5 red flags: How AI tricks you into fake payments

New research from Visa reveals that AI-accelerated scams have become the “fastest growing source of consumer harm,” marking a major shift in how cybercriminals operate. Instead of focusing on stealing credentials or hijacking accounts, fraudsters are now weaponizing social engineering tactics powered by artificial intelligence. This change in strategy targets the most vulnerable link in any security chain: human decision-making.

The Spring 2026 Biannual Threats Report from Visa highlights how AI is compressing the fraud cycle, making it easier for criminals to trick consumers into authorizing fraudulent payments themselves. This represents a fundamental shift in the fraud landscape, where the victim becomes an unwitting accomplice in their own financial loss.

At the heart of this new wave is an evolution of the ClickFix technique. This social engineering method bypasses traditional phishing defenses by exploiting our natural problem-solving instincts. Instead of malware being delivered to your device, you are manipulated into performing a malicious action yourself. A fake malware alert might instruct you to open a command prompt, copy a code, and paste it to “fix” a supposed PC issue. In reality, you are executing malicious commands that lead to data theft or worse.

The danger escalates when applied to finance. If you authorize a transaction, even one obtained through deception, you bear the responsibility and likely the financial cost. Standard security systems cannot stop you from voluntarily completing a harmful action.

How AI supercharges these scams

Financial institutions have become adept at blocking unauthorized transactions, often requiring multi-factor authentication, one-time passcodes, or app-based confirmations. Fraudsters have adapted. They now use AI to generate convincing impersonations of trusted sources, such as your bank, complete with deepfake voice calls and realistic emails. The goal is to manipulate you into authorizing a payment yourself, stripping away the fraud protections that normally apply to unauthorized transactions.

Visa detected nearly $1 billion in scam-related activity between July and December 2025. This included impersonations of trusted brands, urgent phishing campaigns, and sophisticated deception that led victims to complete transactions that appeared legitimate but resulted in financial loss.

5 red flags to protect yourself

Whether AI is involved or not, these patterns signal danger:

1. Cold calls from “trusted” companies. Scammers pose as your bank or wireless provider, offering discounts or demanding payment for fake bills. Hang up and verify through an official channel before acting.
2. ClickFix-style urgency. An email demands immediate payment for an overdue bill, promising a discount if you act fast. It outlines three simple steps, including a link or QR code. This panic-inducing tactic is designed to bypass rational thought. Stop, take a breath, and verify through your bank’s official customer service line.
3. Romance scams that turn financial. Long-term emotional manipulation often leads to investment fraud or direct requests for money. If someone you have never met asks for money, the answer must be no.
4. Nearly perfect appearances. AI-generated content, from emails to voice recordings, is increasingly indistinguishable from the real thing. Cybercriminals have access to the same tools you do. Apply healthy skepticism to any communication requesting a financial change or payment, even if it looks genuine.
5. Requests to “fix” a problem yourself. Any communication that asks you to copy code, run a command, or take technical steps to resolve an issue is a major red flag. Legitimate companies never ask you to do this.The organizational imperative: speedVisa emphasizes that while advanced scam detection networks and AI-backed solutions are critical for businesses, speed is the essential ingredient. AI allows attackers to launch social engineering campaigns, discover vulnerabilities, and infiltrate networks faster than ever. Relying on slow, manual processes is no longer viable.Automation, including AI assistants, is the necessary response. It can handle time-consuming tasks like triage, freeing cybersecurity professionals to focus on detection and response. As long as these tools are properly supervised, defenders can keep pace with modern threats.”The rapid adoption of AI has fundamentally changed the economics of fraud,” explains Michael Jabbara, SVP of Payment Ecosystem Risk and Control at Visa. “What once required deep technical skill can now be executed with a prompt. That reality makes intelligence-driven defenses and coordinated action across the ecosystem more critical than ever.”Acting quickly not only protects consumers but also buys them the time needed to pause, reflect, and reconsider before authorizing a payment that could be fraudulent.