TL;DR

A new wave of AI-powered cyber threats has emerged as more sophisticated and dangerous than traditional scams. Between late 2024 and mid-2025, ClickFix scams surged 517% whilst 1.7 million unique malicious QR codes were detected. The World Economic Forum ranks AI-generated misinformation as the #1 global risk for the next two years, with online scams causing $16.6 billion in losses in the US alone during 2024.

AI-Generated Scams Reach Professional Polish

Scammers increasingly use AI to create fake customer service numbers, websites, emails, and chatbots that appear in search results and paid ads—sometimes even promoted by search engines themselves. These tactics deceive consumers and businesses alike, leading them to phishing sites and fraudulent support lines that impersonate trusted brands with startling accuracy.

These scams are no longer about poor grammar and suspicious links. Today’s threats are polished, professional, and powered by generative AI tools that can mimic tone, branding, and even real-time conversation. The result is a growing number of victims who never realise they’ve been duped until it’s too late.

Deepfakes and Voice Cloning Weaponised

One of the most alarming developments in AI-driven fraud is the use of deepfake videos and voice cloning. These technologies, once limited to entertainment, are now being weaponised to impersonate executives, customer service agents, and even family members.

These impersonations are difficult to detect in real time, especially when layered with social engineering tactics. As the technology becomes more accessible, the risk of widespread abuse grows exponentially.

ClickFix: The 517% Surge Threat

One of the fastest-growing cyber threats is the ClickFix scam. These attacks trick users into copying and pasting malicious code, often disguised as routine system fixes or CAPTCHA checks.

The scam typically begins with a pop-up or fake tech support page claiming the user’s system is compromised. It then offers a “quick fix” that involves copying a block of code into a terminal or browser console, effectively handing over control to the attacker.

Between late 2024 and mid-2025, ClickFix scams surged by 517% and now account for nearly 8% of all blocked cyber incidents, according to CyberPress.org. Microsoft’s Threat Intelligence team reports thousands of daily attacks, with even nation-state actors adopting the tactic.

What makes ClickFix particularly dangerous is its simplicity. Unlike traditional malware requiring downloads or attachments, these scams rely on user action. Once executed, the code can disable security settings, install spyware, or redirect traffic to malicious domains.

QR Code Phishing and Daily Scam Volume

Phishing remains a dominant threat, with an estimated 3.4 billion phishing emails sent daily, according to KeepNet Labs. But tactics are evolving. Attackers increasingly use malicious QR codes, which can be embedded in emails, flyers, or even restaurant menus. Over 1.7 million unique malicious QR codes were detected in the past year alone, according to the Anti-Phishing Working Group.

These codes often redirect users to spoofed login pages or initiate downloads of malware-laced apps. Because QR codes are inherently opaque—users can’t see destination URLs before scanning—they’re ideal tools for deception.

According to Pew Research, 73% of US adults have experienced some form of online scam. Nearly one-third receive scam calls daily, and 28% get scam emails every day. In 2024 alone, online scams caused $16.6 billion in losses in the US, affecting individuals, small businesses, and large enterprises alike.

Business Impact Beyond Financial Loss

For businesses, consequences of AI-driven scams extend far beyond financial loss. Brand reputation and customer trust are often the first casualties. When a scam impersonates a company’s customer service or executive team, victims may associate fraud with the brand itself, regardless of actual company involvement.

This erosion of trust can lead to customer churn, negative media coverage, and long-term reputational damage. In regulated industries like finance and healthcare, it can also trigger compliance investigations and legal liabilities. Moreover, internal morale can suffer when employees feel vulnerable or unsupported in the face of sophisticated cyber threats.

Protection Strategies

Cybersecurity must be treated as a strategic imperative. Key steps to stay protected include:

• Scrutinise search results, especially AI-generated or sponsored links
• Avoid executing commands from pop-ups or websites claiming to fix system issues
• Verify contact information independently—don’t trust what’s in the message
• Educate employees on phishing red flags like urgent language and spoofed addresses
• Enable multi-factor authentication (MFA) on all accounts
• Keep systems updated with latest security patches and antivirus software
• Limit access to administrative tools for non-technical users

Looking Forward to 2026

As we look toward 2026, the cybersecurity landscape will continue to be shaped by dual forces of innovation and exploitation. Generative AI will play growing roles in both offense and defence.

On one hand, attackers will use AI to automate scams and personalise phishing attempts. On the other, defenders will leverage AI to detect anomalies, predict threats, and respond in real time.

Businesses and consumers must prepare by embracing a culture of continuous learning and digital hygiene. Cybersecurity awareness must be embedded into daily operations and personal habits. The best defence is a proactive one. By staying informed, investing in smart technologies, and fostering security-first mindsets, we can all play roles in building a safer digital world.

Source: TechRadar