AI & Deepfake Scams: 2025 Guide for Cybersecurity at Work and at Home

Global cyberattacks have surged by 58% since two years ago. Protecting yourself, your family, and your business from cyber threats like AI and deepfake scams has never been more critical. Cyber threats don't take a break, so we're providing practical, actionable steps that you can take to help safeguard your digital life at work and at home.

What are deepfake scams? When seeing isn't believing.

Deepfakes are fake videos, images, or audio recordings created using artificial intelligence that appear completely real. They can be thought of as highly sophisticated digital forgeries. For example, you might see a video of someone you know saying something they never actually said or receive phone call generated using a family member’s voice to request money.

In recent years, the use of deepfakes has surged dramatically, increasing by 550% from 2019 to 2023. Criminals exploit this technology to scam people and businesses with potentially devastating effects. In one notable incident, a Hong Kong company lost $25 million when employees received a video call from someone who appeared to be their CFO requesting a wire transfer. The "CFO" in the call was actually a deepfake.

How You Can Help Protect Yourself from Deepfake Scams

Verify through a different method: If someone makes an unusual request, such as asking for money, via video or audio, hang up. The suspicious request may include contact information. Don't use it. Use only your known contact information for that person.

Question their urgency: Deepfake scammers sometimes create artificial time pressures to prevent you from seeking verification. Consider that legitimate requests rarely require such immediate action.

Test it with personal questions: If something feels off, ask questions that only the real person would know, like those about specific childhood memories or recent conversations.

Establish a family code word protocol: Creating secret phrases shared only with family members can help you verify their identity during an emergency call requesting money.

Watch for glitches: Glitches may be subtle. Deepfakes may have odd lighting, unnatural blinking, lip movements out of sync with speech, or a voice cadence that is robotic.

What are AI scams? When technology makes fraud more challenging to spot.

Artificial intelligence technology gives scammers new, powerful tools that make their scams more convincing than ever. They're so difficult to detect that around 1 in 3 AI-powered scams succeed. 

Here's how cybercriminals are trying to scam with AI:

Phishing Powered by AI: We can all recall those obvious scam emails with spelling errors and generic greetings. Those days are gone. AI can now write flawless, personalized messages identical to official communications from your bank, employer, or even government agencies. These messages may include your name, reference real accounts you have, and could contain no obvious red flags.

AI Chatbots: Scammers deploy AI chatbots that pretend to be real people on social media, dating sites, and even business platforms, chatting like real humans. These chatbots can build relationships by commenting on your posts, asking questions, and creating trust over time before asking for money or your personal information.

Fake Websites Generated by AI: Cybercriminals can use AI to build convincing fake websites quickly, complete with professional designs, product descriptions, and even customer reviews. These sites may mimic banks, online stores, and government pages in an effort to steal your login credentials and financial information when you sign in or make purchases.

Investment Scams Using AI: Scammers can create thousands of fake social media accounts and use them to spread coordinated messages about cryptocurrency or stock opportunities. This artificial hype tricks people into investing in what end up being worthless assets while scammers profit and disappear.

How You Can Help Protect Yourself from AI Scams

Verify Independently: Don't click links in emails, texts, or social media messages even if they seem legitimate. Instead, type the web address directly into your browser or use saved bookmarks. If your bank "contacts" you, hang up quickly and call the official number on your card or statement to verify if they were contacting you instead.

Don't Share Personal Information via Chat: Whether you're on social media, dating apps, or business platforms, don't share sensitive details with anyone you're chatting with. Real companies will never ask for passwords, Social Security numbers, or account details through a chat.

Check URLs: Before entering login credentials or your payment information, take a close look at the web address. Scammers can create fake sites with only slightly misspelled names, such as "amaz0n.com" instead of "amazon.com," for example.

Be Skeptical of Investment Opportunities: Research proposed investment opportunities through independent, trusted sources. If everyone suddenly seems excited about an unknown cryptocurrency or stock, you may be witnessing coordinated AI manipulation.

Don't Rush: AI scams aim to create urgency using methods like limited-time offers, account closure alerts, legal threats, or investment opportunities that "won't last." Remember that legitimate organizations should give you time to verify those types of requests. If something demands immediate action, that's a signal to slow down and investigate the source.

What are real-life scams? When scams mimic real-life situations.

A real-life scam is a fraudulent scheme that mimics everyday situations to trick people into sharing money or personal information. Knowing what to watch for can help you protect yourself and your family. 

Here are some examples of real-life scams:

Romance Scams: A fake profile builds a romantic relationship, typically avoiding video calls, and professes love quickly. Then that fake person requests money urgently for an emergency. Once you care about someone, you may be more likely to give into this request. It's important to never send money to anyone you've only met online.

Job Scams: Be aware of any employer requests looking for payment for training or equipment as these may be fake. A legitimate employer should not request money during hiring.

Vishing: You may experience a phone call impersonating your bank or different government agencies threatening legal action or demanding immediate payment. You should hang up and call the official number for the bank or agency—legitimate organizations don't demand gift cards.

Fake Tech Support: This scam experience involved a pop-up claiming that your device is infected and demanding payment via gift cards. Real tech companies don't make unsolicited virus calls by pop-up, so close the pop-up immediately.

CEO Smishing: A text message that impersonates executives asking for urgent favors or gift card purchases is considered CEO smishing. Verify through a different channel such as by calling the executive directly by a known number you have for them.

What are some red flags that can help you identify real-life scams?

Be aware of these common red flags: urgency including pressure for quick decisions, untraceable payment methods such as gift cards, cryptocurrency, wire transfers, and refusal to verify identity through official channels.

How You Can Help Protect Yourself from Real-Life Scams

Verify Through Independent Channels: Hang up and call official numbers from the company's website. Never use contact information provided in the suspicious message.

Implement Verification Protocols: Establish a family password or secret question to help confirm if an urgent request from supposed relatives is real. At work, take the step to confirm unusual executive requests by calling the person directly using their known contact information.

Think Before Acting: Scammers rely on urgency to get you to bypass critical thinking. Take the time to research companies by searching for their name plus "scam" or check with peers before responding to any unusual requests.

Help Others: If you get targeted or scammed, report the incident to ic3.gov and reportfraud.ftc.gov to help protect others.

Why You Should Secure Your Logins

Your various login credentials make up the keys to your digital life. In 2025, one data breach was the second-largest data breach in history, leaking 16 billion stolen passwords. Know that:

• Password cracking succeeds in 46% of tested environments, nearly double last year's rate.
• 1 in 3 people have experienced at least one account compromise due to weak passwords.
• 78% of people reuse passwords across multiple accounts, making it significantly easier for cybercriminals to capitalize on these habits.

As cyber attacks become more sophisticated, they look for patterns and vulnerabilities. This can turn the convenience of reused login credentials into an open door for unauthorized access, data theft, and business disruption.

How You Can Help Protect Yourself from Account Compromise

Make Passphrases Longer: Aiming for at least 16 characters, use phrases instead of single words, such as "BlueCoffeeMug$Morning2025." A 16-character password beats something like "P@ssw0rd!" because it takes extreme effort to crack, while an 8-character password takes only minutes.

Don't Reuse Passwords: Reusing passwords can put your accounts at risk. If one account gets breached, criminals could try that password everywhere, from your bank and email to social media. Using a unique password for every account helps protect them, especially financial and work accounts.

Use a Trusted Password Manager: Let trusted tools like 1Password, LastPass, or Bitwarden remember your passwords for you safely. These tools can help you create strong passwords automatically and store them securely behind one master password.

Enable MFA: Add a second verification step for MFA, which is multi-factor authentication. This typically involves a code sent to your phone after entering your password. Even if your password is stolen, the thief can't access your account without that second verification factor. Be sure to enable MFA on banking, email, and social media.

Take Extra Care on Public Computers: Don't save passwords on shared devices, always log out completely, and avoid accessing any financial accounts on public Wi-Fi, such as at a library or cafe.

There's more to learn!

Cyberattacks don’t only exploit technology; they also exploit people. We can help you protect your business by training your team today. Contact Acrisure Cyber Services to get started or learn more about our cybersecurity services now.