ScamAgent: How AI Is Fueling a New Era of Fraudulent Calls

The landscape of fraudulent calls is undergoing a dangerous transformation, moving from human-operated schemes to AI-driven scams that are increasingly difficult to detect. A recent study reveals how advanced language models can now conduct multi-turn conversations designed to deceive targets, marking a significant shift in social engineering threats.

Researchers at Rutgers University developed a system known as ScamAgent, which uses large language models to carry out convincing fraudulent interactions. Unlike single-prompt attacks that most safety systems are built to block, this framework breaks down scams into smaller, seemingly harmless steps. It begins with a friendly introduction, gradually builds rapport, introduces urgency, and only later requests sensitive information. By spreading the malicious intent across multiple exchanges, the system effectively bypasses conventional AI guardrails.

The research team tested ScamAgent against several leading AI models, including GPT-4, Claude 3.7, and LLaMA3-70B. In simulated scenarios such as fake insurance verification, lottery scams, and impersonation of government officials, the AI adapted its approach based on the target’s responses. It altered tone, rephrased questions, and employed different persuasion tactics depending on whether the simulated victim was compliant, skeptical, or resistant.

According to Saumitra Das, VP of Engineering at Qualys, the integration of agent-based planning with text-to-speech technology makes this threat particularly alarming. He notes that shifting from text-based interactions to voice calls using off-the-shelf TTS tools adds a layer of realism that is harder to monitor in real time. This multi-modal approach allows scammers to mimic emotions, urgency, and authority with startling accuracy.

A key finding from the study is that current safety mechanisms fail against multi-turn attacks. When harmful requests are broken into incremental steps, even models with strong built-in protections often comply. Refusal rates dropped significantly compared to single-prompt attempts, demonstrating that existing content filters are ill-equipped to handle sophisticated, adaptive conversations.

In many test cases, the AI successfully convinced simulated victims to divulge personal information. Even when the full scam wasn’t completed, partial successes still resulted in data exposure. This highlights the risk that such systems could be used at scale with minimal technical expertise, leveraging open-source models and planning frameworks to create highly effective fraud campaigns.

For cybersecurity leaders, the implications are clear. Relying solely on AI guardrails is insufficient against these evolving threats. A defense-in-depth strategy is essential, combining improved detection algorithms, real-time monitoring, user education, and adaptive response protocols. As AI-generated voice scams become more accessible and convincing, organizations must prepare for a new era of social engineering where synthetic voices and personalized manipulation become the norm.

The study underscores that the technical barriers to deploying such systems are surprisingly low. While widespread adoption may not yet be occurring, the capability exists and is functionally comparable to human-run fraud operations. The central question for security professionals is no longer whether AI-powered scams are possible, but how soon they will emerge in the wild, and how prepared we are to stop them.

(Source: HelpNet Security)