September 25, 2025
12 min read
The anatomy of a scam: How AI and the dark web fuel financial schemes — and ways to stay safe
Sarah Gosler, head of Cyber Human Defense at Wells Fargo, reveals how scams originate and how emerging tech and underground networks are reshaping the scam landscape.
Key takeaways
- The rapid evolution of AI and deepfake technology has made financial scams incredibly sophisticated and harder to distinguish from reality.
- Scammers deceive their targets using fake emails, texts, or calls that look or sound legitimate.
- Cybercriminals build a profile on their targets by collecting personal data from social media, public records, and the dark web to build convincing attacks.
- Emotional triggers like fear, urgency, or the promise of a reward are used to pressure people into acting hastily.
- Because they don’t have access to secure banking systems, malicious actors impersonate banks and trusted organizations using data collected from the dark web, relying on tricking individuals into voluntarily providing personal information or account access.
In our increasingly digital world, the primary target for scammers isn’t always your bank’s advanced systems. It’s often you, the consumer. “Scammers prey on your trust, your emotions, and your wallet,” said Wells Fargo’s Sarah Gosler, a globally recognized cybersecurity leader and expert in human-centric defense. She’s known for reverse engineering human behavior to outsmart adversaries. Her team focuses on empowering customers to be their own best defense against online threats because, as she noted, “consumer awareness is a critical component of strong cybersecurity.”
With the rapid evolution of AI and deepfake technology, scams are becoming incredibly sophisticated and harder to distinguish from reality. Imagine realistic fake videos or voices that perfectly mimic someone you know or a company you trust. Understanding how these impersonation scams operate is the most crucial step you can take to protect yourself and truly outsmart the criminals.
Gosler shares these insights and scam prevention tips:
What are scams and how do they typically begin?
At their core, scams are deceptive schemes designed to steal your money, your identity, sensitive personal data, or gain access to your accounts. “Scammers are master manipulators. They exploit natural human responses like urgency, distraction, fear, or even the promise of a big reward,” Gosler said. “They want to pressure you into making quick decisions before you have a chance to think clearly or verify.”
These attacks often begin with cybercriminals building a profile of their targets by meticulously piecing together digital breadcrumbs of your information that they’ve collected in various ways.
- Fake emails, texts, or calls that look or sound incredibly legitimate. They’re designed to trick you into clicking harmful links or sharing private, sensitive details.
- Deepfakes and synthetic media. Fraudsters use AI to create fake videos or voice recordings that perfectly impersonate people you know and trust, like family, friends, or your bank.
- Credential theft. If they steal your login for one website, they’ll try it everywhere, like a master key. “This is why using unique, strong passwords for every online account is absolutely vital,” Gosler stressed.
- Combining old and new tactics. They might use traditional methods like mail theft to steal physical documents such as checks or utility bills. Then, they combine that with AI-driven data scraping. This helps them mine even more information and build a comprehensive target profile.
Where do scammers collect and use your personal information?
Cybercriminals are constantly assembling bits of personal data from various sources to build convincing attacks. From social media, they might extract birthdays or names of family members and pets, details often used in passwords or to personalize phishing attempts. Public records can reveal your address and property ownership, which may help imposters bypass identity checks. These fragments of information make scams feel alarmingly personal and authentic, all designed to gain your trust and catch you off guard.
Unfortunately, the cycle of scams and fraud is fueled by stolen personal data. According to Javelin Strategy, 7 in 10 victims who lost money to a scam were also tricked into handing over personally identifiable information. Top stolen information included email addresses (43%), phone numbers (38%), and banking details (28%).
What is the dark web?
Think of the dark web as a hidden part of the internet that’s not indexed by regular search engines. It’s where stolen personal and financial data from various data breaches is anonymously bought and sold. “Scammers frequent these hidden marketplaces to acquire vast amounts of personal details: names, addresses, email addresses, passwords, purchase histories, and even Social Security numbers,” said Gosler. “In many cases, this stolen data from the dark web is the starting point of the sophisticated scam attempts we see today.”
Malicious actors impersonate banks and trusted organizations using data they’ve collected from many sources, including the dark web, not because they have access to secure banking systems. “Your financial institution is almost never the source of the scam,” Gosler said. “Scammers entire strategy relies on tricking you into voluntarily providing more personal information or account access.”
[Note: References to the dark web are for education only. Do not access, monitor, or engage with content on the dark web, since doing so may introduce financial cybersecurity risk.]
How is the scam presented?
Once scammers have gathered enough personal data, they launch their attack. You might receive a call, text message, email, or social media message generated with sophisticated tactics that make the message appear to come from a legitimate source:
- Spoofed caller IDs. The number on your phone might display your bank’s name or a familiar contact, but it’s fake. In fact, phone calls were one of the top reported contact methods for fraud in 2024.
- Look-alike email addresses. These may differ by just one character from a real email address, making them hard to spot at a glance.
- Fake websites. These are meticulously designed to mimic real login pages of banks or other services.
- AI-generated voices or videos. These can sound like real customer service agents or even your friends and family. They’ll often reference those real details they collected about you, like your address, a recent transaction, or a family member’s name, which makes them sound incredibly convincing
Scammers use emotional triggers like fear (“Your account is locked!”), urgency (“Act now to avoid fees!”), curiosity (a simple text that says “Hi”), or the promise of a reward (“You’ve won a prize!”) to pressure you into acting hastily. Their goal is usually to trick you into:
- Giving up more sensitive information.
- Sharing a one-time security code.
- Clicking a malicious link.
- Downloading a harmful app.
- Handing over your debit or credit card.
- Making a money transfer.
These actions can give criminals direct access to your accounts, your funds, or your devices.
What are some red flags to watch for?
Staying vigilant is your best defense. When it comes to AI-generated voices or videos, pay close attention to:
- A voice that sounds robotic, flat, or strangely paced.
- Movements in videos that seem jerky or where the lip movements don’t quite match the words being spoken.
- Requests to send or transfer money or hand over your debit card under the guise of “protecting your account” or “keeping your money safe.” Your bank, a government agency, or the police will never ask you to do this.
Some additional scam prevention tips include:
- Wait and validate: Verify all requests and offers independently before taking action.
- Don’t share personal information: Be cautious of unsolicited requests for sensitive personal and financial information such as username, passwords, PIN numbers, or one-time passcodes.
- Don’t be quick to click: Malware can be embedded in links. Don’t click on unsolicited links.
- Use strong passwords: Don’t reuse passwords across sites. Use a password manager if needed.
- Monitor accounts: Set up account alerts and two-factor authentication.
At Wells Fargo, we are deeply committed to protecting our customers. We invest significantly on an annual basis and deploy cutting-edge technologies like advanced AI and machine learning to proactively detect and prevent fraudulent transactions. We also provide robust security features, including strong data encryption, two-factor authentication, convenient passkey options, and transaction alerts1 right on your phone.
Beyond technology, Gosler’s Human Cyber Defense team is dedicated to educating and empowering our customers. “We believe that an informed customer is the strongest defense. Ultimately, your vigilance and awareness remain our strongest partnership in this fight since no system can guarantee complete protection.”
“Stay informed, stay skeptical,” said Gosler. “And always remember, while scammers and their technologies are constantly getting smarter, so are we, especially when we work together. By understanding their tactics, we can collectively outsmart them and protect what matters most.”
For more information, resources, and tips on spotting and avoiding scams, visit the Wells Fargo Security Center.
Read more
FAQ
Personally Identifiable Information (PII) refers to any data that can identify a specific individual, either on its own or when combined with other linked details. This includes direct identifiers like your name or Social Security Number, and indirect ones such as birthdate, place of birth, or medical records that, when cross-referenced, can trace back to you.
Download the Wells Fargo Identity Theft Assistance Kit (PDF), which contains resources and a checklist to help you keep track of the companies and organizations you should contact if you believe you are a victim of identity theft. Be sure to document your conversations and any next steps.
- Report the theft immediately to your bank. Wells Fargo customers should call 1-800-869-3557 immediately. We will work with you to understand the situation and advise you how to protect your Wells Fargo accounts.
- Place a fraud alert on your credit report to help prevent identity thieves from opening new accounts in your name. Reach out to one of the major credit bureaus to add a fraud detection alert: Equifax, Experian, or TransUnion.
- Monitor your bank and credit card accounts closely for unauthorized activity. Set up account alerts. Report any suspicious transactions right away.
- File a police report. Obtain a copy of the report, which may be required for future claims or investigations.
- Notify other financial institutions where you hold accounts so they can take protective measures.
- Consider adding 2-step verification at sign-on to provide an additional layer of security for mobile or online banking.
Wells Fargo employees will not initiate contact with you and ask for your PIN, password, or one-time access codes. This information should always be protected and not shared with anyone who contacts you. We will never ask you to withdraw your money or make a transfer to anyone — including yourself — to “reverse a transfer,” “receive a refund,” “protect your money,” or anything similar. Remember, if a correction or new account is needed, the bank will resolve the issue without asking you to make a transfer or withdrawal. When in doubt, hang up and contact us directly.
- Check fraud remains a growing problem, with scammers using counterfeit checks or altering legitimate ones to steal funds.
- Imposter scams where scammers impersonate banks, government agencies, or tech support to gain trust and extract personal information.
- Elder fraud and financial abuse targeting older adults often involves manipulation or deception to gain access to accounts or assets.
- Scammers pose as IRS agents or tax preparers, often using fake texts or emails to steal personal data.
These include fraudulent messages — via text, email, or phone — that impersonate trusted organizations to trick you into sharing sensitive information or making payments. Read more: Five steps to avoid phishing scams
Vishing is when scammers pose as trusted entities like the IRS, banks, or tech support using phone calls to trick you into giving up personal or financial information. These calls may sound legitimate and often spoof official phone numbers. Read more: How to spot imposter scams.
AI-generated messages can be hard to detect. Be on the lookout for unnatural speech patterns, jerky movements, or mismatched lip-syncing. Ask yourself: Does the voice sound robotic, flat, or strangely paced? In videos, do the movements seem off or do the lips not quite match the words they are saying? Even if you don’t notice these signs, if the situation feels off, it’s best to verify.
Reporting fraud and scams, even if you think the matter is insignificant or you didn’t respond, helps us identify new and emerging threats. We continue taking significant measures to protect customers from fraud and scams, investing hundreds of millions of dollars annually to advance our security measures and technology.
Phishing emails and texts
- If you clicked a suspicious link, sent a payment, opened an attachment, or provided any personal account information, call 1-866-867-5568 right away.
- If you did not respond, forward the suspicious email or text message to reportphish@wellsfargo.com.
Suspicious phone calls
- If you received a call, sent a payment, provided one-time access codes, or personal account information to someone claiming to be from Wells Fargo, call 1-866-867-5568 immediately.
Fraud is when a bad actor uses stolen information, such as a Social Security or credit card number, in an unauthorized way, like filing a false tax return, without the victim’s knowledge or consent.
Scams trick people into authorizing a financial transaction or willingly supplying personal information, which makes it difficult to recover any money.
For more information, resources, and tips on spotting and avoiding fraud and scams, visit the Wells Fargo Security Center.
