Dangerous Scams Spreading Through Technology Right Now
AI deepfakes, voice cloning, QR code fraud, and cryptocurrency schemes are targeting millions — here’s what you need to know in 2026.
Dangerous scams spreading through technology have reached an unprecedented scale in 2026, reshaping the threat landscape for everyday consumers, businesses, and government agencies alike. Cybercriminals no longer need sophisticated technical expertise to operate at scale — generative artificial intelligence has placed highly convincing fraud tools within reach of virtually anyone with a criminal intent. According to research by cybersecurity firm Vectra AI, AI-enabled fraud surged 1,210 percent in a single year between 2024 and 2025, and the FBI’s own Internet Crime Complaint Center recorded nearly $21 billion in cyber-enabled losses in 2025 alone. The scams circulating today leverage deepfake video, cloned voices, QR code trickery, cryptocurrency investment fraud, and hyper-personalized phishing attacks that traditional security tools were simply not designed to detect. Understanding how these schemes work is no longer optional — it is the foundation of self-defense in an era when the human eye can no longer reliably distinguish fraud from reality.
AI Voice Cloning and Deepfake Technology in Scams
Among the most alarming developments in online fraud is the industrialization of voice cloning and deepfake video technology. Tools that once required expensive hardware and specialized expertise can now generate a convincing replica of any person’s voice from as little as three seconds of audio, according to current research cited by cybersecurity firm CybelAngel. In one documented case, engineering firm Arup lost $25.6 million after employees were fooled by a deepfake video call in which a fraudster impersonated a company executive. The FBI’s 2025 Internet Crime Report logged more than 22,000 AI-related fraud complaints with losses exceeding $893 million in that category alone — though Congressional researchers estimate fewer than five percent of voice clone victims report their losses, suggesting actual damages are considerably higher.
Deepfake-related losses in the United States reached $1.1 billion in 2025, tripling from $360 million in 2024, according to data compiled by Keepnet Labs. Deepfake-enabled voice phishing attacks — known as vishing — surged by over 1,600 percent in just the first quarter of 2025 compared to the fourth quarter of 2024. The FBI has issued public warnings about campaigns in which AI-cloned voices are used to impersonate senior U.S. officials, combining text messages and synthetic audio to steal sensitive information. In early 2026, cybersecurity researchers at Google documented attacks in which the Gemini AI tool was used to conduct reconnaissance and generate deepfake personas for use in fraudulent video calls, including one case linked to a North Korean state-sponsored group that used an AI-generated version of a prominent CEO to compromise a victim’s computer.
The FBI has warned that AI-powered imposter scams are among the fastest-growing fraud categories in the United States. Voice cloning scams reportedly cost elderly Americans over $2.3 billion in 2026 alone, according to FBI data cited by multiple security researchers. Only an estimated 15 percent of victims report incidents, meaning official figures represent a fraction of actual losses.
Personal family impersonation — sometimes called “grandparent scams” or “virtual kidnapping” — has taken on a disturbing new dimension with AI voice synthesis. Fraudsters harvest audio samples from social media videos to clone the voice of a family member, then call relatives claiming an emergency and demanding immediate wire transfers or gift card payments. The FBI documented this growing trend in formal advisories in 2025 and 2026, noting that older Americans are disproportionately targeted.
Pig Butchering: The Cryptocurrency Romance Scam Destroying Savings
The FBI reported that Americans lost $9.3 billion to cryptocurrency-related crimes in 2024 — a 66 percent jump from the year before — with investment fraud accounting for $5.8 billion of that total. A significant and growing share of those losses is attributable to a scheme known as “pig butchering,” a term that refers to the process of “fattening up” victims emotionally before draining their finances. The scam typically begins with an unsolicited message on social media, a dating application, or a messaging platform like Telegram. The fraudster, often operating from organized criminal compounds in Southeast Asia, builds a genuine-seeming friendship or romantic relationship over weeks or months before introducing a supposedly lucrative cryptocurrency investment opportunity.
Once a victim transfers funds to a fraudulent trading platform, they often see convincing fake returns displayed on the platform’s interface — a deliberate tactic designed to encourage larger deposits. When the victim eventually attempts to withdraw their money, the platform fabricates tax obligations or “fee” requirements that require further payments, and ultimately disappears entirely. TRM Labs estimated that pig butchering scams siphoned over $4.4 billion in a single year, while noting that only about 15 percent of victims ever report their losses. The U.S. Department of Justice has increasingly moved against these operations: a coordinated international takedown announced in May 2026 led to at least 276 arrests connected to scam centers operating under names including “Ko Thet Company,” “Sanduo Group,” and “Giant Company,” according to the DOJ’s official press release. The FBI also seized $8.2 million in cryptocurrency directly linked to pig butchering schemes on dating applications.
Criminal organizations operating pig butchering scams frequently use trafficked labor — people recruited with promises of legitimate employment who are then coerced into running fraud operations from compounds in Myanmar, Cambodia, the Philippines, and other locations. Interpol has called for replacing the term “pig butchering” with “romance baiting” to better reflect the victim-centered nature of these crimes and reduce stigma for those defrauded.
Generative AI has accelerated the pig butchering model considerably. Fraudsters now use AI chatbot tools to maintain multiple simultaneous “relationships” across language barriers, producing fluent, emotionally resonant messages at scale. Researchers have observed Southeast Asian crime syndicates adopting AI-assisted face-swapping technology for video calls, further reinforcing false identities. The combination of emotional manipulation and increasingly convincing technology makes these scams extraordinarily difficult to detect, even for cautious individuals.
QR Code Phishing (“Quishing”) and the Mobile Security Gap
QR codes have become so embedded in everyday life — on restaurant menus, parking meters, transit stations, and business correspondence — that most people scan them without a second thought. Cybercriminals have systematically exploited this behavioral pattern in a growing category of fraud called quishing, short for QR code phishing. Because a QR code encodes its destination link as an image rather than visible text, it bypasses the URL-filtering tools built into most email security platforms. The attack shifts from a corporate security environment to the victim’s personal mobile device, where far fewer protections exist.
Keepnet Labs reported a fivefold increase in QR-based phishing attacks from 2024 to 2025. By 2025, 12 percent of all phishing attacks contained a QR code, and 68 percent of quishing attacks specifically targeted mobile users, according to Keepnet’s published statistics. The FBI’s Internet Crime Complaint Center issued its first formal public service announcement about QR code tampering as early as January 2022, warning that criminals were placing fraudulent QR code stickers over legitimate codes on payment systems and public signage. The tactic has since expanded considerably. Physical sticker attacks across 200 store locations in a documented 2025 incident caused $2.3 million in damage control costs alone, according to data cited by East Carolina Criminal University’s cybersecurity researchers.
In 2025 and into 2026, attackers began pairing quishing with AI-generated follow-up communications — after a victim scans a malicious code, they receive a convincing automated text or email nudging them to “complete verification” or “resolve an account issue,” increasing the likelihood of credential theft or financial loss. A NordVPN survey found that 73 percent of Americans scan QR codes without verifying where the code will take them first. Microsoft’s 2025 security report noted that QR-based delivery had become a significant vector in successful phishing campaigns that bypassed multi-factor authentication.
Security researchers advise previewing the destination URL before opening any QR code link, particularly for codes found on physical surfaces in public spaces. Any code directing to a login page, payment portal, or credential-entry form should be treated with extreme caution. Report suspected quishing incidents to the FTC at ReportFraud.ftc.gov and the FBI’s IC3 at ic3.gov.
AI-Powered Phishing and Hyper-Personalized Social Engineering Attacks
Traditional phishing emails were often easy to identify: poor grammar, generic salutations, implausible sender addresses. Generative AI has largely eliminated these tells. AI-generated phishing emails now achieve click-through rates more than four times higher than their manually crafted counterparts, according to data cited by Vectra AI. Fraudsters compile personal data from previous breaches, public social media profiles, and commercially available data sets to construct messages that reference a victim’s employer, colleagues, recent purchases, or travel history — a technique known as spear-phishing. Guardio, a browser security firm, reported filtering one and a half times more scam and spam messages in November 2025 than in the same month in 2024, projecting that figure to nearly double by the end of 2026.
The World Economic Forum’s Global Cybersecurity Outlook 2026 found that 73 percent of organizations were directly affected by cyber-enabled fraud in 2025. Business email compromise (BEC) — in which attackers impersonate executives or trusted vendors to authorize fraudulent wire transfers — has been significantly amplified by AI. Fraudsters now deploy AI to clone writing styles from genuine corporate email threads, making impersonation nearly undetectable. Former Interpol Director of Cybercrime Craig Jones described the situation bluntly in public statements in early 2026, saying that AI has industrialized cybercrime, making attacks faster, more scalable, and harder to attribute.
A particularly dangerous evolution documented in 2026 involves self-modifying malware that uses large language models to mutate its own code in real-time as it spreads, rendering it nearly invisible to conventional antivirus tools. This category of AI-assisted malware represents what some security analysts have described as a fifth wave of cybercrime, operating at a speed and scale that outpaces the ability of traditional reactive defenses to respond effectively.
The Broader Technology Scam Landscape: Additional Threats to Watch
Beyond the headline-generating categories above, several additional scam types are expanding rapidly through digital channels in 2026. Sumsub’s 2025–2026 Identity Fraud Report documented a 180 percent increase in “sophisticated fraud” — a category defined by enhanced deception techniques, social engineering, and AI-generated synthetic identities — compared to 2024. Deepfakes now account for 11 percent of global fraudulent activity, according to Sumsub’s research. The fraud ecosystem has diversified significantly, with criminals targeting mobile payment systems, fake employment opportunities, and government benefit impersonation schemes.
Fake apps spread through unofficial stores or phishing links redirect payment transactions to criminal wallets, exploiting the speed and trust built around instant payment systems.
The FBI, DOJ, and CISA have documented North Korean state-sponsored IT workers using deepfake technology to secure employment at over 136 U.S. companies, later escalating to data theft and extortion.
AI-powered chatbots now impersonate customer service representatives from major technology companies with greater accuracy, convincing victims to grant remote access to their devices or pay for fictional services.
Fraudsters clone the voices and appearances of senior officials, using AI-generated audio and video to demand payments, solicit sensitive information, or redirect victims to fraudulent portals.
Kaspersky warned in late 2025 that telecommunications-related scams are set to rise further in 2026 as the rollout of newer network technologies introduces fresh operational risks. The FTC’s Consumer Sentinel Network classified imposter scams as its top fraud category in 2025, with reported cases approaching one million annually and losses exceeding $3.5 billion in that category. Impersonation fraud cases rose approximately 19 percent year-over-year, driven primarily by AI-assisted personalization that makes fraudulent contacts significantly harder to dismiss.
What Dangerous Scams Spreading Through Technology Mean for Protection Strategies
The legislative response to AI-enabled fraud is accelerating. As of April 2026, the U.S. Senate Commerce Committee and the House Energy and Commerce Committee announced hearings focused specifically on AI voice fraud. Two significant legislative efforts are in progress: the Voice Cloning Protection Act, which would require explicit consent before a person’s voice can be used to train AI models or generate synthetic speech; and the DEEPFAKES Accountability Act, which would require digital watermarking of AI-generated audio and video to make synthetic media identifiable to detection tools. The FTC has also proposed expanded authority to regulate deceptive AI-generated communications under existing consumer protection mandates.
On a practical level, security experts recommend several layers of protection. Establishing a personal “safe word” with family members — a code that can be requested during any unexpected call claiming an emergency — is one of the simplest defenses against AI voice cloning impersonation. For financial transactions, verifying any unexpected wire transfer request through a separate, pre-established communication channel is essential, even if the requesting party’s voice or video appears genuine. The FBI explicitly advises that organizations can no longer rely on caller ID verification, as attackers routinely spoof numbers matching known contacts. Reporting suspected fraud to the FTC at ReportFraud.ftc.gov and the FBI’s IC3 at ic3.gov remains the recommended first step, and prompt reporting to financial institutions can, in some cases, enable account freezes before funds are fully transferred.
Frequently Asked Questions About Technology Scams
What is AI voice cloning and how is it used in scams?
AI voice cloning is a technology that generates a synthetic replica of a specific person’s voice using machine learning, typically requiring only a short audio sample. In scams, criminals use cloned voices to impersonate family members in fake emergency calls, replicate executives in business fraud schemes, or imitate government officials to steal sensitive information. According to research published in 2025, a convincing voice clone can be produced from as little as three seconds of audio.
How does pig butchering work and why is it so hard to detect?
Pig butchering is a form of investment fraud in which criminals build long-term, trust-based relationships — often romantic in nature — with victims before introducing fraudulent cryptocurrency investment platforms. The scam is difficult to detect because victims are not approached with a sales pitch; instead, they are emotionally invested before any financial request is made. Fake platforms display convincing profit dashboards to encourage larger deposits until the operator vanishes with all transferred funds.
What is quishing, and how is it different from regular phishing?
Quishing is a form of phishing that uses QR codes instead of clickable hyperlinks to deliver malicious destinations. Because the link is encoded in an image, it bypasses most email security filters that scan for suspicious URLs. The attack is also more dangerous on mobile devices, where browsers often display only partial URLs and fewer security warnings are visible. The FBI first formally warned about this tactic in 2022, and QR code phishing has grown substantially since then.
How much money did Americans lose to cybercrime and online scams in 2025?
According to FBI data, cyber-enabled scams cost Americans nearly $21 billion in 2025, with AI-related fraud becoming one of the fastest-growing categories within that total. Cryptocurrency-related crimes alone accounted for $9.3 billion in losses in 2024, a 66 percent increase from the prior year, according to the FBI’s IC3. Experts note that official figures significantly undercount actual losses because the majority of victims never file a report.
How can I protect myself from AI-powered scams and identity fraud?
Security experts recommend establishing a verbal “safe word” with family members to use in any unexpected emergency call, verifying all urgent financial requests through a separate pre-established channel, and treating any unexpected QR code with caution before scanning. Never act on urgency alone — a defining feature of most technology scams is pressure to move quickly before the victim can verify. Report suspected fraud to the FTC at ReportFraud.ftc.gov and to the FBI’s IC3 at ic3.gov, and contact your financial institution immediately if you believe you have transferred funds to a scammer.
- FBI Internet Crime Complaint Center (IC3) — 2024 and 2025 Annual Internet Crime Reports
- Federal Trade Commission (FTC) — Consumer Sentinel Network 2024–2025 Data
- Vectra AI — AI-Driven Fraud Surge Analysis, March 2026
- Deloitte / Javelin Strategy & Research — AI Fraud Loss Projections, 2024–2026
- Sumsub — 2025–2026 Identity Fraud Report
- Keepnet Labs — Deepfake Statistics & Trends 2026
- U.S. Department of Justice — Coordinated Scam Center Takedown Press Release, May 2026
- TRM Labs — Pig Butchering Analysis and Cryptocurrency Fraud Research
- World Economic Forum — Global Cybersecurity Outlook 2026
- CybelAngel — Voice Cloning and Deepfake CEO Fraud Research, 2025–2026
- Guardio — Annual Scam and Spam Volume Analysis, November 2025
- Interpol — Statement on Romance Baiting / Pig Butchering Terminology
- The Independent / Inkl — “Why 2026 Is the Most Dangerous Year Ever to Be on the Internet,” March 2026
Staying One Step Ahead of the Fraud Wave
The dangerous scams spreading through technology in 2026 are not simply more frequent versions of the fraud that existed a decade ago — they represent a qualitative shift in what criminals can achieve with accessible, low-cost AI tools. A voice can be cloned from a birthday video. A cryptocurrency trading platform can display convincing returns until the moment it vanishes. A QR code printed over a legitimate one at a parking meter can silently redirect a payment. Awareness remains the most durable layer of defense, but it must be paired with verification habits that account for the fact that digital content — voices, video, and text — can no longer be trusted at face value. As regulatory frameworks catch up and detection technology matures, the responsibility for protection in the near term rests substantially with informed individuals who understand what these scams look like, how they operate, and where to report them when they appear.
