and can help you recover losses faster if fraud does occur, while also feeding into the data that shapes future rules on AI misuse.
Move 4: Enable Multi-Factor Authentication Everywhere
AI can generate a convincing voice, a realistic face, and a persuasive email, but it cannot intercept a one-time code sent to your physical device unless you hand it over. Multi-factor authentication, sometimes called two-factor authentication, adds a second verification step beyond your password. This means that even if a scammer uses AI to trick you into revealing your login credentials, they still cannot access your account without the code from your phone or hardware key. The FBI’s guidance on AI-enabled threats emphasizes that AI increases the automation of social engineering attacks, which are designed to harvest exactly the kind of single-factor credentials that multi-factor authentication protects against.
The practical application is straightforward. Turn on multi-factor authentication for every financial account, email address, and social media profile you own, and prefer app-based authenticators or physical security keys over SMS codes when possible. Regulatory efforts are beginning to catch up: the FTC’s federal trade rule on impersonation, effective April 1, 2024, prohibits impersonation of government and businesses and their officials in interstate commerce, and a related FTC notice in the Code of Federal Regulations at 16 CFR part 461 outlines how the agency will enforce those prohibitions. But regulatory rules work after the fact. Multi-factor authentication works before the scammer gets in, making it one of the few defenses that directly blunts the impact of AI-enhanced phishing.
Move 5: Stay Skeptical of Photos and Videos as Proof
One of the most dangerous assumptions consumers make is that seeing is believing. NIST recently published new guidance on detecting face morphs and other identity image manipulations, including quantified performance ranges for detection limits of manipulated identity images. The findings are sobering: detector accuracy can degrade when facing unfamiliar generation methods. In plain terms, the tools designed to catch fake images do not always work, especially when confronted with newer AI techniques they were not trained on, which means that even sophisticated organizations can be fooled by convincing visual forgeries.
NIST’s pilot evaluation plan for image discriminators further illustrates this gap by describing how the agency evaluates systems designed to differentiate AI-generated content from human-generated content. The measurement problem is active and unsolved, and NIST’s work shows that there is no simple, universal detector you can rely on. For consumers, the takeaway is that a photo or video sent as “proof” of identity or urgency should never be the sole basis for a financial decision. Combine visual evidence with independent verification, such as calling a known number, checking official websites, or confirming details through a separate, trusted channel before you move money or share sensitive information.
Move 6: Follow Official Updates and Use Trusted Technical Resources
Because AI tools evolve quickly, staying informed is part of staying safe. The FBI encourages individuals and organizations to keep current with threat trends by subscribing to its email alerts, which include public service announcements, emerging scam patterns, and updates on major enforcement actions. These alerts often highlight new ways criminals are exploiting generative AI, from synthetic audio used in business email compromise to deepfake video used in investment fraud, giving you a head start on recognizing patterns before they land in your inbox or messaging apps.
For organizations and technically inclined readers, the federal government also provides structured data and documentation that can help integrate up-to-date legal and regulatory information into internal tools. The Office of the Federal Register and related services maintain an API for the electronic Code of Federal Regulations, allowing developers and compliance teams to track changes to rules, including those governing impersonation and AI-related conduct. While this is a more advanced resource than most consumers will use directly, it underscores a broader point: the landscape of AI-enabled fraud is now intertwined with formal regulation, and both individuals and institutions benefit from treating scam defense as an ongoing process rather than a one-time checklist.
Bringing It All Together
Generative AI has amplified classic fraud tactics, but it has not changed the basic dynamics of most scams: they still rely on urgency, secrecy, and emotional pressure to push you into acting before you think. Federal agencies are responding on multiple fronts, from the FBI’s warnings about AI-driven social engineering to the FTC’s efforts to curb impersonation and NIST’s research into detecting manipulated images. Yet the first line of defense remains individual behavior. Verifying every urgent request through a separate channel, using a family safe word, reporting suspicious contacts, enabling multi-factor authentication, and treating photos and videos with skepticism together form a practical toolkit that anyone can apply, regardless of technical expertise.
These steps will not eliminate risk, and no single habit is enough on its own. But taken together and reinforced over time, they make you a significantly harder target in an environment where scammers increasingly lean on AI to do the heavy lifting. As federal rules evolve and technical detection tools improve, staying plugged into official updates and using trusted resources can help you adapt without needing to become a security professional. The goal is not to outrun every possible scammer, but to avoid being the easiest mark in the room, and in the age of AI-enhanced fraud, that starts with slowing down, double-checking, and refusing to let a synthetic voice or polished video rush you into a costly mistake.
More From The Daily Overview
*This article was researched with the help of AI, with human editors creating the final content.
Cole Whitaker focuses on the fundamentals of money management, helping readers make smarter decisions around income, spending, saving, and long-term financial stability. His writing emphasizes clarity, discipline, and practical systems that work in real life. At The Daily Overview, Cole breaks down personal finance topics into straightforward guidance readers can apply immediately.
