ESAs ¦ ESAs publish Key Tips to Help Consumers Detect, Prevent, and Act On Online Frauds and Scams

Online financial frauds and scams in an AI world – how to stay safe

Artificial Intelligence has made online financial frauds and scams more convincing and harder to detect. What used to be obvious red flags are now masked by synthetic voices, AI-generated videos and images, highly personalised messages and fake websites that mimic the look and tone of legitimate organisations. Criminals use these tools for impersonation, phishing, investment and insurance frauds, romance scams, purchase frauds and crypto-related schemes. They reach victims through social media, messaging apps, emails and phone calls that often sound realistic because AI helps craft scripts and clone voices. The result is higher emotional pressure on victims, faster manipulation cycles and new techniques – such as look-alike crypto addresses and automated social bots – that amplify trust and urgency.

Recognising warning signs

• A promise that seems too good to be true is often the first sign of a scam.
• Urgency and high-pressure tactics – limited-time offers, threats, or insistence you act immediately – are classic manipulative techniques amplified by AI.
• Unexpected calls from unknown numbers or from numbers that appear to match legitimate institutions should be treated with caution; criminals use number spoofing to appear authentic.
• Requests to take control of your device, to download apps, or to scan QR codes are dangerous and often precede malware installation or account takeover.
• Watch for requests for personal or banking data such as passwords, internet banking credentials, PINs, security codes, or, in the crypto space, private keys and seed phrases – legitimate organisations never ask for these.
• Pay attention to links and email addresses: spelling errors, unusual domains, missing HTTPS, and small distortions in logos or layout can indicate fraud, although AI can sometimes mask these signs.
• Voice cloning may produce speech that is too smooth, lacks natural pauses or sounds slightly off; deepfakes may show mismatched lip movements or inconsistent lighting.
• In crypto, specific red flags include requests to pay via untraceable methods (cryptocurrencies, gift cards, wire transfers, prepaid debit cards), unknown exchange platforms, and offers promising guaranteed fast, high returns.

Concrete steps to protect yourself

• Never share personal or banking information by email, text, social media or phone.
• Pause and think before you act – if a message creates a strong sense of urgency, stop and verify.
• Always check the source and identity of messages, calls and links; use independently verified contact details rather than information supplied in the suspicious message.
• Search for the company independently, use verified business directories, or contact family and friends using known phone numbers to confirm any request.
• Agree on a family safe word to confirm identity when a relative calls with an urgent money request.
• Do not install remote access software or share screens with someone who contacts you unexpectedly – banks and legitimate financial institutions will never request that.
• Keep devices, apps and antivirus software updated. Use strong, unique passwords and enable multi-factor authentication where available.
• In the crypto world, never share private keys or seed phrases; treat them as the absolute secret to your assets.
• Be cautious with unexpected investment offers and social media giveaways that require an initial payment; if it sounds too good to be true, it probably is.
• Limit what you share publicly on social media – oversharing makes it easier for fraudsters to personalise attacks.

Bastian Schwind-Wagner _Follow

"Artificial Intelligence has sharpened the tools fraudsters use, making scams more personalised and harder to detect; staying cautious and verifying every unexpected request can prevent most losses. Simple habits – never sharing passwords or private keys, enabling multi-factor authentication, and pausing before acting on urgent messages – significantly reduce your risk.

If you become a victim, immediately stop transactions, contact your bank or crypto provider through official channels, and change all passwords across your accounts. Report the incident to the police and financial authorities and warn your network to limit further harm and help others avoid the same trap."

What to do if you become a victim

• Immediately stop all transactions and cease contact with the scammer – block numbers and email addresses.
• Contact your bank, financial institution or crypto provider through official channels to explore options for freezing or reversing transfers; while crypto transactions are often irreversible, providers may still freeze accounts on their platforms or blacklist wallet addresses.
• Change all passwords across your accounts and devices because fraudsters often reuse stolen credentials.
• In crypto incidents, disconnect and revoke suspicious permissions on smart contracts, use trusted permission-checking tools to see approvals, revoke authorisations, and transfer remaining funds to a new secure wallet if your wallet is compromised.
• Report the incident to the police and to your national financial supervisory authority, and alert friends and family to prevent further spread.
• Beware of recovery scams: fraudsters often re-target victims by posing as authorities or “recovery services” promising to get money back for a fee – this is usually another scam.

How AI is used in common scam types

Impersonation and deepfake scams

Attackers call or message pretending to be banks, public authorities or relatives, using personal details to build credibility and AI-generated audio or video to impersonate voices or faces.

Phishing and social engineering

AI helps craft highly believable messages and fake websites that mimic official layouts and languages, often using social media data to target victims precisely.

Investment and insurance scams

Ads on social media promote “limited-time” opportunities or fake celebrity endorsements; AI creates professional-looking documents and bots to simulate advice and social proof.

Romance scams and romance-investment frauds

Fake profiles, sometimes generated by AI, build trust and steer victims toward investment schemes that result in financial loss and identity theft.

Purchase scams

Fraudulent sellers ask for payment outside official platforms and redirect buyers to fake bank authentication pages to harvest credentials.

Crypto-specific scams

Pump-and-dump or rug-pull schemes, phishing of wallets and seed phrases, giveaway scams, look-alike wallet addresses that poison your wallet history, and Ponzi schemes that pay early participants with funds from later victims. In crypto, small deceptive transactions create auto-suggestions of malicious addresses, increasing the risk that victims copy the wrong address and lose irrevocable funds.

Practical verification checks and resources

• Verify website security by checking for HTTPS and inspecting the URL for subtle character changes.
• Use verified contact details from official sites or regulatory registers rather than details provided in unsolicited messages.
• For crypto providers in the EU, consult registers such as ESMA and warnings lists like IOSCO I-SCAN.
• Use reputable antivirus and anti-phishing tools, and install apps only from official app stores.
• Employ hardware wallets or secure custody solutions for significant crypto holdings and separate small, day-to-day wallets from long-term storage.
• Use a password manager to generate and store unique passwords and enable multi-factor authentication across accounts.

Closing guidance

AI will continue to improve the realism of fraud attempts, making vigilance essential. The combination of careful verification, digital hygiene (strong passwords, MFA, updated software), scepticism toward high-return and urgent offers, and prompt action when targeted – stopping transactions, contacting providers, changing passwords and reporting incidents – remains the most effective defense. If in doubt, pause and verify through trusted channels. Reporting scams not only helps you but strengthens collective defences by alerting authorities and preventing further victims.

Dive deeper

• EBA ¦ ESAs publish key tips to help consumers detect, prevent, and act on online frauds and scams ¦ Link