The ability to spot fake content online has collapsed in just one year. According to a Malwarebytes survey of 1,500 adults across the United States, the United Kingdom, Austria, Germany, and Switzerland, 85% of respondents now say they cannot tell what is real from AI-generated content, a dramatic jump from 66% in 2025. This erosion of trust is reshaping how people interact with the internet, with half of all respondents reporting they encountered an AI-driven scam in the past year.

What Types of AI Scams Are People Actually Experiencing?

The scams people are encountering have become disturbingly personal and convincing. Respondents reported a range of AI-powered fraud tactics that blur the line between legitimate communication and criminal deception:

• Voice Impersonation: AI-generated calls that mimic the voices of people the victim knows, creating a false sense of familiarity and trust.
• Manipulated Product Reviews: Fake reviews on e-commerce platforms designed to influence purchasing decisions and steer consumers toward fraudulent sellers.
• AI-Generated Images: Synthetic photos used in dating scams, fake job postings, and identity theft schemes.
• Personalized Scam Messages: Tailored text and email messages that reference personal details to increase credibility and response rates.
• Identity Manipulation: Criminals using AI to create synthetic identities or clone existing ones for fraud and impersonation.

One survey respondent described the psychological impact of receiving a voice-cloned call: "It was very frightening. Since then, I am much more cautious with unknown numbers and no longer immediately trust voice messages". This kind of experience is no longer rare. Younger adults reported significantly higher exposure to these scams than older age groups, suggesting that digital natives are not immune to AI-powered deception.

How Are People Changing Their Online Behavior in Response?

The erosion of trust is forcing people to fundamentally rethink how they use the internet. Many respondents reported changing their digital habits in ways that reduce their online presence and limit their exposure to potential fraud:

• Reduced Content Sharing: People are posting less personal information, removing older posts, and being more selective about what they share about themselves and their families.
• Withdrawal from Social Media: Some respondents indicated they are seeking more in-person interaction and reducing their reliance on digital platforms altogether.
• Heightened Skepticism: Individuals are becoming more cautious about engaging with online content, even from sources they previously trusted.

Despite widespread concern, the survey found that relatively few people are taking concrete protective steps. Only a small percentage of respondents reported creating family code words to verify identity, requesting data removal from platforms, or watermarking their photos to prevent unauthorized use. This gap between awareness and action suggests that people understand the threat but lack clear guidance on how to defend themselves.

What Are Regulators and Tech Companies Doing About This?

The problem is not going unnoticed by policymakers and technology companies. South Korea's Financial Services Commission has taken a particularly aggressive stance, recognizing that AI-powered fraud poses an existential threat to financial institutions. Financial Services Commission Chairman Lee Eog-weon met with chief executives of five major financial holding companies to discuss how the same AI technologies that promise to improve banking efficiency are also enabling more sophisticated scams.

The concern centers on deepfake voice phishing, where criminals use AI to generate convincing voices that can be scaled across thousands of targets. What once required a skilled fraudster can now be replicated thousands of times with software. South Korea's response includes easing network separation requirements for AI cybersecurity applications, a significant regulatory shift that reflects growing confidence in AI-driven defenses.

Google has also expanded its defenses, recently expanding Android's scam detection capabilities to help identify suspicious calls and protect users from impersonation scams. OpenAI is preparing for the 2026 election cycle with measures designed to improve transparency around AI-generated content, provide reliable voting information, and restrict deceptive political uses of its tools.

Steps to Protect Yourself from AI-Powered Scams

While the threat landscape is evolving rapidly, there are practical steps individuals and organizations can take to reduce their vulnerability:

• Verify Through Alternative Channels: If you receive an unexpected call or message from someone claiming to be a friend or family member, hang up and call them back using a number you know is correct. Do not use contact information provided in the suspicious message.
• Establish Family Code Words: Create a secret phrase or code word with close family members that only you know. Ask callers to provide this code before discussing sensitive information or money transfers.
• Be Skeptical of Unsolicited Offers: Treat online job postings, consulting opportunities, and investment offers with extreme caution, especially those promising easy money for vague work. The U.S. Department of Justice recently seized 13 domains masquerading as consulting companies that were targeting security clearance holders with fraudulent job offers.
• Monitor Your Digital Footprint: Request removal of your personal data from public databases and limit the amount of personal information you share online. Consider watermarking photos to prevent unauthorized use.
• Report Suspicious Activity: If you encounter an AI-powered scam, report it to the Federal Trade Commission, your bank, or local law enforcement. Information sharing helps authorities identify emerging fraud patterns.

Why Deepfake Detection Is Losing the Arms Race

One of the most sobering findings from researchers at the Vector Institute is that deepfake detection, as a standalone technical capability, is losing ground and is likely to continue losing ground as generative models improve. This means that relying on technology alone to spot fakes is increasingly futile. As AI models become more sophisticated, the gap between detection capabilities and generation capabilities widens in favor of the attackers.

This reality is driving a shift in how regulators and institutions approach the problem. Rather than betting solely on detection, South Korea and other jurisdictions are investing in AI-powered defenses that can identify emerging phishing techniques and distribute intelligence across entire sectors. The AI-based Anti-Phishing Sharing and Analysis Platform, known as ASAP, is designed to identify emerging phishing techniques and distribute intelligence across the financial sector in real time.

The broader challenge is that AI is reshaping the threat landscape faster than defenses can evolve. Criminals are using the same frontier AI models that promise productivity gains to scale their attacks, automate interactions, and adapt tactics in real time. For individuals and organizations, the message is clear: trust is now the frontline of cybersecurity, and maintaining it requires constant vigilance and a willingness to change how we interact with technology.