How AI Scams Target Your Financial Data

As artificial intelligence (AI) grows more advanced, cybercriminals are using it to refine scams that target your financial assets, whether you’re managing a retirement account or an investment portfolio. 

As Cybersecurity Awareness Month kicks off, it’s essential to understand how AI-driven phishing and social engineering attacks are evolving. These AI scams are designed to trick you into handing over sensitive credentials or approving fraudulent transactions — and they’re getting harder to spot. 

Recognizing types of attacks

AI is being studied for its potential role in these two types of attacks: 

1. Phishing emails, texts, and deepfake phone calls: These messages now look and sound indistinguishable from legitimate financial institutions or advisors. You might receive a message calling for “urgent action” on your retirement account. A financial advisor might get an email that appears to come from a client or executive, requesting a wire transfer or login credentials. 
2. AI-enhanced social engineering: Scammers use AI to research you, mimic your writing style, and even generate realistic voices to impersonate people you trust. This blend of technology and psychology makes it easier for them to manipulate you. For example, a grandparent receiving a phone call from someone who says they’re a grandchild and asks for money could be AI-generated. 

Understanding what data scammers are seeking

To steal your money, scammers need specific personal and financial data. They often use malicious links to get it. The most valuable information includes: 

• Banking or investment login credentials 

• Full name 

• Social Security number 

• Date of birth 

• Account or credit card numbers 

• One-time passcodes or answers to security questions 

Clicking on a malicious link may take you to a phishing website that looks legitimate. If you enter your information there, scammers can capture it instantly. Some links install malware that monitors your activity or hijacks your session, giving attackers access to your accounts without needing your password. Others redirect you to fake customer service chats or forms designed to harvest your credentials. 

For example, a text that appears to be from Amazon asking you to verify your delivery address through a link could expose your account and payment information. 

Scammers rely on these tactics to exploit your trust and sense of urgency. That’s why it’s critical for you to verify any unexpected messages and avoid clicking on suspicious links. 

Using AI to target you

Scammers use AI in sophisticated ways to contact and manipulate you: 

• Natural Language Generation (NLG): AI tools can generate emails, texts, and chats that match the tone and style of legitimate communications. These messages may reference your financial institution, recent transactions, or personal details scraped from public sources. 

• Voice cloning and deepfakes: Scammers can clone the voice of someone you know, like a financial advisor or family member, and use it to pressure you into transferring funds or revealing login credentials. 

• Automated reconnaissance: AI scans social media, public records, and breached data to build a detailed profile of you. This allows scammers to craft hyper-personalized attacks that feel authentic. 

• Chatbots and conversational agents: You might interact with an AI chatbot that pretends to be a customer service representative or financial advisor. These bots can guide you through conversations that lead to fraud. 

• Email spoofing with AI assistance: AI helps scammers craft emails that bypass spam filters and look legitimate. Some even use generative adversarial networks (GANs) to test and refine messages until they’re undetectable. GANs are a type of machine learning model used to generate new data that mimics existing data, like creating realistic images, videos, or audio. 

Taking precautions

To protect yourself, stay vigilant and cautious. 

• Never click on links in unsolicited messages. 

• Always verify account activity directly through your financial institution’s official website or app. 

• Use multi-factor authentication to add an extra layer of security. 

• If something feels off, even slightly, confirm it through a trusted, separate channel before taking action. 

• Consider using a password manager to reduce the risk of credential theft. 

• Report suspected scams to your financial institution or a cybersecurity authority. 

Don’t hesitate to ask your financial institution or service provider how they’re protecting your data. You have the right to know what security measures they use, whether they support multi-factor authentication, how they monitor suspicious activity, and what protocols are in place if your information is compromised. Asking these questions helps you stay informed and encourages stronger accountability and transparency from the organizations you trust with your financial assets. 

Staying in touch

AI is giving cybercriminals sharper tools to exploit your trust and urgency in financial matters. Retirement accounts and wealth portfolios can be attractive targets due to the significant amounts of money involved. 

By combining technical safeguards with your own vigilance, you can stay one step ahead. If a request seems even slightly suspicious, confirm it through a trusted, separate channel before taking action. The more you stay connected with your trusted contacts, the easier it might be to detect an unusual communication. 

Contact your Mercer Advisors wealth advisor directly to validate any requests you receive that may seem suspicious. Our Mercer Advisors Security Measures explain how our firm is protecting you. 

Not a Mercer Advisors client and want to know more about our comprehensive wealth management solution? Or what we’re doing internally to protect your assets from cyber scams? Let’s talk.