AI fraud surge: Inside the latest threats with Frank McKenna and Matt Vega
Frank McKenna and Matt Vega
Let’s break this down.
Today we are digging into the AI fraud surge and what it looks like when fraud teams are no longer just dealing with faster scams, but with entire attack paths getting automated, scaled, and refined in real time. I sat down with Frank McKenna and Matt Vega to talk through what they are seeing across deepfake fraud, AI-generated phishing sites, credential-based attacks, and the broader convergence of fraud and cybersecurity.
And yeah, this is one of those conversations where a lot of things that used to sound theoretical really do not anymore.
At first glance, some of this can sound like a cybersecurity problem. But when you look closer, it lands right in fraud operations. Account takeover at scale. Phishing site cloning with AI. Adaptive fraud attacks that respond to controls. Deepfake-enabled impersonation. AI-powered scam operations that can move much faster than most manual review queues ever could.
That is the part fraud teams should care about.
Because the AI fraud surge is not just about new tools for criminals. It is also about what happens when those tools make familiar fraud patterns more scalable, more believable, and harder to stop with the controls that worked even a year or two ago.
Here is what that means in practice:
- AI-generated phishing sites can now be built faster, cheaper, and with fewer obvious mistakes
- Credential stuffing with AI is making account takeover at scale more adaptive and harder to block
- Deepfake fraud detection is becoming essential as impersonation gets more believable
- Fraud teams need behavioral biometrics for AI fraud, not just static controls
- The modern fraud stack for AI threats has to account for both fraud automation risks and cybersecurity overlap
What you’ll hear in this episode
- How the AI fraud surge is changing the speed and scale of fraud operations
- Why deepfake fraud detection and digital identity protections matter more now
- What AI-generated phishing sites and phishing site cloning with AI mean for brands and consumers
- Why credential stuffing with AI is creating more adaptive fraud attacks
- What fraud leaders can do now with better intelligence, automation, and layered controls
You should listen to this episode if you
- Lead fraud, risk, trust and safety, or security teams and want a clearer fraud leader response to AI threats
- Are building a fintech fraud prevention strategy for 2025 and beyond
- Need to understand how cybersecurity and fraud convergence is changing detection and response
- Want practical ideas for preventing AI-driven account abuse and fraud prevention for digital identity attacks
- Are rethinking your modern fraud stack for AI threats and real-time detection of AI-enabled fraud
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
Why the AI fraud surge feels different
Let’s break this down.
Fraud teams are used to change. New scam patterns. New attack tools. New channels. That part is not new. What feels different right now is the pace.
The AI fraud surge is accelerating because AI is making it easier for criminals to build, test, and improve attacks without needing the same level of skill, time, or cost. That does not mean every attacker suddenly became sophisticated. It means the tools got better and the barrier got lower.
That matters.
Because once that happens, the old separation between low-skill fraud and high-skill fraud starts to blur. A criminal does not need to code a convincing fake site from scratch if AI-generated phishing sites can do most of the work. They do not need a large team writing scam copy if AI-powered scam operations can generate endless variants. And they do not need to manually test every credential set if credential stuffing with AI can adjust on the fly.
Here is where that shows up operationally:
- Faster attack setup and iteration
- Lower-cost phishing site cloning with AI
- More scalable bot and fraud orchestration
- More pressure on teams relying on static detection logic
How AI is scaling phishing and account takeover
This is one of the clearest examples of the problem.
Phishing has always been effective because it borrows trust. A copied brand. A familiar login flow. A message that looks close enough to legitimate that people do not stop and question it. AI is making that easier to replicate and faster to launch.
At first glance, a cloned site may look like the same old playbook. But when AI can generate cleaner code, better design, more natural language, and faster variations, the scale changes. And when those sites connect to credential stuffing with AI or real-time account takeover workflows, the damage compounds quickly.
That usually does not end well.
This is why preventing AI-driven account abuse has to start before payment. Before the login succeeds. Before the customer gets locked out. Fraud teams need to think about account takeover at scale as a layered problem, not just a password problem.
That includes:
- Detecting suspicious device and session behavior early
- Using behavioral biometrics for AI fraud to identify automation or abnormal patterns
- Monitoring for phishing site cloning with AI and similar domain abuse
- Connecting identity, login, and payment risk signals instead of reviewing them in isolation
Why deepfake fraud detection is now part of fraud strategy
For a long time, deepfakes felt like a reputational issue or maybe a future problem for identity teams. That is not really where we are anymore.
Deepfakes now sit much closer to real fraud loss. They affect onboarding, support interactions, internal approvals, account recovery, and social engineering. And in some cases, they are being layered into larger fraud schemes instead of being used on their own.
This is where things get interesting.
Because deepfake fraud detection is not just about spotting a fake video or synthetic voice. It is about understanding how digital identity attacks evolve when criminals can mimic appearance, voice, confidence, and context well enough to get through weak controls.
And that is exactly the kind of vulnerability criminals look for.
Fraud prevention for digital identity attacks now has to account for:
- Synthetic media used during verification or support calls
- Impersonation layered into account recovery and payment changes
- Pressure on teams to make fast decisions without enough evidence
- More overlap between fraud review, identity verification, and security operations
Why fraud teams need offensive threat intelligence
One of the strongest points in this conversation is that defense alone is not enough. Fraud teams cannot just wait for attacks to hit production and then adjust. They need visibility into what criminals are building, sharing, testing, and selling.
That is where offensive threat intelligence for fraud teams comes in.
In simple terms, this means learning from the attacker side. Monitoring the tools, forums, workflows, and signals that show how abuse is evolving before it fully lands on your platform. Not because anyone wants to glorify it. Quite the opposite. Because good teams need context.
We have seen this playbook before. The earlier you understand how attackers operate, the better your controls tend to be.
That intelligence can support:
- Faster response to new phishing or impersonation methods
- Better rule tuning around known fraud automation risks
- Smarter prioritization for real-time detection of AI-enabled fraud
- Stronger fraud leader response to AI threats before losses spike
What the modern fraud stack needs now
Let’s take a step back.
No single tool is going to solve the AI fraud surge. And honestly, that is usually the point where the marketing copy starts getting weird. So instead, let’s keep this practical.
The teams that are going to respond well are usually the ones with strong foundations and flexible layers. Not just one model. Not just one rules engine. Not just one identity check.
A modern fraud stack for AI threats should combine:
- Behavioral biometrics for AI fraud
- Real-time detection of AI-enabled fraud across login, onboarding, and payment flows
- Strong identity and device signals
- Adaptive controls for bot and fraud orchestration
- Human review workflows informed by good intelligence, not just volume
And yes, AI vs AI fraud detection is going to become more common. Fraud teams will use automation to fight automation. That makes sense. But it only works if the underlying strategy is solid. Otherwise you just get faster chaos.
What fraud leaders should do next
If you lead a fraud team, this conversation is really about readiness.
Not panic. Not hype. Readiness.
Because banking fraud trends with AI and broader fintech fraud prevention strategy questions are already moving from discussion to implementation. The attacks are getting cheaper to run. The signals are getting noisier. And the line between cyber abuse and fraud abuse is getting thinner.
So what should teams focus on now?
Start with the basics that still matter. Strong layered controls. Better visibility. Better data sharing internally. Better coordination between fraud and security. Then pressure test whether those controls actually hold up against adaptive fraud attacks and AI-powered scam operations.
The takeaway here is pretty simple.
The AI fraud surge is not just about new tools. It is about a new operating environment. One where familiar fraud patterns can scale faster, hide better, and evolve more quickly than a lot of teams are prepared for.
That does not mean fraud teams are powerless. It means the response has to get sharper.
And that matters.
