Has GenAI Changed the Face of Online Fraud?

There was the world before ChatGPT burst into our lives, and there is the world since. GenAI has entered almost every area of our lives, from music to communication, religion, politics, therapy and much more – in ways we’re often not quite sure about yet. What’s really happening? How does it work? How do we feel about it? The answer is frequently TBD. It’s a work in progress. Online fraud, of course, is no exception. 

I’ve been spending a lot of time in recent months researching and writing about GenAI in the context of online fraud, while working on the book The Fraud Fighter’s AI Playbook with my co-author’s Gilit Saporta and Chen Zamir. The book should be out in 2026, and you can find the early release here.

From all the interviews I’ve conducted, and the reading and thinking I’ve been doing, my conclusion so far is that, yes, GenAI has changed online fraud in important ways. However, most of the tactical shifts, including those that get all the headlines, are essentially just the next phase in the ever-evolving war of attack and defense between fraudsters and fraud fighters. They’re not really new. 

What has changed in a meaningful way is the shape of the online fraud landscape. In this article I’ll outline the changes as I see them so far, put them into context, and then explain what I think is most significant so far about GenAI’s impact on online fraud. 

GenAI: Democratizing Online Fraud

GenAI makes it easy to create videos, audio, text, code you name it. Computing used to be about data – storage, retrieval, calculation, analysis. Now it’s about creation. You can create any kind of content you like, just by asking. The fraud use cases were obvious early on, whether using the platforms we’re all familiar with, such as ChatGPT, Gemini, Claude etc., or jailbroken versions such as FraudGPT, WormGPT, DarkBARD and so on. Here are some of the most common uses already out there:

• Deepfake videos and audio are used to make scams and phishing attacks more convincing, and to bypass KYC. 
• Conversations with scam victims, and with customer support representatives, using GenAI to provide convincing text in whatever language the victim uses.
• Creating sites quickly and easily that either mimic real ones, or can be used to sell fake items.  
• Making bots to attack quickly, testing stolen data for ATO or card testing, switching up digital profiles, and so on.
• Personalization on steroids. There’s so much information about people on the open web that GenAI can craft messages, images and approaches that target people on an individual level. 

There are two things to note about this brief list.

The first thing is that the tricks themselves – the results – are not new. We’ve seen these types of things around for a long time. 

What has changed is the combination of scale, speed and sophistication available – more on that in a moment.

The second thing is that anyone can do it. Where there used to be barriers created by language, culture, knowledge of code, understanding of design and design tools, and so on, there’s now GenAI to fill in all the gaps. GenAI has massively democratized fraud, speeding up a process that had already been going on for years as automation and crime-as–a-service opened up the avenue of fraud to more and more people.

GenAI’s ubiquity came at a time when other factors were already pushing more people towards fraud. Rising costs of living, the entry of new fraudsters during the coronavirus pandemic, scam compounds fueled by human trafficking, economic uncertainty and so on meant that the stage was already set for GenAI’s entrance to make a big impact. 

Scale, Sophistication and Speed

Faking your way through a KYC process, or stealing personal information through a phishing scam, or even tricking an employee into wiring thousands of dollars to you because they think they’re helping out the CEO, was entirely possible before GenAI. But it used to take investment. Thought, planning, effort, trial and error, timing. With GenAI, the bar is so low it’s practically on the floor. 

Sophisticated fakes are now fast and easy to put together, and the result is scale like we’ve never seen it before. 

The result is that websites pretending to be a bank or store sometimes come up before the real ones in search results. As much as 10% of Meta’s 2024 revenue – around $16 billion – came from advertising linked to scams and banned goods. After FraudGPT went viral in the fraud ecosystem, expert and researcher David Maimon’s team observed a 150% increase of compromised bank accounts on average across 80 marketplaces. Americans experience on average 100 scam attempts every month. And so on. 

The Latest Round in the Ongoing Arms Race

It’s always about ROI, for fraudsters. Their aim is to put in as little effort as possible, and maximize their profit. They’re pragmatic thieves. With GenAI, the equation has tilted in their favor.

It now takes very little effort to create convincing deepfakes, messages, chats, websites and more. At the same time, the attack potential has expanded. Cards and account details can be tested at the speed of lightning. Even malware and bots can be made quickly and with little technical expertise.

GenAI hasn’t changed the nature of fraud attacks – yet, at least. But it’s taken the difficulty level up for fraud fighters, by lowering it for fraudsters. 

The Real Change: The Shape of the Fraud Landscape

Fraud attacks are a fresh version of the same thing. 

What has changed is the shape of the fraud landscape. 

Five years ago, the focus in fraud fighting was largely on preventing credit card fraud, and the emphasis was at the point that the money moved – checkout, bank transfer, etc. That’s no longer the case. The gravity has shifted, and aspects that used to be side issues now have major weight:

• Scams. One survey found that by mid 2025, 96% of Americans were being targeted by scammers every week. One scammer admitted that he aims to make 400 calls every day and that he targets £10K, largely using spoofed numbers to impersonate a card company. Scams now account for over a quarter of US banks’ fraud losses – having more than doubled from just 12% a year earlier.
• First-party fraud. Also called “friendly fraud” (a total misnomer), first-party fraud is even more unfriendly than it used to be. With GenAI it’s easy for folks to create fake proof of items being damaged, fake receipts, and so on. This deserves an article of its own, which I’ll aim to get to soon, but there’s no doubt that it’s become a huge problem. A Ravelin survey, The Rise of Friendly Fraud report, found that in 2024, 40% of regular shoppers they surveyed were willing to admit to committing first-party fraud in the last year.
• Synthetic identities. These used to be more of a niche version of identity fraud, because it tended to take a bit more effort to put together bits of real and fake information, or information from two or more different real sources, in fraudulent ways. It’s easier to just make up something fake from scratch, or take over a full real identity. Fraudsters would put the effort into a synthetic identity mainly when they expected a payoff that was big enough to make it worthwhile, like a long-term insurance or mortgage type bust out. Now that it’s so much easier, the dynamic has changed. 
• Money muling and KYC/KYB chicanery. Again, these used to take more effort. The easier it becomes to trick people into working for you, or set up new accounts, or gain illicit access to real ones, the more we see the knock-on effects across industries, financial activities and commerce. 

If you’re still focused on checkout and credit card fraud, you’re likely missing a lot of the trouble. The attack landscape used to have limited points of vulnerability that were hit most often and needed the most protection. Now, the surface area that needs your attention is much, much larger.

How your day-to-day experience of online fraud or fraud fighting has changed depends on the industry you work in, your role and your company’s focus. 

As the fraud landscape shifts around us, it’s important to keep track of what’s going on across the ecosystem. For one thing, fraudsters never distinguish between verticals, attack types and so on. For another, the ripples of the GenAI impact keep widening. And that’s not likely to stop.