For most of human history, scams were relatively simple. A stranger sold fake miracle cures from the back of a wagon. A con artist ran a shell game on a busy street corner. Someone forged signatures, counterfeited checks, or promised riches through a too-good-to-be-true investment scheme. The tools changed with each era, but the mechanics stayed familiar: gain trust, create urgency, exploit emotion.
The internet accelerated everything.
In the early days online, scams were often obvious and almost amateurish. Chain emails promised bad luck if you didn’t forward them to ten friends. Pop-ups claimed you had “won” a valuable prize. People in chatrooms pretended to be tech support employees asking for passwords, while others sold fake concert tickets or nonexistent items through forums and classifieds. On platforms like AOL, MSN Messenger, IRC, and early online marketplaces, anonymity created an entirely new playground for deception. Most scams were still relatively small-scale, relying on volume and the assumption that someone would eventually fall for them.
Today, fraud operates at an entirely different level.
Modern scams can involve organized criminal networks, rogue nation-states, stolen datasets, spoofed phone numbers, AI-generated voices, cloned websites, and highly targeted psychological profiling. A scammer might know where you work, who your bank is, what school your child attends, and which recent purchase is waiting on your doorstep. What once looked like a poorly written e-mail from a foreign prince can now look indistinguishable from a legitimate message from your employer, your bank, or even a family member.
Yet despite all the technological sophistication, the core principle has barely changed. Social engineering still depends on manipulating human behavior: fear, urgency, trust, greed, loneliness, authority, or curiosity. The software has evolved. Human psychology hasn’t.
The Five Social Scams Costing Companies Millions
via visualcapitalist
The top 5 scams are:
- Deepfake Impersonation
- Vendor Spoofing
- SIM Swapping
- Phishing
- Executive Impersonation
Some of the tactics are surprisingly simple in concept. In vendor spoofing schemes, criminals impersonate legitimate suppliers and convince companies to reroute invoice payments to fraudulent bank accounts. Google and Facebook reportedly lost more than $120 million after fraudsters posed as a real hardware vendor and requested payments to accounts they controlled.
Executive impersonation follows a similar pattern, with attackers posing as senior leaders to pressure employees into making urgent or confidential transfers. In one case, Belgium’s Crelan Bank lost roughly $76 million after scammers impersonated the CEO via e-mail.
Both are classic scams made more dangerous by emerging technologies.
Newer scams rely even more heavily on emerging technologies. Deepfake impersonation attacks use AI-generated voices or videos to convincingly mimic executives or coworkers, bypassing traditional verification methods. UK engineering firm Arup lost $25 million after an employee participated in a video call with what appeared to be company leadership, only to later discover the participants were AI-generated impersonations.
Researchers have found that people identify deepfakes correctly only slightly better than chance, highlighting how quickly the technology is outpacing human detection.
Meanwhile, phishing remains one of the most effective entry points for large-scale fraud. A malicious e-mail, fake login page, or infected attachment can provide attackers with access to internal systems, financial credentials, or sensitive communications. Bangladesh Bank lost $81 million after employees received phishing emails disguised as job applications containing malware-laden attachments. Despite being one of the oldest online scams, phishing losses continue to rise dramatically as attacks become more personalized and convincing.
Even multi-factor authentication, once considered a major security improvement, is vulnerable to SIM swap attacks. In these schemes, criminals hijack a victim’s phone number by convincing a wireless carrier to transfer the number to a new device, allowing attackers to intercept passcodes and password reset requests. One attacker used this technique to compromise a phone number connected to the SEC and briefly hijack its official X account to spread false market-moving information.
The common thread across all of these attacks is that they exploit people more than technology. Fraudsters are increasingly bypassing traditional cybersecurity defenses not by breaking systems, but by manipulating trust, authority, urgency, and routine behavior. As AI lowers the cost of impersonation and allows scams to scale globally, social engineering is becoming one of the defining fraud risks of the digital era.
Who is most at risk?
via visualcapitalist
Sumsub developed the index based on four main factors: fraud activity, resource accessibility, government intervention, and economic health. Lower scores suggest better resilience against fraud, whereas higher scores indicate increased risk exposure.
Many lower-ranked countries face challenges such as weaker enforcement systems, limited digital protections, and economic instability. These conditions increase the likelihood of fraudulent activities proliferating.
But fraud isn’t only an issue in emerging countries.
America ranked 91st, putting us in the bottom 20% globally.
We’ve been preaching about cybersecurity for years, and as always, the greatest risk is the human-in-the-loop.
The difference now is that AI is making it cheaper and easier than ever to target that human at scale.
You may not have fallen for a scam yet … but I bet you’ve fallen for an AI video. Regardless, the odds that your team, your vendors, or your portfolio companies will be tested are rising fast.
Make sure you have protections and fail-safes at both the company and personal levels.
Leave a Reply