AI-powered scams surge online as Microsoft blocks USD $4bn

Microsoft has published its latest Cyber Signals report, highlighting a rise in AI-assisted scams targeting online shoppers and job seekers.

The report indicates that scammers are increasingly using artificial intelligence to create more convincing fraudulent schemes. Over the past year, Microsoft states it has prevented fraud attempts valued at USD $4 billion and has detected approximately 1.6 million bot signup attempts per hour.

An increasing concern documented in the report is the use of AI to lower the barrier for less technically skilled attackers to develop sophisticated scams. Tactics now include deepfake-driven phishing and AI-generated websites that closely mimic legitimate businesses, allowing scammers to deploy convincing schemes in minutes rather than days or weeks.

Microsoft is focusing on countering these threats by enhancing its detection models with advanced AI, such as machine learning, to identify and mitigate fraud attacks at scale.

The report provides specific guidance for consumers to defend themselves when shopping online. Among its recommendations, Microsoft advises: "Don't let pressure tactics trick you – Don't be fooled by 'limited-time' deals and countdown timers."

On the dangers of online advertising, the report cautions: "Only click on verified ads – Many scam sites spread through AI-optimised social media ads. Cross-check domain names and reviews before purchasing."

AI-driven deception can also be found in fabricated online endorsements and testimonials. The report notes: "Be sceptical of social proof – Scammers can use AI-generated reviews, influencer endorsements, and testimonials to exploit your trust."

Job seekers are identified as another group at risk, with the report outlining tactics that fraudulent employers may use. The advice includes: "To provide personal or financial information – Unsolicited SMS and email messages offering high-paying jobs with minimal qualifications are typically fraudulent. Avoid sharing personal or financial information. You should never provide a National Insurance number, banking details, or passwords to an unverified employer."

The report also highlights the risk of payment requests: "To pay for a job opportunity – Employment offers that include requests for payment, offers that seem too good to be true, and a lack of formal communication platforms can all be indicators of fraud."

On communication, Microsoft advises vigilance: "To communicate via unofficial communication channels – If recruiters and hiring managers only communicate via SMS, WhatsApp, or non-business email accounts, it's a red flag. Legitimate employers use official company platforms for hiring communications. Always handle personal and sensitive information over secure platforms."

To bolster consumer protection, Microsoft has introduced several free tools and features. These include enhanced protection in Microsoft Edge, which uses deep learning technology to help users avoid impersonation and fraudulent websites.

Digital fingerprinting technology is also being employed to identify malicious behaviours. According to Microsoft, "Microsoft's digital fingerprinting capability identifies malicious behaviours and ties them back to specific individuals. This helps in monitoring and preventing unauthorised access."

Additionally, Microsoft has updated its Quick Assist tool, which allows users to share their computer screens remotely. "Quick Assist now includes warnings and requires users to check a box acknowledging the security implications of sharing their screen (Quick Assist is a tool that enables users to share their Windows or macOS device with another person over a remote connection). This adds a layer of helpful 'security friction,' by prompting users who may be multi-tasking or preoccupied to pause to complete an authorisation step," the report explains.

Microsoft's Cyber Signals report underscores the evolving sophistication of online fraud and the increasing need for both technological and user-focused defence measures.