The hallmarks of internet fraud have fundamentally changed. A decade ago, potential victims could spot scams by their obvious flaws—spelling mistakes in emails, poor-quality images, awkward phrasing that screamed untrustworthy. Today, those warning signs have largely disappeared. Sophisticated generative AI tools have made it trivially easy for criminals to create convincing copy, design professional-looking websites, generate realistic photographs, and even clone voices and faces. The digital landscape that once offered built-in defences against fraud has been weaponised, turning the tables on unsuspecting users who rely on instinct to distinguish legitimate from fraudulent.

The scale of this problem is substantial. The FBI disclosed last month that cybercriminals inflicted nearly US$21 billion in losses on Americans during the previous year, with approximately US$893 million attributable specifically to AI-enabled fraud. These figures represent merely the tip of a larger iceberg, as countless scams go unreported or undetected entirely. For Malaysian consumers and businesses increasingly conducting transactions online, the implications are stark: the playground has shifted, and traditional instincts no longer suffice. What was once a Nigerian prince email has evolved into a pixel-perfect replica of a trusted international brand, indistinguishable from the genuine article to the untrained eye.

Consider the experience of a consumer who encountered a social media advertisement for Hoka sneakers bearing an 80 percent discount. The website that loaded appeared entirely legitimate—professional layout, proper branding, functional shopping cart. Only after adding items to the cart did something feel amiss. A quick Reddit search confirmed the suspicion: this site was part of a sophisticated network of counterfeit retailers. Hoka itself had issued warnings about precisely this proliferation of fake stores bearing its name. This scenario plays out thousands of times daily across platforms like TikTok and Instagram, where scammers leverage the same advertising targeting tools that legitimate brands use, paying for ad placement to reach vulnerable audiences interested in bargain shopping.

The mechanics of these fake online stores reveal how AI has democratised fraud. Unlike legitimate retailers, criminals operating these shops need not worry about inventory, shipping logistics, or customer service. Their profit model depends entirely on harvesting payment information and disappearing before anyone realises no products will arrive. Scammers can afford to spend substantial sums on advertising precisely because they have no genuine business operations. They use AI image generators to create product photographs indistinguishable from authentic listings, deploy chatbots to handle customer inquiries, and maintain entire storefronts through automation. The barrier to entry for criminals has collapsed, while the difficulty of identification for ordinary consumers has skyrocketed.

Beyond fake retail websites, criminals have developed deeply personalised fraud schemes by exploiting AI's capacity for impersonation and identity replication. The most disturbing category involves deepfakes of family members. Imagine receiving a text message from your son's phone number, engaging in conversation, and then being asked to participate in a video call. On that call, an AI-generated simulation of your son—complete with realistic facial movements and voice—requests urgent financial assistance. This scheme represents a fundamental violation of trust. Phone numbers are easily spoofed, and personal information about relatives is abundantly available online, providing criminals with the raw materials necessary to construct highly believable deceptions. A researcher at CivAI, a nonprofit focused on AI literacy, noted that real-time video transformation tools capable of full-body replacement and voice alteration have become remarkably cheap and accessible, requiring minimal technical expertise.

The romantic scam has similarly evolved. Lonely individuals may receive messages from someone claiming to be a former flame, with video calls eventually revealing an AI simulation so convincing that it triggers genuine emotional connection. Dating scams, long a staple of internet fraud, have become more sophisticated and harder to dismiss as obviously false. Job seekers represent another vulnerable population, potentially engaging with fake job interviews conducted by AI interviewers at nonexistent companies, ultimately tricked into performing unpaid labour or divulging sensitive information. These personalised attacks exploit the specific vulnerabilities and interests of individual targets, transforming scamming from a crude numbers game into a precision instrument.

Celebrity impersonation through deepfakes has become particularly prevalent on social media platforms. Fraudsters generate videos featuring well-known personalities endorsing non-existent products or dubious investment schemes. Gordon Ramsay deepfake videos advertising cookware giveaways circulated widely, with victims believing they were paying modest shipping fees for free items when in reality they were surrendering credit card details to criminals. Richard Branson, founder of Virgin Group, experienced similar exploitation so frequently that he posted an educational video on Instagram specifically warning his followers about deepfake scams using his likeness. These high-profile incidents underscore how AI-generated video content has become indistinguishable from authentic material to most viewers, creating an asymmetric information problem where ordinary people cannot reliably verify the legitimacy of media they encounter.

Social media platforms themselves have become focal points of regulatory scrutiny regarding their response to AI-enabled fraud. The Consumer Federation of America filed a formal complaint against Meta, accusing the company of misleading users about the effectiveness of its anti-scam measures. The complaint documented numerous examples of deceptive advertisements for baby products and free electronics that exploited vulnerable audiences. Santa Clara County in California subsequently filed its own lawsuit against Meta on similar grounds. In response, Meta claimed responsibility for removing 159 million fraudulent advertisements and shutting down nearly 11 million accounts on Facebook and Instagram linked to known scam operations during the previous year. The company further stated that it was investing in new technology to combat such fraud. TikTok, similarly called out for the proliferation of scam advertisements on its platform, stated that 97 percent of violating spam content removed in the fourth quarter of 2025 was eliminated before users reported it. These defensive postures suggest platforms are responding to increased pressure, though sceptics argue the improvements remain inadequate.

The strategic shift required of consumers in this new environment is fundamental. Rather than scanning for obvious indicators of fraud—poor spelling, awkward phrasing, suspicious website design—people must now actively verify that something is legitimate before engaging. This represents an inversion of the traditional approach, where scams stood out through their poor quality. Mark Beare, a general manager at Malwarebytes, an internet security firm, articulated this explicitly: the task is no longer identifying what is bad, but confirming what is genuinely good. A website bearing the logo of REI or eBay could equally be authentic or a sophisticated replica. The onus has shifted decisively onto the consumer to conduct due diligence.

Practical defensive measures exist, though they require more effort than simple visual inspection. One straightforward technique involves searching for the website address on Google or Reddit to see what other users have experienced with that particular site. More sophisticated approaches leverage AI itself as a tool for detection. Malwarebytes recently partnered with OpenAI and Anthropic to develop a free scam-detection application that integrates with ChatGPT and Claude. Users can paste website URLs and screenshots into these chatbots, requesting analysis of whether a site is legitimate. This creates a somewhat paradoxical situation: AI tools designed by well-intentioned organisations must now be deployed against AI-enabled fraud, suggesting an ongoing technological arms race between defenders and criminals.

Family communication represents perhaps the most accessible and effective defence against personalised impersonation scams, particularly for protection of elderly relatives unfamiliar with contemporary technology. Andrew Yoon from CivAI recommends that families establish protocols for verifying identity during unexpected contact, particularly video calls. He suggests establishing a secret safe word or phrase that family members can use to confirm they are speaking with genuine relatives. This low-technology solution harks back to pre-digital security practices yet remains effective precisely because it operates outside the domain where AI excels. An AI simulation cannot know a secret phrase established only among family members without prior exposure to communications containing it. This approach transforms the fundamental challenge: scammers may replicate appearance and voice, but they cannot replicate genuine shared knowledge.

The deepfake and celebrity impersonation landscape demands that consumers verify information exclusively through official channels. Richard Branson's advice to consult Virgin.com directly rather than trusting social media content featuring his image represents solid guidance applicable across all domains. Blue checkmarks and verification badges on social media platforms are insufficient guarantees of authenticity, as such designations can be counterfeited or obtained through fraud. Investment opportunities, product endorsements, and business propositions encountered on social media should be independently verified through the organisation's primary website or official communication channels. This requirement for additional verification work falls disproportionately on ordinary users who lack specialised knowledge, raising questions about whether current platform governance structures adequately protect vulnerable populations.

For Malaysian consumers specifically, the convergence of AI-enabled fraud with the region's rapid digital adoption presents particular challenges. Southeast Asia has experienced explosive growth in e-commerce and mobile payment adoption, creating large populations relatively new to online transactions and potentially less familiar with emerging fraud techniques. Scammers naturally target high-growth markets where populations are less experienced with sophisticated fraud mechanisms. The cross-border nature of online fraud makes it particularly difficult for national regulators to pursue perpetrators, many of whom operate from jurisdictions beyond Malaysia. Regional cooperation and platform accountability therefore become essential, yet progress on both fronts remains inadequate. Malaysian consumers must adopt defensive postures now rather than waiting for comprehensive regulatory solutions that may never arrive.

Ultimately, one ancient principle remains true despite AI's transformation of the fraud landscape: if something seems too good to be true, it almost certainly is. An 80 percent discount on premium sneakers, a completely free product requiring only modest shipping payment, or an investment opportunity guaranteeing unrealistic returns should trigger scepticism. However, this traditional wisdom now operates within a much narrower domain. Today's scams no longer announce themselves through obvious defects; they announce themselves through implausible value propositions. The burden has shifted from identifying poor quality to identifying implausible offerings. As generative AI continues advancing and becoming more accessible, this technological arms race will intensify, demanding that individuals remain perpetually vigilant and maintain healthy scepticism toward any unsolicited digital contact, regardless of how convincing its surface presentation may appear.