Cybercriminals seem to be very interested in generative AI. Microsoft warns that the technology has advanced to the point where online scams can now be completed in minutes instead of days or weeks, and with little to no technical knowledge required.
Microsoft writes in the latest version of its Cyber Signal report that artificial intelligence has begun to lower the technical barrier for fraud and cybercriminal actors seeking their own productivity tools.
The range of online scams that AI can be used for is vast. For example, these tools can help create social engineering lures by scanning and scraping network data to build detailed profiles of employees or other targets.
There are also sophisticated fraud cases that utilize AI-enhanced product reviews and AI-generated storefronts, where scammers will create complete fake websites and fake e-commerce brands, and falsify business history and customer reviews. Scammers can even use artificial intelligence to design customer service chatbots to falsely report unexplained charges and other anomalies.
There have long been reports that the evolving technology of deepfakes is making it a popular tool for fraudsters. We've seen it used to create fake celebrity endorsements, impersonate friends and family, and even, as Microsoft points out, used for recruiting and application interviews conducted over video calls. The company notes that lip-sync delays, robotic voices, or strange facial expressions are all signs that the person on the other end of a video call may be a deepfake.
Microsoft advises consumers to be wary of limited-time offers, countdowns and questionable reviews. They should also double-check domains and reviews before purchasing, and avoid payment methods that lack fraud protection, such as direct bank transfers and cryptocurrency payments.
Tech support scams are also on the rise. While artificial intelligence is not always involved, tech support scammers often pretend to be legitimate IT support staff from well-known companies and use social engineering tactics to gain the trust of target users. The Windows "Quick Assistant" tool is often used in this type of scam, allowing an attacker to use a remote connection to view the screen or take over the screen to fix the problem. As a result, Microsoft is adding a warning to Quick Assistant and asking users to check a box to acknowledge the security risks of screen sharing. Microsoft also recommends using Remote Help instead of Quick Assistant for internal technical support.
While the article focuses on the dangers of AI fraud, it also notes that Microsoft will continue to protect its platform and customers from cybercriminals. Between April 2024 and April 2025, Microsoft blocked $4 billion worth of fraud attempts, rejected 49,000 fraudulent partner registrations, and blocked approximately 1.6 million bot registration attempts per hour.