While AI is helping many of us to work more quickly, it is also significantly enhancing the sophistication, scale, and effectiveness of scams, making crime harder to detect and much more convincing than traditional methods.
Scams cost Australians billions each year. Whether it is fake SMS, emails, unexpected phone calls or online schemes, scammers continue to find clever ways to gain your trust and steal your money or personal information.
One of the most concerning recent developments relates to the rise of AI-generated fakes, or “deepfakes,” which are being used to scam individuals and businesses.
AI deepfakes include digitally manipulated audio, video, or images that can convincingly mimic real individuals, making it difficult to distinguish between authentic and fraudulent communications. Voice cloning, for example, allows scammers to replicate a person’s speech patterns and tone, enabling fake phone calls that request urgent changes to bank details or payment instructions.
In Australia, the scamming threat is very real and costly. According to an official measure of scamming, total combined losses reported to ScamWatch, ReportCyber, IDCARE, Australian Financial Crimes Exchange (AFCX) and the Australian Securities and Investment Commission (ASIC) amounted to $2.03 billion in 2024.
According to Scamwatch, the top five scams by loss in 2024 were:
- Investment: $945 million
- Romance: $156.8 million
- Payment redirection: $152.6 million
- Remote access: $106 million
- Phishing: $84.5 million
The losses from these five scam types accounted for 71 per cent of total losses in 2024.
What can we do?
There are several simple, effective ways that we can fight these threats.
Be sceptical: Most of us were brought up to trust first then ask questions later, but we can’t afford to do that anymore. Ask yourself if the message or call is fake. Ask for proof of authenticity if someone asks for money.
Never click a link in a message: Only contact businesses or government using contact information found on their official website or app. If you’re not sure, say ‘no’, hang up or delete.
Never send money or sensitive info: Be extra cautious when dealing with someone you’ve only met online or someone requesting money or personal data.
Slow down: Increase the friction to stop scammers. Many scams work on urgency and the fact you aren’t thinking properly when you are targeted.
Use multi-factor authentication (MFA): It’s mostly free, fast, and stops attacks dead in their tracks. If MFA is an option, use it. Use biometric verification, and device fingerprinting too, which can be impossible to replicate, even by AI.
Ask questions: Be curious, do your research, ask your friends, ask your trusted IT people and report anything suspicious.
Act quickly if something feels wrong: Contact your bank if you notice unusual activity or if a scammer gets your money or information. Seek help and report the scam to Scamwatch. When you report scams, you help stop the scam and warn others.
Response planning: Develop and regularly update a response plan for cyber incidents, including protocols for client notification and financial recovery. Backup your data and be prepared to recover.
Train staff: Educate employees on the risks of AI fakes and how to recognise red flags in communications. Awareness is a critical line of defense. Roll out phishing simulations and awareness training through ethical phishing platforms.
Cyber security isn’t just an IT problem, it’s everyone’s responsibility. AI fakes are a new frontier, and they’re not slowing down. But with the right tools, training, and mindset, we can stay ahead of the curve.
Article was authored by Matthew Rowston, IT Manager at HLB Mann Judd Perth.