Cybercriminals are using AI to scale scams, from deepfakes to TikTok frauds, creating unprecedented risk for consumers and insurers
As Black Friday and the holiday shopping rush hit full speed, cyber insurers say they’re bracing for a threat landscape that has evolved faster in 2024 and 2025 than in the entire decade prior. The shift isn’t just about volume – it’s about velocity. Artificial intelligence is now amplifying cybercriminals’ ability to manipulate, mimic and ultimately engineer human behaviour at scale.
According to Neal Jardine (pictured right), chief cyber intelligence and claims officer, and Melanie Bean (pictured left), claims manager at BOXX Insurance, the season that already produces a spike in phishing incidents has now collided with a new era of AI-enabled social engineering.
“The future of cybercrime and AI is about hacking the human,” Jardine said. “Traditional cybercrime focused on breaking into systems and devices. Today, it’s about hacking the human in order to get money.”
Phishing and smishing are exploding
Asked what scam is rising fastest, Bean didn’t hesitate.
“Probably the AI phishing and smishing,” she said. “Smishing is SMS phishing – text messages – and these are the ones that claim delivery receipts or account problems, and it has links to fake sites. These scams are up over 100% in the last two years.”
Holiday timing only magnifies the problem.
“There’s a lot of brand impersonation – holiday-themed phishing emails and SMS messages,” Bean said. “These always have a spike in the weeks before Black Friday. They mimic order confirmations, delivery notices. There’s also fake e-commerce sites and advertising. Lots of fraudulent domains are registered with keywords like Black Friday and Christmas each season. Stats show about 15% are malicious.”
Jardine said their team saw a case just this week – a perfect illustration of how small-dollar scams now proliferate.
“We recently handled a case involving a credit card scam where the victim believed they were buying from a legitimate website,” he said. “The only thing that made it feel trustworthy was that it appeared in a TikTok reel. A cybercriminal created a reel promoting a holiday gift, the person purchased it, received one confirmation email, and then nothing. The website disappeared.”
The dollar values, he said, are deceptively small – but scale makes them lucrative.
“People often imagine cybercrime payouts being $10,000 or $100,000,” Jardine said. “But many of these scams are for $20 or $50. And because the loss feels small, people take the chance. Those low-value scams are actually far more frequent.”
The economics are simple.
“It’s not about losing $15,” Jardine said. “It’s that the cybercriminal is thinking: ‘If I take $15 from 200 people, that’s a successful campaign.’ All they need is a TikTok reel and a product link.”
AI changes everything – because it makes social engineering effortless
Both Jardine and Bean stressed that AI is already reshaping the scam ecosystem – not in theory, but in practice.
“This is a here-and-now situation,” Bean said. “There are all sorts of deepfakes out there. People think they’re watching a famous person endorsing a product when it’s really just a bot. Retailers are amping up because this is the season – well, cyber criminals are doing the same.”
Jardine said AI is transforming the scam economy by removing the friction and effort traditionally required to design believable lures.
“AI can build these fake websites instantly,” he said. “It can even target specific regions. You can tell it, ‘Target the Northeastern US, show me something people there will click on.’ A snow-shovel scam won’t work in Florida, but AI can map what will. The attacker isn’t doing research, they’re instructing AI to create whatever resonates in that market.”
The malicious part isn’t the AI itself – it’s the human behind it.
“The AI developers may not see what they’re doing as malicious,” he said. “But the harm comes from how cybercriminals use these tools.”
As for whether AI-enabled scams are only emerging or already here, Bean was explicit.
“It’s definitely into play,” she said.
The shift from hacking systems to hacking humans
Jardine said the evolution is also being driven by the natural consequences of better corporate cybersecurity.
“Cybersecurity for large organizations has improved significantly,” he said. “So, criminals are shifting their focus to individuals.”
He also pointed to a growing global cybercrime economy – one driven by volume and desperation.
The combination – better corporate defenses, more capable AI, more criminals entering the field – is exactly why attacks are rising.
“Are these attacks increasing? Absolutely,” Jardine said. “Is AI accelerating them? One hundred percent.”
How consumers can protect themselves – especially right now
Bean said the foundational advice still matters – but vigilance matters more.
“All the standard stuff is still legitimate,” she said. “Use MFA, don’t use public Wi-Fi, monitor your bank statements, and verify URLs before clicking. Look for misspellings or extra characters in domain names. Be skeptical. The cyber criminals are hard at work– you need to protect yourself.”
Jardine added that consumers need to recalibrate their instincts.
“People need to be more aware that online scams are everywhere,” he said. “For years, we encouraged consumers to ‘trust’ online shopping because businesses were moving digital. Now we need to teach them to be skeptical again.”
The rule of thumb, he said, is simple.
“Buying from Amazon isn’t the issue,” Jardine said. “Buying from something less familiar, like Frankswholesale.com, may be risky. If you’re purchasing from a non-standard retailer, understand you’re taking on risk and either accept it or walk away. If it’s too good to be true, it probably is.”
Related Stories
