Morning Overview

Deepfakes now account for roughly one in nine fraud attempts as AI scams spread

Americans reported losing $3.5 billion to imposter scams in 2025, making it the most-reported fraud category tracked by federal regulators. A growing share of those scams now rely on AI-generated content. An analysis of more than 9 million identity verification transactions during the first quarter of 2026 found that AI-generated fraud surpassed physical forgery for the first time, with nearly one in 11 attempts showing indicators of AI involvement. The speed at which synthetic media can now mimic real people has turned deepfakes from a novelty into an operational weapon for financial criminals.

Why AI-driven identity fraud threatens everyday banking

The financial damage from impersonation schemes is accelerating because the tools behind them have gotten cheaper and faster. Fraudsters no longer need to physically alter a driver’s license or forge a utility bill. They can generate convincing synthetic faces, voices, and documents using widely available AI software, then deploy those fakes against automated identity checks at banks, fintechs, and government benefit portals. The result is a form of fraud that scales far more quickly than traditional forgery.

Identity verification firm AU10TIX analyzed more than 9 million transactions between January 1 and March 31, 2026, and found that AI-generated fraud surpassed physical forgery for the first time. Nearly one in 11 identity verification attempts showed indicators of AI involvement. That ratio means financial institutions processing thousands of new account applications each day face a steady stream of synthetic identities that look legitimate on the surface.

In practical terms, that shift changes the risk profile for routine banking. A fraudster who can spin up hundreds of synthetic identities in a day can probe dozens of institutions for weaknesses, open fraudulent accounts, and route stolen funds before detection tools catch up. Because deepfakes can be tailored to match specific demographic profiles or stolen data sets, they can also slip past manual review when staff are under time pressure or lack specialized training.

One hypothesis worth tracking is that banks adopting technical countermeasures such as the watermarking standards described in a GAO spotlight report on deepfakes could see a measurable drop in new-account fraud compared with peers that do not. No public data yet confirms or refutes that prediction, because adoption rates among financial institutions remain unreported. But the logic is straightforward: if watermarking allows verification systems to distinguish AI-generated images from authentic ones at the point of onboarding, fraudulent applications should fail earlier in the pipeline.

Even without watermarking, some institutions are experimenting with layered defenses. These include requiring liveness checks during video verification, cross-checking biometric data against known device histories, and tightening limits on high-risk transactions from newly opened accounts. Each added step introduces friction, however, and banks must balance fraud prevention with customer experience and accessibility concerns.

Federal data and industry benchmarks behind the one-in-11 figure

Two distinct data streams support the scope of the problem. On the regulatory side, the Federal Trade Commission reported that imposter scams generated $3.5 billion in reported losses in 2025 and were the most common fraud category by complaint volume. Those numbers capture a wide range of tactics, from classic phone-based tech-support scams to romance fraud and business email compromise. The figures do not break out deepfake-specific losses or transaction counts, but they establish that impersonation, the broader category that synthetic media enables, is already the single largest source of consumer fraud complaints in the United States.

On the industry side, AU10TIX’s Q1 2026 benchmark provides the granular detection data. The company’s analysis covered more than 9 million identity verification transactions and flagged nearly one in 11 as showing AI indicators. That finding crossed a threshold: for the first time, AI-generated fraud attempts outnumbered attempts using physically forged documents. The benchmark does not provide per-institution or geographic breakdowns, so it is not yet possible to say whether certain sectors or regions face disproportionate exposure.

Federal agencies have been building alert infrastructure around these findings. The Financial Crimes Enforcement Network issued an alert on deepfake media fraud targeting financial institutions, cataloging specific typologies such as identity verification evasion and authentication circumvention using synthetic media. The alert gave banks a formal set of red flags to watch for, including unusual eye movements, inconsistent lighting, and mismatches between live video and submitted documents, but it did not include quantified incident totals or confirmed loss figures tied specifically to deepfakes.

The GAO published a science and technology spotlight on combating deepfakes that described technical countermeasures including watermarking, content provenance tools, and AI-based detectors. The report also flagged constraints tied to privacy rules and First Amendment considerations that limit how aggressively those tools can be deployed. For example, continuous biometric monitoring or broad scraping of user-generated content can raise legal and ethical issues even when deployed for fraud prevention. No current adoption-rate data accompanied the GAO’s technical descriptions, leaving policymakers and bank risk teams without a clear baseline for how widely these defenses are being used.

Gaps in detection data and what to watch next

Several open questions limit how precisely anyone can measure the deepfake fraud problem right now. The FTC’s $3.5 billion imposter-scam total is the broadest reliable number, but it blends phone scams, email phishing, and AI-generated impersonation into a single category. Until the FTC or another agency isolates deepfake-specific losses, the true financial toll of synthetic media fraud will stay unclear. It is also likely that many consumers never realize a deepfake was involved in a scam, especially when the fraud occurs over the phone or via text but relies on AI-generated voices or scripts in the background.

AU10TIX’s benchmark offers the best available snapshot of AI involvement in identity verification, but it reflects one company’s detection platform rather than the full market. Different verification vendors use different detection thresholds and AI-indicator definitions, so the nearly-one-in-11 figure may not translate directly across the industry. Geographic and sector-level breakdowns would help banks and regulators target resources, but those details are not yet public. Without standardized reporting, it is difficult to compare how, for example, community banks, large national institutions, and fintech startups are each experiencing and detecting synthetic-identity attacks.

Another blind spot is incident reporting from financial institutions themselves. While suspicious activity reports can capture some deepfake-enabled fraud, those forms were not originally designed with synthetic media in mind. Descriptions of AI involvement may be inconsistent or buried in narrative fields, making trend analysis challenging. Over time, regulators could update reporting templates to include explicit checkboxes or codes for AI-generated content, but no such standardized fields have been widely adopted yet.

Consumer reporting also plays a role. People who suspect they have been targeted by an imposter or deepfake-related scheme can submit details through the FTC’s online portal at ReportFraud.ftc.gov. Those reports feed into the same database that underpins national fraud statistics and can help regulators spot emerging patterns. However, participation is voluntary, and many victims may feel embarrassed or unsure whether their experience qualifies as fraud, leading to underreporting.

In the near term, several developments will be important to watch. First, any move by federal regulators to require more detailed categorization of AI-related fraud in consumer complaint systems or bank reporting would sharpen the picture of how deepfakes are being used. Second, broader publication of anonymized benchmarks from multiple identity verification vendors could either confirm or challenge the one-in-11 figure, revealing whether AU10TIX’s experience is typical or an outlier. Third, clearer data on which technical countermeasures banks are deploying-and how effective those tools are in practice-would allow policymakers to prioritize standards and funding.

For now, the available evidence points in a consistent direction: impersonation scams are already the largest single category of reported consumer fraud, and AI-generated media is rapidly becoming a preferred tool for criminals seeking to defeat identity checks. The precise loss figures tied to deepfakes remain uncertain, but the combination of regulatory statistics and industry benchmarks makes one conclusion hard to ignore. As synthetic media grows more accessible, every institution that relies on remote identity verification will need to treat AI-driven fraud not as a speculative risk, but as a present-tense operational challenge that demands sustained investment, updated controls, and better data.

More from Morning Overview

*This article was researched with the help of AI, with human editors creating the final content.