Australian businesses lose AUD $2.03 billion as AI scams surge

Australian businesses are facing increasing risks from scams that are growing in sophistication and scale, targeting both organisations and consumers.

According to Reuben Koh, Security Technology and Strategy Director of Asia-Pacific and Japan at Akamai Technologies, scams are now a significant and mainstream threat. Koh states, "Scams are no longer on the fringes of criminal activity. They have become a mainstream threat for Australians, targeting both consumers and businesses with increasing sophistication. According to Scamwatch, Australians lost AUD $2.03 billion to scams in 2024."

Escalating threat landscape

Scams Awareness Week this year is serving to highlight the increasing prevalence and evolution of scams targeting Australians. Koh says, "This year's Scams Awareness Week (25-29 August 2025) highlights this escalating issue and shows that as scams evolve in type and scale, our strategies to combat them must also adapt."

The types of scams most affecting Australian businesses have shifted beyond basic phishing and purchase fraud. Koh points out, "Scams are expanding beyond traditional phishing and purchase fraud into more complex and emotionally manipulative schemes. The most common types currently affecting Australian businesses include: Investment scams, which range from fake property opportunities to cryptocurrency fraud, have been on the rise with the latter skyrocketing. Victims are often lured with promises of 'too good to be true' returns. Payment redirection or invoice scams pose a growing risk for small and medium businesses, where fake invoices or altered account details trick companies into transferring funds to offshore criminals. Victims may also be directed to pay via account details or QR codes, which can be randomly generated. This tactic is effective as many people don't verify QR codes before paying. These scams exploit trust in familiar systems, whether in financial transactions, business supply chains, or government processes, making them harder to spot."

Artificial intelligence and scams

Koh highlights the changing dynamics in scamming methods due to the use of artificial intelligence. "Artificial Intelligence (AI) is increasingly exploited by scammers to target victims. Automating scams enables bad actors to generate more sophisticated attacks more quickly and effectively, resulting in far-reaching effects."

He gives examples of how AI is misused by criminal actors: "Cybercriminals are using AI in various ways: Offering scams 'as-a-service': Sophisticated cybercriminals develop complete AI-powered phishing kits which are sold to less experienced scammers, lowering the barrier to entry for would-be cybercriminals while exponentially increasing the number of scams. Personalised attacks: Scammers use AI to research and gather information from social media and the internet to build rich and detailed profiles of targets quickly. Generating convincing content: Cybercriminals use AI to develop realistic phishing emails, deepfake audio and malicious QR codes to target victims. Scaling of operations: Small scam rings can now reach a wider number of victims by automating multiple social engineering campaigns."

AI-powered defence strategies

AI is also being utilised to enhance scam detection and response. According to Koh, "On the flip side, AI is also being increasingly used to defend against scams. In Australia, financial institutions and businesses are deploying AI in three, key ways: Detecting scams in real-time by monitoring transactions, verifying account and payment details, and blocking high-risk payments instantly. Improving human decision-making: some banks now use AI to listen in on customer calls and transcribe conversations, alerting staff to suspicious cues. Identifying patterns of fraudulent behaviour from bot-led account takeovers to anomalies in business payment flows."

This creates a constant "arms race", offensive AI versus defensive AI, with both sides innovating rapidly.

Practical steps for businesses

Koh recommends that businesses remain vigilant and adapt their processes in line with emerging threats. He outlines a checklist: "With scams evolving, awareness and preparation are critical. To defend themselves from scams, businesses should follow this checklist: Verify invoices: Cross-check large or unusual payments with partners, suppliers and financial institutions directly before processing. Train staff and frontline workers: Provide training for finance, customer service, and IT staff to spot scams and anomalies and know the right course of action. Protect customer data: Layer defences with AI-driven fraud detection, bot protection, and multi-factor authentication. Establish a scam response playbook: Know who to alert (IT, legal, communications, law enforcement) and how to respond if fraud occurs. Educate customers and partners: Proactively communicate about emerging scams to the various stakeholders in your organisation to strengthen your supply chain."

If businesses fall victim, Koh urges prompt action. "Businesses should act quickly if they fall victim to a scam. Ensure the following steps are taken: Follow established procedures with haste but do not panic. Notify affected partners and customers immediately. Contact their bank to attempt to block or recall fraudulent transactions. Report the incident to Scamwatch, the Australian Cyber Security Centre (ACSC) and relevant authorities. Review internal processes to prevent recurrence."

Shared responsibility

Koh notes that combating scams requires joint effort. "Scams are not just an IT issue, they're a people, process, and ecosystem issue. Protecting Australians requires vigilance, technology, and collaboration across businesses, government, and consumers."

He adds, "While scams will continue to evolve, Australian businesses armed with the right tools, awareness, and response plans can stay one step ahead. It's not a matter of if they fall victim to a scam, but when and how they respond."