Skip to main content Skip to log on Skip to search Accessibility at CommBank

Brighter / / 3 AI-driven scams to watch out for

3 AI-driven scams to watch out for

Cyber security experts met at SXSW Sydney to discuss the latest trends in AI and scams. Here’s what you need to know and tips to help keep yourself safe.

By Jessica Golding

Artificial intelligence is being used by scammers to increase the scale, speed and sophistication of their attacks, according to a panel of cyber security experts who met at SXSW Sydney. 

“AI is really changing the landscape,” says CommBank’s general manager of cyber defence operations, Andrew Pade. “In the last three months, we’ve taken down as many attacks as we took down for the entire year last year.” 

The panel discussed the rise of malicious AI tools, which can be rented by cyber criminals for as little as $150 a month and used to create convincing scam campaigns quickly. “That whole market is now changing the way attacks are done in terms of speed,” says chief information officer at I-MED Radiology Network, Sarv Girn.  

But it’s not all bad news. AI is also being used to help fight against scammers, with CommBank creating an agentic AI agent to help combat threats. Briana Wade from CommBank’s cybercrime team says working with AI is helping to reduce the amount of time it takes the team to detect and respond to risks. “What used to take me hours, this agent can do in minutes,” she says. “It’s just going to keep getting better and better.” 

Here are some of the key AI-driven scams to be aware of. 

1. Mass phishing campaigns 

Phishing is when a scammer sends an email or message that appears to be from a trusted source. It doesn’t rely on hacking, but on recipients clicking a link and handing over personal information or downloading malware. 

AI is resulting in "unprecedented levels” of these campaigns and they're getting harder to spot, says Wade. “It’s very hard to pick out what’s legitimate and what’s a phishing campaign." 

The best way to check that a message is legitimate is to verify it with the organisation through a different channel, says Girn. “Don’t go back to the same channel that’s trying to ask you for data or for a payment.” 

A panel of cyber security experts met at SXSW Sydney.

2. Deep fakes 

“A second big shift we’re seeing is deep fake technology,” says Wade. “We’re seeing impersonation of influential people. Their identities are being used—their voices, their images, their videos—to essentially trick people into taking action for some malicious intent.” 

Wade says deep fakes are becoming harder to detect and can be used to lure people into paying fake invoices or making investments.

Vanessa Austin from CommBank’s open-source intelligence team says this technology can also being used to create voice and video impersonations of you or people you know. “Attackers can then use this to bypass ID verifications or to call you up and try to get you to pay an invoice and that sort of thing,” she says. 

3 simple steps to remember

  • Stop: Does a call, email or text seem off? The best thing to do is stop. Take a breath. 
  • Check: Ask someone you trust or contact the organisation the message claims to be from.
  • Reject: If you’re unsure, hang up on the caller, delete the email, block the phone number. Change your passwords.

3. Spear phishing attacks

Hyper-personalised phishing—known as spear phishing—is also on the rise, with AI tools being used to find out information about individuals at scale.

"Spear phishing emails can match the target’s tone and context by drawing on publicly available information on social media,” says Austin. “They can look up their organisation and find their role, and potentially even the technology they’re using within that role.”

Traditional hints that a message might be a scam, like awkward phrasing or grammar mistakes, are also becoming less common with the help of AI. “We’re sort of moving away from those traditional clues,” says Austin.

Panellists Briana Wade from CommBank’s cybercrime team and Sarv Girn.

Tips for protecting yourself

So, how can you help protect yourself against these types of scams? Here are some top tips from the experts. 

  • Verify messages through an official channel: “Don’t go back to the same channel that’s trying to ask you for data or for a payment,” says Girn. “If you’re doing banking, go back to your banking app.” 
  • Be careful about what you share online: “It might be interesting to ask AI what it can find out about you and see what could be used against you,” says Austin. 
  • Create a safe word to use with friends and family: “Is there a key word you can use to identify that that person is who they say they are when you’re talking to them?” says Austin. 
  • Report any suspicious messages: If you receive any suspicious emails or texts claiming to be from CommBank, you can send them to [email protected]. If you think you’ve been scammed, contact us immediately by messaging us in the CommBank app or calling us on 13 22 21. 

Visit the CommBank Safe hub for more information on cyber security, scams and fraud.

Related articles


Published: 17 November 2025

Tags

Things you should know

This article provides general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as personal financial product advice. The views expressed by contributors are their own and don’t necessarily reflect the views of CBA. As the information has been provided without considering your objectives, financial situation or needs, you should, before acting on this information, consider what is appropriate for your circumstances, and where appropriate, consider the relevant Target Market Determination, Product Disclosure Statement and Terms and Conditions available on our website. You should also consider whether seeking independent professional legal, tax and financial advice is necessary. Every effort has been taken to ensure the information was correct as at the time of publishing but it may be subject to change. No part of the editorial contents may be reproduced or copied in any form without the prior permission and acknowledgement of CBA.