AI-powered scams can steal your money—watch 5 red flags

AI-powered scams – Visa says AI is accelerating fraud by compressing the time between a scammer’s message and your authorization of a payment—shifting scams from stolen credentials to deception that pushes you to act. The warning comes with five clear red flags, from cold calls

A payment prompt can feel like a lifeline. That’s what makes the newest wave of AI-powered scams so unsettling: they don’t just steal your information anymore—they push you to take the final step yourself.

Visa’s Spring 2026 Biannual Threats Report warns that AI-accelerated fraud is compressing the fraud cycle. making it easier to dupe consumers into authorizing malicious transactions. The result is a shift in how fraudsters operate and how financial institutions must respond. Visa describes the change as moving from “detect stolen credentials” to “detect and disrupt deception. ” because the real danger is now the moment a person is convinced to confirm a payment.

AI is being used to generate convincing scam content, including voice impersonation and deepfake media. Visa says the goal is to “manipulate people into authorizing payments themselves. ” increasing both the reach and perceived credibility of scams when exploited by actors with malicious intent. And once you authorize a transaction—fraudulent or otherwise—the responsibility lies with you. and you’re most likely to bear the financial cost.

The report also points to a broader change in the fraud landscape: fraud is shifting from credential theft and account hijacking toward social engineering tactics. Visa’s warning comes after it detected nearly $1 billion in scam-related activity from July to December 2025. including impersonation of trusted brands and companies. scams and phishing campaigns laced with financial urgency. and deception that led unwitting victims to complete transactions that appeared legitimate on the surface but actually resulted in financial loss.

ClickFix-like tricks are part of the problem—because they bypass traditional phishing defenses by exploiting psychological vulnerabilities. In ClickFix attacks. victims are lured into performing a malicious action themselves by being presented with a problem to solve—with an easy solution. One familiar pattern: a fake malware alert on a website urges you to open up a command prompt. copy and paste a code. and submit it to fix a PC “issue” in only a few steps. The “fix” is the trap.

When that same approach lands in finance, the mechanics are harder to ignore because the stakes are immediate. Visa notes that in payment flows. victims may have to authorize transactions before a payment request is accepted—verifying via an app. providing a one-time passcode. or clicking confirm. Fraudsters. Visa says. are exploiting that step by using AI-generated scam content and realistic impersonation to make the authorization feel routine.

The scariest part is how responsibility gets misplaced in plain sight. Fraudsters strip away the protections you expected from your financial provider when the “guarantees” of safety are undermined by your own authorization.

From July to December 2025, nearly $1 billion in scam-related activity included deception that looked legitimate right up until victims completed transactions. Visa’s warning ties that outcome to a new operating rhythm: AI compresses the time fraudsters need to reach you. and social engineering helps you decide—without realizing you’re the final link in the chain.

Here are the five red flags Visa and the broader scam pattern point to, with practical steps for what to do when you spot them.

1. Cold calls

Scammers may pretend to work for trusted companies such as a bank or wireless provider. They might lure you with a discount or free service in return for verification codes or account details. or they may request payment to resolve an “unpaid” bill. If you’re being cold-called, hang up. If you think the call could be legitimate. confirm through an official communication channel—such as the organization’s website—before you hand over a single dollar.

2. ClickFix-like tactics

ClickFix attacks work by appealing to problem-solving instincts: a scam presents an issue. promises a quick fix. and lays out a small number of steps. In a financial version. you might receive an email from your bank demanding an overdue payment and offering a discount if you act quickly. The message outlines three steps. including a link to pay or a QR code to scan. and one step requires you to authorize a transaction. It feels simple to fix. That’s the point. Take a step back before making any payments. Verify through an official channel such as your bank’s customer service line or support desk.

3. Romance scams

Some fraud is designed to make you panic; some is designed to wear you down. Romance scams often blend those tactics by pushing victims toward investment and financial fraud. The advice is stark: if someone you’ve never met asks you for money, simply say no.

4. Nearly genuine appearance

AI has changed the volume and polish of scam content. Visa’s warning points to the sheer volume of AI-generated material that can include emails. images. audio. and video—content that’s often difficult to distinguish from legitimate communication. If you can create realistic images or even a more professional-sounding email with an AI assistant. cybercriminals can use the same tools. Even if an email looks genuine. if it requests any financial change or payment. go through an official channel to confirm it is what it appears to be.

The “speed” problem doesn’t just hit consumers—it forces organizations to change too. Visa says building advanced scam detection networks and adopting AI-backed solutions to detect and flag impersonation. social engineering. or unusual transactions can boost fraud prevention. But Visa’s report emphasizes that speed is the key ingredient.

Now that AI is being used not only for social engineering but also for vulnerability discovery. reconnaissance. and network intrusion at a pace faster than defenses can keep up. businesses can’t rely on time-consuming. manual processes to protect consumers. (The source also notes that Mandiant has provided technical guidance on this topic recently.).

The push toward automation is already underway. Visa frames it as an economic shift: if AI can execute prompt-driven tasks. then defenses and coordination across the ecosystem become more critical than ever. Michael Jabbara. SVP. Payment Ecosystem Risk and Control at Visa. says. “The rapid adoption of AI has fundamentally changed the economics of fraud. What once required deep technical skill can now be executed with a prompt. That reality makes intelligence-driven defenses and coordinated action across the ecosystem more critical than ever.”.

For consumers, speed should work in the opposite direction. Acting quickly can give you time to step back and decide whether you should OK that payment after all—because with these scams. the most dangerous moment isn’t the message that arrives. It’s the authorization you make before you realize what’s happening.

Visa AI scams social engineering payment fraud deepfake media voice impersonation ClickFix romance scams cybersecurity awareness payment ecosystem risk