Financial expert warns: AI scams grew 1,200% in 2025 and here's how you can protect yourself

By WAFF 48 · June 23, 2026.

Jay McGowan, a financial advisor at The Welch Group based in Huntsville, Alabama, has publicly warned about the growing use of artificial intelligence by cybercriminals to commit financial fraud. The warning comes backed by alarming data: according to McGowan, the FBI estimates that cybercrimes generate losses of $21 billion a year in the United States, and more than 50% of those crimes already incorporate some form of artificial intelligence in their execution.

The most striking figure the expert provides is the year-over-year growth of AI-related cybercrimes: an increase of more than 1,200% in 2025 compared to the previous year. This figure illustrates a dramatic acceleration that, if sustained, would push global cyberfraud losses to approximately $40 billion annually by 2027, according to McGowan's projections. The jump from $21 billion to $40 billion in barely two years reflects not only the greater sophistication of the tools, but also their democratization: any malicious actor with basic technical knowledge can today access language models, voice synthesizers or convincing video generators.

**Audio and video deepfakes: the most personal threat**

One of the fraud modalities that most concerns McGowan is the use of deepfakes to impersonate family members or trusted individuals. The expert describes a concrete scenario: a person receives a phone call in which they hear the voice of their spouse claiming to have been in an accident and requesting an urgent transfer of $5,000 to a specific account. The voice is synthetic, generated by AI from fragments of real audio of the family member, but it is indistinguishable to the recipient in a stressful situation.

'They can do it with video. They can do it with audio,' McGowan noted, emphasizing that the technological barrier to cloning voices or faces has fallen drastically in recent months. This technique exploits two psychological vectors simultaneously: trust in a known person and the artificial urgency created by the emergency narrative. The result is that the victim acts before verifying.

**AI-generated phishing: four times more effective**

Another highlighted modality is phishing via email. According to the data McGowan handles, fraudulent emails generated with artificial intelligence register a click rate four times higher than messages crafted manually by humans in the past. This difference is explained by the ability of language models to write texts without grammatical or spelling errors—one of the traditional warning signs—personalize content with recipient data obtained from public sources, and adapt the tone and style to the context of each organization or platform being impersonated.

In general, as sector context, phishing studies have documented for years that the writing quality of fraudulent messages is one of the most reliable predictors of their success. By eliminating that friction with generative AI, attackers have managed to bypass human filters that previously worked reasonably well.

**Fake financial advice as a data-collection vector**

McGowan also warns about a third fraud avenue that is less immediate but equally dangerous: the use of AI tools under the guise of legitimate financial advisors or help services. These apps or chatbots present themselves as free resources offering advice on investments, debt management or tax planning, but whose real objective is to extract personal information from users who let their guard down precisely because they perceive the service as beneficial.

The expert places special emphasis on social media as a distribution channel for this type of fraud. Although some advisory offers circulating on social media may be legitimate, others fit this pattern of social engineering amplified by recommendation algorithms that maximize reach without filtering the veracity of the content.

**Concrete protection measures: the 'family password'**

Faced with the rise of voice deepfakes, McGowan proposes a low-tech but highly effective solution: establishing a keyword or family password known only to household members that must be used in any call requesting money or sensitive information. If the caller—whether a known number or an unknown one—cannot provide that word, it should be interpreted as a warning sign.

The expert makes an important warning about this measure: the password should not be stored on any digital device or written down in a place accessible to third parties. The goal is for it to exist only in the memory of family members, eliminating any digital vector through which an attacker could obtain it.

**Slowing down as a psychological defense**

McGowan identifies haste as the main psychological mechanism that scammers exploit. 'Many of these scams invoke panic. They invoke urgency,' he stated. In the face of any unexpected request for money or personal data, he recommends:

— Hanging up and calling back using a known and previously verified contact number, not the one that appears on the incoming call. — Verifying the identity of companies by searching for them independently online. — Calling official customer service numbers when there are doubts about communications received by email or SMS. — Never acting under artificial time pressure.

This recommendation connects with decades of research on the psychology of fraud: scammers design scenarios that activate the brain's rapid-response system, short-circuiting analytical thinking. The most effective measure is simply to insert a time interval that allows for reflection.

**Account monitoring and credit freezes**

On the more practical financial level, McGowan recommends periodically reviewing bank statements and credit reports in search of accounts opened without the holder's authorization. Early detection is key: the sooner a fraud is identified, the faster and more complete the recovery and claims process can be.

For people who are not seeking new credit—mortgages, personal loans, cards—the expert suggests freezing credit at the reference agencies. This measure prevents anyone from opening a line of credit in the holder's name even if they have their personal data, because any new application would first require unfreezing the file.

As sector context, in the United States consumers can freeze their credit for free at the three main agencies—Equifax, Experian and TransUnion—since the passage of the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018. It is an underused tool despite its proven effectiveness.

**AI as both weapon and shield simultaneously**

One aspect McGowan highlights is the dual nature of artificial intelligence in this context: the same technology that criminals use to construct more convincing scams can be employed by citizens to inform themselves about new fraud modalities and stay up to date. He recommends using AI tools to find out what types of scams are active at any given moment and what their characteristic signs are.

'The AI we knew three months ago is not the same AI we know today,' McGowan noted, in a phrase that sums up the speed of evolution of the sector and the need for continuous updating of knowledge on the part of users. This observation is especially relevant in the context of agentic AI models, where systems can execute actions autonomously—sending emails, performing transactions, accessing databases—exponentially amplifying both the potential for legitimate automation and for malicious abuse.

**Implications for agentic AI**

From the perspective of agentic AI, the article points to a structural tension of the current moment: the same advances that allow AI systems to act autonomously on behalf of users—calling, drafting, making decisions—are the ones that allow attackers to scale fraud operations that previously required intensive human effort. A malicious agent system could, in theory, make thousands of simultaneous deepfake calls, send millions of hyper-personalized phishing emails or manage extortion conversations in parallel without direct human intervention.

In general, as sector context, security researchers have begun to document what they call 'adversarial agents': AI systems designed specifically to automate the entire fraud cycle, from identifying vulnerable targets to extracting funds, including the generation of deceptive content and managing the conversation with the victim. This scenario represents a qualitative leap relative to traditional phishing, where each interaction required some degree of human supervision.

**Regulatory perspective**

From a regulatory standpoint, the fraudulent use of deepfakes and impersonation through AI are areas being addressed asymmetrically at the international level. In the European Union, the AI Act—whose progressive implementation is underway during 2025 and 2026—classifies certain uses of AI for manipulation or deception as unacceptable risk, but its application to criminal actors operating outside European jurisdiction presents obvious challenges.

In the United States, the Federal Trade Commission has issued alerts and guidance on AI fraud, and Congress has debated specific legislation on deepfakes, although without comprehensive federal regulation passed as of the date of this article. The gap between the speed of technological evolution and legislative capacity remains one of the main factors allowing malicious actors to operate with relative impunity.

**Outlook**

The projected figures—$40 billion in annual losses by 2027—suggest that AI fraud will continue to escalate as long as the marginal cost of executing sophisticated scams keeps falling. The combination of advanced language models, high-fidelity voice synthesis, convincing video generation and agents capable of holding autonomous conversations creates an environment in which purely technical defenses prove insufficient.

Citizen education—such as that promoted by this type of local journalistic coverage—and low-tech verification measures like family passwords are, paradoxically, some of the most robust responses available today, precisely because they operate outside the digital domain that attackers seek to exploit. Institutional trust, in-person verification protocols and informed skepticism thus become critical resources in an environment where digital authenticity is increasingly difficult to guarantee.