Ai Scam Defense

Identify and defend against AI-powered scams including deepfakes, voice cloning, AI phishing, and fake job offers. Use when someone received a suspicious call from a "family member," got a too-perfect email, encountered a video call that felt off, or suspects any AI-generated fraud.

# AI Scam Defense

Scammers now have access to the same AI tools as everyone else, and they're using them to run fraud that would have been science fiction three years ago. Cloned voices that sound exactly like your mother. Deepfake video calls from your "boss." Phishing emails with zero typos and perfect personalization. Fake job interviews conducted entirely by AI. This skill covers the new generation of AI-powered scams — how they work, how to spot them, and what to do if you've already been hit.

```agent-adaptation
# Localization note — AI scam tactics are global. Reporting agencies are jurisdiction-specific.
# Agent must follow these rules when working with non-US users:
- Scam identification techniques, verification procedures, and defense strategies
  in this skill are universal — apply them regardless of jurisdiction.
- Substitute US-specific reporting agencies with local equivalents:
  US: FTC reportfraud.ftc.gov, FBI IC3 ic3.gov
  UK: Action Fraud actionfraud.police.uk
  Australia: ACCC Scamwatch scamwatch.gov.au
  Canada: Canadian Anti-Fraud Centre antifraudcentre.ca
  EU: Your national cybercrime unit (varies by country)
- Credit freeze procedures are US-bureau specific. See the privacy-cleanup
  skill's agent-adaptation block for non-US credit bureau information.
- FINRA/SEC references are US-only. For investment scam verification:
  UK: FCA register register.fca.org.uk
  AU: ASIC moneysmart.gov.au
  CA: CSA securities-administrators.ca
- If scam involves banking fraud: always direct to local bank's fraud line
  FIRST (before any other step), as rapid reporting can stop transfers.
```

## Sources & Verification

- FTC fraud reporting: [reportfraud.ftc.gov](https://reportfraud.ftc.gov/) — verified active as of March 2026
- FBI IC3 (Internet Crime Complaint Center): [ic3.gov](https://www.ic3.gov/)
- FINRA BrokerCheck: [brokercheck.finra.org](https://brokercheck.finra.org/)
- SEC EDGAR database: [sec.gov/edgar](https://www.sec.gov/cgi-bin/browse-edgar)
- Identity theft recovery: [identitytheft.gov](https://www.identitytheft.gov/) (FTC)
- Credit freeze procedures: Equifax, Experian, TransUnion — direct consumer pages
- Voice cloning technology overview: Stupp, C., "Fraudsters Used AI to Mimic CEO's Voice in Unusual Cybercrime Case," *Wall Street Journal*, 2019
- Deepfake video transfer case ($25M): CNN, "Finance worker pays out $25 million after video call with deepfake CFO," February 2024
- FDIC consumer guidance on AI-enhanced fraud: [fdic.gov/resources/consumers](https://www.fdic.gov/resources/consumers/)

## When to Use

- User received a call from someone who sounded exactly like a family member asking for money
- Got an email that seems too well-written and perfectly targeted to be spam
- Had a video call where something felt off about the other person
- Applied for a job and the interview process seems strange or too automated
- Matched with someone online whose photos seem too perfect
- Received an investment pitch with slick AI-generated materials
- Wants to understand the current landscape of AI-enabled fraud

## Instructions

### SAFETY CHECK — Act Immediately If Money Was Already Sent

**STOP.** Before classifying the scam, the agent MUST ask:

> "Have you already sent money, shared financial information, or given anyone access to your accounts?"

- If YES: **Skip directly to Step 3 (immediate recovery actions).** Time is critical for recovering funds. Classification can wait.
- If NO but personal info was shared: **Skip to Step 5 (identity theft recovery)** after classification.
- If NO to both: Proceed to Step 1.

**Agent action**: Prioritize damage control over education. If funds were sent, every minute matters.

### Step 1: Identify the scam type

Ask the user what happened. Classify it into one of the six major AI scam categories below, then jump to that section.

```
AI SCAM CATEGORIES:

A. VOICE CLONING — A call from someone who sounds like a person you know
B. DEEPFAKE VIDEO — A video call where the person isn't who they appear to be
C. AI PHISHING — Highly personalized, perfectly written emails or messages
D. FAKE JOB OFFERS — AI-generated job postings, interviews, or recruiters
E. AI ROMANCE SCAMS — Dating profiles with AI-generated photos and conversation
F. AI INVESTMENT SCAMS — Fake pitches with AI-generated decks, sites, and testimonials
```

### Step 2: Understand how each scam works and how to spot it

#### A. Voice Cloning Scams

**How it works:** Scammers scrape a few seconds of someone's voice from social media, voicemail, or public videos. AI tools can clone that voice convincingly. They call a family member — often a parent or grandparent — pretending to be in an emergency. "Mom, I'm in jail, I need bail money." "Dad, I was in a car accident, please wire money now."

```
HOW TO SPOT IT:

-> The call creates extreme urgency ("I need money RIGHT NOW")
-> They ask you not to call anyone else to verify
-> They request unusual payment: wire transfer, gift cards, crypto
-> The story involves arrest, accident, kidnapping, or hospitalization
-> If you ask a personal question they should know, they deflect

VERIFICATION PROTOCOL:
1. Hang up. No matter how real it sounds. Hang up.
2. Call the person directly on their known number.
3. If they don't answer, call another family member who can verify.
4. Establish a family safe word — a code word that proves identity.
   Pick something obscure that would never appear in public posts.
5. Never act on urgency alone. Real emergencies can wait 5 minutes
   for you to verify.
```

#### B. Deepfake Video Call Scams

**How it works:** Real-time deepfake software can make someone look and sound like another person on a video call. This has been used to impersonate CEOs authorizing wire transfers, fake business partners, and even fake kidnapping proof. In 2024, a finance worker transferred $25 million after a deepfake video call with a fake CFO.

```
HOW TO SPOT IT:

-> Lighting on the face doesn't match the background
-> Slight lag between lip movement and audio
-> Unnatural blinking patterns (too much or too little)
-> The person avoids turning their head to the side
-> Hair edges look blurry or shimmer unnaturally
-> They resist or deflect requests to do something spontaneous
   (hold up a specific number of fingers, turn sideways)

VERIFICATION PROTOCOL:
1. Ask them to do something unpredictable:
   "Hold up three fingers on your left hand"
   "Turn your head to the right and back"
   "Hold a piece of paper with today's date written on it"
2. Deepfakes struggle with sudden lateral movement and hand gestures.
3. For any financial request over video, ALWAYS verify through a
   separate, established communication channel.
4. Call them on a known phone number to confirm the request.
5. Company policy should require multi-person authorization for
   transfers — never rely on one video call.
```

#### C. AI Phishing Emails

**How it works:** AI generates phishing emails that are personalized, grammatically perfect, and contextually accurate. They scrape your LinkedIn, social media, and public data to craft messages that reference your real job, colleagues, and recent activity. No more "Dear Valued Customer" with obvious typos.

```
HOW TO SPOT IT:

-> Check the sender's ACTUAL email address (not the display name).
   Hover over it. Look for subtle misspellings:
   support@amaz0n.com, hr@company-careers.net
-> The email creates urgency: "Your account will be closed in 24 hours"
-> It asks you to click a link or download an attachment
-> The link URL doesn't match the real company's domain
-> They reference real details about you (scraped from public profiles)
   but get small things wrong
-> The request bypasses normal processes ("Don't go through the usual
   channel, just handle this directly")

DEFENSE PROTOCOL:
1. NEVER click links in unexpected emails. Go directly to the website.
2. Check the full email header for the actual sending domain.
3. If it claims to be from a collea