The infamous “Nigerian prince” email became a cultural joke. But in 2025, the joke is over.

Today’s scams don’t look like scams. They sound like your boss calling on the phone. They look like your child speaking in a video message.

They arrive as polished, professional emails drafted with flawless English. Artificial intelligence has given criminals a toolset that is cheap, scalable, and alarmingly convincing.

From Clumsy Emails to Convincing Fakes

The most significant shift is credibility. In the past, bad grammar worked in scammers’ favour—it filtered for only the most vulnerable. But generative AI has eliminated that barrier.

Large language models, the same kind of systems I explained in Behind the Buzzwords: What Is a Large Language Model Really?, can now produce text that feels indistinguishable from something a trusted colleague or institution might write.

Pair that with voice cloning and deepfake video, and the con artist no longer needs to bluff. The technology can imitate, and in some cases outperform, human communication.

A scammer doesn’t need to sound like a stranger anymore—they can sound like your manager. They can look like your CFO in a video call.

They can even hold a real-time conversation, powered by a chatbot that never slips up.

Why It’s Happening Now

AI-powered scams aren’t new, but 2025 is the year they’ve become unavoidable. The reasons are layered.

Running advanced AI models has become drastically cheaper, and open-source systems mean criminals don’t need to rent power from the likes of OpenAI.

There’s also the dark economy of “scam-as-a-service,” where criminal groups package ready-made tools—complete with cloned voices and phishing scripts—so anyone can deploy them.

What makes this particularly dangerous is the overlap with the massive pool of stolen personal data already circulating on the dark web.

In How Cybercriminals Really Get Your Info, I described how years of data breaches have created black markets for everything from email addresses to banking records. Now, AI uses that data to tailor scams with unsettling precision.

It isn’t just a generic “Dear Customer” anymore. It’s your name, your employer, your account, woven into a message that feels personal.

The cultural context matters too. Deepfakes are no longer exotic; they’ve appeared in entertainment, advertising, and even politics.

When New Hampshire voters received AI-generated robocalls in President Biden’s voice during the 2024 primaries—something CNN later confirmed—it showed how seamlessly synthetic content could slip into public life.

The Human Cost

Consider the finance worker who wired $25 million after a video call with a “CFO” who didn’t exist. The voice, the face, the mannerisms—all fabricated.

Or think of the Canadian taxpayer who picks up a call from what sounds precisely like a CRA officer, able to answer questions in real time.

In some of the most chilling cases, parents have been sent videos that appear to show their children kidnapped, only to discover later that it was AI-generated extortion.

What connects these stories isn’t just the fraud—it’s the realism. Criminals are no longer asking you to believe the unbelievable.

They’re using technology to create scenarios that trigger urgency, panic, or trust at precisely the right moment.

Fighting Back

Defending against AI-generated scams is far more complicated than deleting spam emails used to be. Technology can help, but human awareness is still the most effective tool.

If a request feels rushed, if a call demands money, if a message tugs too sharply at your emotions, pause before acting. Verify it through another channel.

Even something as simple as calling a known number back can break the illusion.

Businesses, of course, face even higher stakes.

Training employees, enforcing dual approvals for financial transfers, and adopting zero-trust security practices are now essentials rather than best practices.

Many organizations are also beginning to experiment with AI-based defences—systems designed to flag the subtle artifacts that synthetic media leaves behind. It’s an arms race, with one set of algorithms generating deception and another set trying to detect it.

The same cat-and-mouse dynamic also exists in other corners of technology.

In The Real Cost of AI: Who’s Paying for the Compute Arms Race?, I wrote about how the demand for computing power is reshaping industries. Here, the arms race is between criminals and defenders.

Both sides are armed with the same tools.

Looking Ahead

Some researchers hope watermarking techniques can help, embedding invisible signals in AI-generated content so that fakes can be spotted instantly.

Others argue that only regulation will make a difference, though governments are already struggling to keep up with simpler issues, such as Canada’s digital tax rules.

It’s possible that within a few years, your phone or email client will warn you mid-conversation: “This voice may be synthetic.” Until then, the most effective defence is still the oldest one: healthy skepticism.

Conclusion

AI-generated scams aren’t just another chapter in the story of cybercrime. They’re a shift in kind, not just in degree.

By making deception faster, cheaper, and more believable than ever, AI has handed criminals a megaphone.

History shows that every technological leap—from the earliest computers to today’s generative models—brings unintended consequences.

As I explained in The Real History of AI: From Turing to Transformers, progress is never neutral. The challenge for 2025 is ensuring that AI serves as a shield, not just a weapon.

Until then, the best advice is also the simplest: trust cautiously, verify everything, and remember that not every familiar voice belongs to who it claims to be.

FAQs About AI-Generated Scams

(Images generated with the help of DALL-E.)

Every day, regular people—students, small business owners, retirees, even IT professionals—fall victim to cybercrime. And it’s not because they’re stupid, careless, or unlucky. It’s because today’s cyberattacks are automated, convincing, and wildly effective.

In this post, I’m breaking down how cybercriminals get your info, based on real-world experience from almost three decades in IT leadership roles. I’ll also give you 5 simple things you can do today to reduce your risk—no technical expertise required.

Tech It From Me

Tech It to the Bank: How Cybercriminals Really Get Your Info

Play Episode Pause Episode

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds

00:00 / 16:37

Amazon Apple Podcasts Spotify YouTube

RSS Feed

Share

Link

Embed

The Most Common Ways Hackers Steal Your Data

Let’s ditch the Hollywood imagery. Nobody is hammering away at your firewall by hand. Cybercriminals use automation to compromise thousands of people at once—and they’re incredibly efficient at it.

Here’s how:

1. Phishing

Fake emails or texts that mimic trusted brands like Amazon, PayPal, or Microsoft. They get you to click a link, log in, and boom—your credentials are stolen.

2. Social Engineering

You get a phone call from someone claiming to be IT support. Or HR. Or even your CEO. It sounds urgent. They need your info now. You panic. You give it.

3. Credential Stuffing

If you’ve reused the same password across multiple sites, this one’s for you. Hackers take stolen credentials from past breaches (like LinkedIn or Dropbox) and try them on hundreds of other platforms. It works a lot.

4. Fake Public Wi-Fi

Ever connected to “Free Airport Wi-Fi”? Sometimes it’s legit. Sometimes it’s a hacker’s laptop. Once you’re on their network, they can intercept your data.

5. Malicious Apps and Extensions

Shady mobile apps or browser extensions ask for more access than they need, then abuse it. They log your keystrokes, scan your clipboard, or upload your data without you knowing.

Why You’re More Vulnerable Than You Think

You don’t need to be rich or famous to get hacked. You need to:

• Reuse passwords
• Skip MFA
• Click one bad link
• Be on the wrong Wi-Fi network

Cybercriminals aren’t targeting you—they’re targeting everyone.

They run bots that test leaked credentials from old data breaches across platforms like Gmail, Amazon, and PayPal. If you’ve ever used the same password twice, you could be exposed.

Go check haveibeenpwned.com to see if your email has been in a breach. Spoiler: it probably has.

5 Things You Can Do to Protect Yourself

1. Use a Password Manager

I use 1Password—and I’m not compensated or affiliated with them in any way.

One of the reasons I use it is that it includes built-in support for MFA codes, so I don’t need a separate app like Google Authenticator. It syncs across all my devices and makes secure logins effortless.

Other great options include:

• Bitwarden
• Dashlane
• iCloud Keychain (for Apple-only users)

2. Turn on MFA

Multi-factor authentication (MFA) adds a second layer of protection to your accounts. If someone steals your password, they still need your phone or device to get in.

Turn this on for:

• Email
• Banking
• Social media
• Cloud storage

3. Stop Reusing Passwords

Every account should have a unique, strong password. If one gets compromised, the rest stay safe. Password managers make this easy.

4. Be Skeptical of Public Wi-Fi

Don’t trust open networks. They’re convenient, but risky. Avoid logging into sensitive accounts when you’re on them. I have a separate article that talks about issues around wi-fi, and how you can resolve them.

5. Use a VPN—Like Cloudflare WARP

A VPN encrypts your internet traffic, making it unreadable to snoops on public networks.

I personally use Cloudflare WARP. It’s free, fast, and easy to install—not just on your phone, but on your Mac or Windows PC too.

WARP isn’t a full VPN—it doesn’t spoof your location—but it does encrypt your data using Cloudflare’s secure network.
Perfect for cafés, airports, or anywhere with sketchy Wi-Fi.

I’ll be doing a full episode soon on VPNs: how they work, which ones to avoid, and how to choose the right one.

Lessons from the IT Trenches

As someone who’s spent their career in IT leadership, I’ve seen this stuff go sideways.

The most significant security breaches I’ve witnessed didn’t happen because of bad software.
They happened because of one person:

• Clicking a fake DocuSign email
• Reusing an old password
• Ignoring a security warning

Technology doesn’t get hacked—people do.

So my job as an IT leader is to make secure behaviour easier than insecure behaviour. That’s why I advocate for tools like 1Password and Cloudflare WARP. They reduce friction, and they encourage good habits.

One good decision can stop an entire breach chain.

Final Thoughts

Let’s recap:

• You are a target, even if you don’t feel like one.
• Cybercriminals count on laziness, reuse, and distraction.
• Password managers, MFA, and VPNs aren’t optional anymore—they’re essential.

You don’t have to fix everything overnight.
Just start with one thing.

Add MFA to your email.
Start using a password manager.
Try a VPN next time you’re on public Wi-Fi.

Security doesn’t have to be scary. It just has to be intentional.

Like this post? Share it with a friend.

Listen to the full episode of Tech It From Me wherever you get your podcasts from.

Or check out all episodes at techitfromme.com.

(Feature image generated with the help of DALL-E)