The Numbers Don’t Lie. From the data collected, it is estimated the world lost $14.3 billion dollars from AI cyber assisted scams in 2025 according to Nasdaq’s Verafin. There has been an annual increase of 19.6% of these types of AI-assisted scams since 2023. So why this sudden upward surge, that’s because of artificial Intelligence and it’s responsible for more than 50% of fraud related activity today. This includes not only financial institutions, but as well as healthcare, education, e-commerce, retail, and insurance companies. No more ski masks and old-fashioned robberies, this is the modern age, and attackers are utilizing this new weapon to its fullest potential. Let’s look at some ways on how they use this tool.

AI-Powered Phishing & Social Engineering

Phishing is an attempt to steal sensitive information; the end goal is collecting data and using it for personal gain. This can include usernames, passwords, bank accounts, credit cards, and Social Security numbers. Social engineering is when an attacker gains the trust of victims and manipulates them into giving out sensitive information.

So how does AI play into this?

Well, attackers are now using generative AI. Instead of analyzing data that already exists, this AI learns patterns from data (emails, texts, or images) and then creates new content from it. Attackers can use that data to create fake emails or other believable messages. These emails can look so convincing that it seems like your bank, boss, or a company you trust sent them.

It can also be used to mimic someone’s writing style and create fake voice messages. Imagine someone finds a video on social media of someone you know speaking; attackers can take that audio and clone the voice to impersonate someone they’re not and steal sensitive information. This makes this tool very dangerous and problematic. On top of that, instead of crafting and writing each message manually, attackers can mass produce these phishing messages in a very short amount of time.

Rise of the Deepfake

Deepfakes are AI generated fake images, videos and audio. This can make it look and sound like a real person. Attackers collect data mostly from social media and have the AI study the data looking for pattern recognition. It could look for facial expressions, body movement, voice tone, voice pitch, and speaking style. After studying and analyzing this data, it will create new content from it. This works very similar to AI powered phishing, only the data is different. The attackers are training the AI on real media of a person, then will use that to generate fake, but realistic, looking or sounding media, some examples are, swapping a face in a video with someone else, or a voice sounding like whoever and creating a new sentence with it to send voicemails. The possibilities are endless for the attackers.

Ransomware Attacks on Financial Institutions

This isn’t anything new for financial institutions, but AI has changed how ransomware attacks are built and launched. To understand modern ransomware attacks, we must first understand traditional ransomware attacks. Before AI, attackers would try to find an entry point into an infrastructure. Once inside, they would plant malware, silently encrypt files, and then demand a ransom payment.

Modern attacks with AI are implemented differently. Before launching an attack, bad actors may use AI to understand a target’s infrastructure. They can use AI to scan large networks and spot vulnerabilities, such as outdated software or misconfigured systems. Once they identify a potential entry point and gain access to the network, they can use AI to quickly analyze and sort through large amounts of data. This helps attackers locate valuable data repositories and use them for personal gain.

How Banks Are Fighting Back

Good news is banks are already fighting back using the same technology. They are using AI to fight AI, but AI alone won’t win the battle. Instead, banks are implementing a combination of AI defense + strict security controls + trained humans to counter these bad actors. Some ways AI is being used are to detect and investigate fraud, spot phishing emails, identifying ransomware behavior earlier, and blocking fake voices or deepfakes.

As technology becomes more advanced and AI starts to become normal in our day-to-day lives. We must be aware and gain knowledge on what this tool is capable of. Banks and financial institutions need to understand this is just not an IT department or cybersecurity problem anymore, these attacks are being targeted directly against finance teams, human resource teams and call centers. Everyone needs to play a part and have some type of security awareness training where you can recognize these types of attacks.