TLDR
- Generative AI is accelerating authorized push payment scams, making them harder to detect and more costly to stop.
- Investment and impersonation scams are driving most APP fraud losses, with both consumers and companies at risk.
- Banks and businesses are increasingly turning to AI tools and cross-industry collaboration to combat AI-driven fraud.
Generative AI is changing the landscape of financial fraud: It is giving criminals new speed, scale and authenticity as they target consumers and businesses in much more sophisticated ways.
A rising scam is the authorized push payment, or APP, fraud – where victims themselves approve payments to scammers and thus make the crime harder to detect. Examples include romance scams where the criminal pretends to be a true partner, or investment scams that falsely promise a big payoff.
A Deloitte study is forecasting that U.S. losses from APP fraud could reach as much as $18.2 billion by 2028, up from about $8.3 billion in 2024. The use of AI tools and the rise of real-time payment apps make it tricky for financial institutions to block the scam quickly using legacy tools.
“These scams have grown by thousands of percent with each new version of a gen AI tool that comes out,” said Satish Lalchand, Deloitte’s U.S. forensic analytics leader and co-author of the study, in an interview with The AI Innovator. “Everybody is a target.”
APP fraud occurs when scammers manipulate individuals or employees into authorizing a payment that looks legitimate. Since the transaction originates from the victim’s own device or credentials, financial service providers often have limited ways to block it in real time or reverse it after the fact.
Stopping APP scams can be “tricky,” Lalchand said. The request to pay is “coming from your phone. It’s coming in with your password.” Unless the incident is widespread, he added, “it’s very hard for your financial service provider to think that it is a scam or a fraud … because it’s coming from you.”
Investment scams are expected to drive the largest share of future APP fraud losses, according to Deloitte. They accounted for an estimated $4.6 billion in losses in 2024 alone and have surged more than 14-fold since 2020. In second place are imposter scams. Deloitte estimates that Americans lost about $2.5 billion to APP imposter scams in 2024, up from roughly $960 million in 2020.
The FBI first spotted APP scams in 2023 but fraudsters have grown more aggressive since then. In July 2025, the FBI’s Los Angeles field office warned about “phantom hacker scams,” in which criminals impersonate tech support, banks or government agencies to create urgency and pressure victims into transferring money directly to fraudsters’ accounts, according to Deloitte.
And unlike credit card fraud or unauthorized money transfers, U.S. banks aren’t legally required to reimburse APP fraud victims, according to Deloitte. But such inaction can hurt customer loyalty: The study shows that over half of victims considered changing banks and 30% actually did.
Gen AI amplifies the problem
Generative AI is amplifying the problem. Fraudsters can now generate thousands of personalized messages in seconds and tailor language and cultural references to specific regions, age groups or interests quickly and at scale.
“In the past, if I was a fraudster, I could send maybe 50 or 60 emails a day” and “cheat” one or two people, Lalchand said. “Now, I can do a million emails a day, and guess what? I’m going to be scamming tens of thousands of people a day.”
AI has also erased many of the signs associated with scams: Emails are grammatically correct. Documents closely replicate legitimate bank, government or corporate templates. Images and videos can be fabricated to support false claims, such as fake traffic violations or forged invoices.
Deepfakes are emerging as a particularly dangerous tool. Audio and video impersonations of executives, family members or officials can convincingly pressure victims into sending money before they have time to verify the request.
Lalchand described one instance when an employee sent millions of dollars overseas after receiving a video call from what appeared to be the company’s CEO. The video was a deepfake. “She told me, ‘I’ve worked with them for 20 years. I still can’t believe that I got scammed,’” he said.
Indeed, the threat is not limited to consumers. Companies are prime targets because of the size and speed of their payments. Fraudsters routinely send batches of fake invoices or payment requests, knowing that even a small success rate can be lucrative.
“Big time, companies are being scammed,” Lalchand said. Employees may catch 10 or 20 scam invoices, “but if you send 1,000 fake invoices, guess what, you may get a successful funnel. That’s all you need.”
APP fraud also affects all age groups, but not in the same way. Deloitte’s analysis suggests older adults are hit hardest by imposter scams, particularly tech-support fraud. Two-thirds of the $95 million in losses from tech-support scams in 2024 came from baby boomers and 19% from people over 80.
Younger consumers are victimized as well. They are disproportionately targeted by job and business opportunity scams, online shopping fraud and advance-fee schemes, often delivered through digital channels.
“Everybody is being impacted right now,” Lalchand said. “Everybody needs to put their guard up.”
What businesses should do
As fraud volumes surge, traditional corporate defenses are reaching their limits. Many organizations still rely on legacy tools designed for slower, simpler fraud patterns. Adding more staff is not a viable solution when fraud attempts increase by orders of magnitude.
“The number of fraud attempts has gone up by 1,000%,” Lalchand said. “You’re not going to add 1,000% more” people.
Instead, banks and companies are increasingly turning to agentic AI – systems that can autonomously gather signals, categorize cases and draft analyses – to help them scale their defenses. “For complex scams, it can write a note and say, ‘this is what I’m seeing,’” he said. “It can connect the dots.”
Lalchand urged business leaders to take the initiative in bolstering defenses. “Be proactive in terms of raising your defenses and not waiting for something to happen,” he said. But they also have to realize that there is no single fix. “There is no silver bullet in detecting and managing fraud.”
As such, the effort calls for modernizing fraud tools, integrating siloed data, investing in AI-driven defenses and continuously training employees. “They have a lot of information, but they need to use AI and gen AI and start bringing signals together so they can better understand” the landscape, he said.
Companies also need to train their employees to prevent them from being tricked, as well as have “very good” controls in place, Lalchand said. They need to assess their fraud detection and prevention controls every quarter – not once every few years – while keeping abreast of the latest scams whether the threat comes from inside or outside. “There’s a fair bit that companies need to do,” he said.
But companies can’t go on the offensive alone. Deloitte’s research argues that mitigating APP fraud also will require a coordinated, multi-industry response since many of the scams use telecom and social media platforms.
In Australia, a pilot ‘SMS Sender ID Registry’ lets telecom companies block scam texts by confirming that message headers – hidden technical details attached to text messages and emails that point at their source – actually come from real businesses.
Similarly, ‘Stop Scams U.K.’ brings together banks, telecom providers, tech companies, regulators, law enforcement, and consumer groups to share fraud intelligence, coordinate responses, and run public awareness campaigns, according to the Deloitte study.
In the U.S., there are efforts such as the Aspen Institute’s National Task Force for Fraud and Scam Prevention, which gathers together 33 partners from different industries to fight consumer fraud. Also, proposed legislation such as the bipartisan TRAPS Act aims to create a federal task force to fight digital payment scams targeting consumers and businesses.
