Fraud Trends 2026: AI Scams, Deepfakes and New Threats

Picture the call. A grandson’s voice, shaky and scared, explaining that a wreck put him behind bars with nothing in his pockets and bail due now. His grandmother does what any grandmother would do and rushes cash to the rescue. The catch is that her grandson never made the call. A deepfake did, mimicking him well enough to empty her account through a straightforward impersonation scam.

Calls like that have become ordinary. Deepfakes drive roughly 11% of fraud globally, and they are one piece of a far bigger operation. The pages ahead lay out the schemes causing real harm and the moves that genuinely blunt them, for people and companies alike.

The 2026 fraud landscape: key stats and shifts.

Losses to fraud topped $12.5 billion in 2024, a 25% rise over the year before. The figure makes sense once you see how criminals retooled. Gone are the throwaway phishing links languishing in spam. In their place sits artificial intelligence, aimed at the weak points of one industry after another.

The United Kingdom offers a clean illustration: deepfake attempts there surged 94% in twelve months even as the overall fraud count held steady. Fewer attacks does not mean safer. Each one now arrives more refined, more customized, and more automated, and that combination tilts the field toward the criminal while defenders fall behind.

What’s really behind fraud rates in 2026

Read past the top-line dip. Fraud rates eased a touch in 2025 versus 2024, and the situation still deteriorated. Identity fraud entered a sophistication shift, with the advanced-deception category soaring 180% in a year on the back of layered trickery, social manipulation, and AI-fabricated identities engineered to glide past detection.

The reason sits in the toolkit. Generative AI and autonomous fraud agents do the heavy lifting for criminals while loading defenders with extra work. Fraud-as-a-service shops rent out these capabilities, which means low-skill operators can run attacks that once demanded real expertise. Distance only helps the criminal.

A fraudster abroad can strike a victim continents away, frustrating any chance of tracking or charging them, and card data stolen in one place gets spent in another with weaker guards. The people defending against all this have to stay a step quicker than the people attacking, and the gap is narrow.

AI-driven fraud: deepfakes, malware and more.

The bulk of AI scams rest on synthetic identity fraud and deepfakes. Phishing and vishing, hardly new, grew teeth once AI let a single operator launch custom attacks at industrial volume.

Deepfake scams: video, audio, and photo attacks

Deepfakes left the fringe behind. AI lingered near the fraud world for years, then the problem changed character. The old model of a single clever gadget is finished. In its place stands a factory floor, where tools that fake documents, voices, and faces hook into automation and the underground markets that trade everything else. The targeting is cruel by design.

In July 2025, a Florida mother paid $15,000 after a call that sounded exactly like her daughter, hysterical about an arrest following a serious crash. A man claiming to be a lawyer set the bail, she paid in cash, and only a second demand for money roused a relative’s suspicion. Companies can do something about this. Educating customers on what fraud looks like helps, and so does detection that catches counterfeit ads and unauthorized use of a brand’s name.

Agentic AI and automated fraud campaigns

An AI fraud agent operates independently, blending generated content, scripting, and copied human behavior to clear a verification gate. The trouble is that it gets better with practice. Every failed run informs the next, and the agent reshapes its approach in real time against the exact defense that stopped it.

Slot one into a fraud-as-a-service marketplace and a clumsy criminal gains expert-grade reach. The encouraging part is that defenders can field their own agents, turning the fight into a clash of automated systems.

AI-mutated malware and adaptive cyberattacks

Malware itself may be learning new tricks from AI. Ransomware and phishing runs can change shape on the fly, gauging a target’s reaction and slipping past detection before the strike arrives. Researchers at Cornell University built attack frameworks that defeated most antivirus tools.

Once those land in fraud-as-a-service catalogs, the capability spreads well past skilled hackers. Language models keep improving, biometrics keep hardening, and the standoff drags on.

Synthetic identity fraud explained

Made-up identities are carrying more of the fraud load everywhere. The build combines an AI-generated face, a fictional address, and a real stolen credential, then runs the composite through verification at banks, exchanges, and fintechs. Approved and dormant, the persona later wakes up to commit fraud, sometimes across hundreds of accounts.

Toronto Police, working a case named Project Déjà Vu, tied hundreds of accounts to one person using fabricated identities across Ontario, with confirmed losses near CA$4 million. What stops it is behavioral analytics that notice unnatural activity and machine learning quick enough to keep pace with a wave of fakes that no human reviewer could ever clear.

Vishing with AI: exploiting trust in people you know

A cloned voice can persuade a target they are speaking with someone they love, and vishing exploits that to drag out sensitive information. It works because next to nobody sees it coming. In voice-cloning tests, listeners told genuine from fake voices only 37.5% of the time.

The playbook calls for impersonating a relative in distress to force a fast payment. Studies of female synthetic voices indicate that tone and warmth shift how people react, which matches the habit of giving digital assistants feminized voices on the assumption that users trust them more readily. Security planning gets easier with a clear view of the broader identity fraud trends emerging this year.

Top industries at risk of fraud in 2026

Exposure clusters where identity is the whole game. Through 2025 and 2026, the five hardest hit were dating, online media, financial services, crypto, and professional services, with dating and online media each posting a 6.3% fraud rate.

Banking confronts mounting deepfakes and AI-generated documents that erode old verification, forcing the sector to upgrade its detection or risk both its customers and the integrity of the wider system. Payment fraud sorts into types. First-party fraud is someone misusing their own genuine identity, such as chargeback abuse, which reached 16% of first-party payment fraud in 2025.

Third-party fraud takes in card testing, where small trial charges on stolen cards come before the real hit, at 17% of third-party fraud. The shape is consistent: fraud in 2026 may not appear more often, but it is more sophisticated, more accessible, and more personal.

Financial fraud: BEC and insurance risks.

Finance changed, and the fraud feeding on it changed in step. Business email compromise involves impersonating a trusted contact to wring out a payment, a credential, or a doctored invoice. AI-boosted spoofing polishes the messages and makes them harder to catch, with the scheme running on trust to steer a victim into a damaging move.

The 2025 AFP Payments Fraud and Control Survey found 79% of organizations facing payment fraud attempts in 2024, and 63% naming BEC the top channel. Insurance fraud rides the same wave, as false claims and staged accidents now arrive with AI-generated photos and documents that make investigations slower and costlier. Insurers need detection that flags a doctored image instantly.

Mobile payment fraud: QR scams and account takeovers.

Paying by phone for a coffee or a bill could not be simpler, and that ease is precisely what scammers count on when guard drops. Account takeover sits near the top of mobile threats. A criminal armed with stolen credentials or facing weak authentication can grab an account and clear it out.

The attack landed second among third-party fraud at 19%, behind identity theft at 28%. QR codes carry their own risk, because a fraudster can swap a legitimate code for one leading to a phishing page, exactly as scammers did with counterfeit codes in Tyne & Wear Metro parking lots.

Imitation payment apps that look and feel like the real ones circulate too, including one that traveled across India over WhatsApp to hit UPI users. Add social engineering, where a fake support agent over SMS talks a victim into greenlighting a fraudulent transaction.

Real-time payment rails sharpen the danger. Instant transfers cut the detection window to nearly nothing, the funds reach a criminal account in moments, and clawing them back rarely works. The damage gathers in account takeover and authorized push payment scams, where a manipulated victim authorizes the move. With half of UK adults using mobile payments regularly, the speed and finality of these transfers keep beating controls built for a slower world.

Crypto fraud: pig butchering and new schemes

As crypto ownership widens, so does the criminal’s menu. The sector pulls in pig butchering, pump-and-dump rigs, and wallet drainers. Pig butchering takes its bleak name from fattening a victim’s trust before stripping them bare. A scammer cultivates a bond over weeks, frequently starting on a dating app, then guides the target toward a sham investment platform.

Revenue from these scams climbed nearly 40% year over year, much of it organized crime. Some run as scam factories built on trafficked labor; one worked out of the Isle of Man, where a seaside hotel and old bank offices held dozens of workers preying on victims worldwide.

Wallet drainers boom alongside them. The scripts pull crypto from a victim’s wallet into the attacker’s, usually after a link to a fake NFT marketplace or DeFi service. Packed into fraud-as-a-service kits, they fed into $2.2 billion stolen in 2024. Pump-and-dump predates crypto, but AI widened its reach.

Scammers buy a cheap token, pump it with bots, fake accounts, and deepfakes of familiar faces, then dump at the peak and abandon retail buyers with nothing. Pump-and-dump signatures showed in 3.59% of all tokens launched in 2024, and the scheme is not crypto-only, as four Australians found in December 2025 when courts sentenced them for rigging stock prices.

Dating scams and emotional manipulation.

Romance scams persist, and AI made them more lifelike and personal. Dating platforms top every sector at a 6.3% fraud rate, over twice what financial services logs. A scammer assembles a convincing profile, sometimes backed with deepfake photos or video, and once trust sets in the ask appears: a medical crisis, a guaranteed crypto bet, a wallet to top up.

In October 2024, Hong Kong police arrested 27 people running a deepfake romance ring that used face-swapping and voice-changing tools to lure victims into fake crypto investments over live video calls, with losses in the millions. The safeguard is plain and works: check names, photos, and bios online, and greet any money request with suspicion regardless of how gently it is framed.

Old fraud tactics that still work.

The standbys keep paying off. Fraud-as-a-service puts heavy attacks within reach of anyone with dark web access. Formjacking buries malicious code in payment forms to skim card details mid-checkout without a visible clue.

Click fraud uses bots to pad ad spend, fake crypto exchanges pocket deposits and vanish, and flash loan attacks twist DeFi smart contracts to warp prices. Ransomware crews demand crypto after encrypting data, and data poisoning corrupts the inputs that fraud detection relies on, weakening it from within.

Emerging threats to watch in 2026

AI overhauled the whole arena. The sophistication shift led off, with advanced fraud up 180% in 2025. AI-assisted forgery rose to 2% of fake documents from zero a year earlier. Fraud rates fell in the EU and US while rising 9.3% in Africa, 16.4% in APAC, and 19.8% in the Middle East.

AI fraud agents settled in for good, and criminals graduated to telemetry tampering, hitting the data pipelines beneath identity checks rather than the documents on the surface.

How users and businesses can stay safe.

The 2026 picture is unsettling for solid reasons, with criminals wielding these tools to crack old defenses and chip away at any sense of who deserves trust. People guard themselves best by easing off the accelerator: confirm any request for payment or sensitive data, ignore links from strangers, switch on multi-factor authentication where it matters, and keep devices patched.

A single pause before a transfer, or a check through another channel, can stop a polished scam in its tracks. Companies need layered, adaptable defense, mixing AI-powered real-time monitoring with adaptive verification, device intelligence, and biometric checks to catch trouble before it spreads.