These days, impersonation scammers can trick victims into making a payment within 24 hours of first contact. Scary, but how? At the core of it, fraudsters are leveraging AI tools to improve their attacks. Heading into Black Friday, and the rest of the frenetic festive period, that’s a real concern. Especially since the fraud stack is getting taller — with AI supporting every layer.
For instance, consumers are really leaning in to the convenience of social media for their gift inspiration and shopping via the ads that pop up on their feeds. But that makes them a prime target for AI-enhanced phishing scams.
And that’s only one vector. Along with Generative AI and fraud-specific AI tools, like WormGPT and Deep-Live-Cam, fraudsters are also deploying AI for data-breaches, and the automation, orchestration, and scaling of their attacks.
The result: more attack layers intersecting at the worst possible time for banks and issuers — the busy holiday period.
For instance, consumers are really leaning in to the convenience of social media for their gift inspiration and shopping via the ads that pop up on their feeds. But that makes them a prime target for AI-enhanced phishing scams.
And that’s only one vector. Along with Generative AI and fraud-specific AI tools, like WormGPT and Deep-Live-Cam, fraudsters are also deploying AI for data-breaches, and the automation, orchestration, and scaling of their attacks.
The result: more attack layers intersecting at the worst possible time for banks and issuers — the busy holiday period.
The festive season payment scam stakes
Over the holiday season, scam risks shoot up as online gift and bargain shopping surge. And the numbers can look rather alarming:
Unfortunately, cardholders aren’t doing themselves any favors by pursuing their convenience or impulse-driven buying habits over this busy period, but they still do:
- Black Friday phishing attacks increased by 600% last year
- Attacks impersonating major brands, including Walmart, Best Buy, and Target increased by 2000% in 2024
Unfortunately, cardholders aren’t doing themselves any favors by pursuing their convenience or impulse-driven buying habits over this busy period, but they still do:
The origin of payment fraud attacks: AI-powered cyber infiltration
Today’s scams are often sophisticated and multi-component. The consumer pressing 'Send' on a Zelle payment to a scammer is only the tip of the iceberg.
As Laura Quevedo, Executive Vice President of Fraud and Decision Solutions at Mastercard explains, modern fraud is now a blend of AI-enhanced cybercrime and fraud, where attacks will “typically start in the cyber realm.” When fraudsters get hold of the sensitive data they need, like customers’ credentials, that's their catalyst for an all-out attack across numerous channels and institutions.
As Laura Quevedo, Executive Vice President of Fraud and Decision Solutions at Mastercard explains, modern fraud is now a blend of AI-enhanced cybercrime and fraud, where attacks will “typically start in the cyber realm.” When fraudsters get hold of the sensitive data they need, like customers’ credentials, that's their catalyst for an all-out attack across numerous channels and institutions.
Now, let's factor in the risk posed by agentic AI. Anthropic recently reported the first fully automated cyberattack. Along with large companies, the attack also targeted financial institutions.
Alarmingly, adversarial AI can now handle reconnaissance, exploitation, and credential harvesting at scale — feeding holiday scams and account takeover campaigns with fresh stolen data.
What's more, Anthropic warned that “[t]hese attacks are likely to only grow in their effectiveness.” As a result, banks and issuers will need to modernize their security measures if they want to eliminate dangerous data silos between cyber and fraud teams, and shift to a unified fraud prevention approach.
Social media shopping could drive explosive payment fraud growth
Another layer of AI-infused risk, which we touched on earlier, is social media holiday shopping. The problem of human behavior vs AI capabilities in the hands of fraudsters.
A recent UK survey revealed that shoppers are taking far bigger risks with their holiday shopping. They make purchases through social media ads and websites or sellers they’re unfamiliar with. While this approach might satisfy their need for convenience, scammers are leaning in to it too, as Leyla Bilge, the director of scam research at Norton, explains.
“Scammers thrive on pressure, distraction, and emotional decision-making, and the holiday season delivers all three in spades. Scammers aren't waiting for you to slip up. They're counting on you to be busy, stressed, and in a rush. And the moment you let your guard down, they're ready. Nowadays with the sophistication of scams, even if your guard is up, they're ready.” — Leyla Bilge, Director of Scam Research, Norton
With AI tools like voice cloning, deepfake merchant storefronts, fake support chats, and AI-written persuasion scripts — holiday scams are becoming far more convincing and easier for fraudsters to scale. In fact, they’re even fooling digital natives these days.
Real-time, risk-based intelligence: Helping issuers adapt as fast as today's threats
While data silos are one risk ‘red flag’, static defenses are another. Static security measures often struggle to keep pace with today’s AI-accelerated threat landscape. These fixed fraud risk rules cannot effectively detect AI-generated behavior patterns, coordinated cross-channel movements, or the social-engineering-driven authorizations now driving much of holiday-season fraud.
The solution is real-time, risk-based intelligence — adaptive, AI-powered systems that learn from every interaction.
This approach can help banks and issuers:
- Detect anomalies across channels
- Respond instantly to new scam patterns
- Reduce false declines
- Evaluate intent rather than just credentials, and
- Protect payments and digital banking in one unified layer
To protect cardholders from evolving scams while shopping for their gifts and bargains, or any time of the year, leading institutions understand that “fraud prevention is no longer just about blocking bad transactions. It’s about protecting the customer relationship before it breaks,” as PYMNTS explains.
Learn more about protecting cardholders from AI-enhanced scams this holiday shopping season and beyond in our latest white paper, ‘Preventing emerging payment scams: A strategic guide for issuers:’
