Avoid Fraud

Protecting Your Investment Accounts From GenAI Fraud
Protecting Your Investment Accounts From GenAI Fraud

Investment fraud involving the use of artificial intelligence (AI) is on the rise. Increasingly, fraudsters are using generative AI (GenAI) tools to gain access to financial accounts and create new accounts in the names of unsuspecting investors.

How Fraudsters Are Using GenAI

GenAI is a type of AI that can create new content based on a user’s prompts. For example, tools using GenAI technology can write essays and computer code; generate realistic images, audio and video; drive chatbots that interact with humans; and perform more functions than database searches that simply return results in response to word or information queries. GenAI is making it easier for bad actors to fraudulently open new accounts using investors’ identities and to improperly gain access to investors’ accounts.

Fraudsters are using GenAI’s capabilities to exploit traditional identification (ID) verification processes and commit new account fraud and account takeovers in multiple ways, including the following:

  • Social Engineering – Social engineering involves tricking or manipulating targets into giving away sensitive information or allowing remote access to their computer. Fraudsters might use GenAI to analyze your social media activity to create highly personalized phishing emails that could contain malicious files or lead you to fraudulent websites embedded with malicious links.
  • Voice Clones – With GenAI, fraudsters need only three seconds of audio of someone speaking to create a credible-sounding imitation, or voice clone. Using a voice clone, fraudsters might persuade you to grant them access to your accounts, for example, by impersonating a loved one of yours in distress or under financial duress. Fraudsters might also attempt to access your brokerage account directly by using a voice clone of you to undermine voice biometric protections your firm might have in place.
  • Fake ID Documents – Fraudsters can use GenAI to create convincing fake ID documents—such as driver’s licenses or professional credentials—that might also incorporate AI-generated images. They can use these documents to verify identity to fraudulently open a new account or to take over an existing account.
  • Deepfake Selfies – Some firms have incorporated requests for selfie photos and videos into their customer-verification process. Fraudsters can take images from investors’ social media and use GenAI to create deepfakes to get around these security checks.

Protecting Your Accounts

GenAI’s ability to create credible-looking (or -sounding) fakes increases fraud risk. However, you can take steps to help protect your financial accounts:

  • Choose strong passwords. Create complex passwords that are unique to each account, and avoid using easily guessable passwords and security questions.
  • Use a password manager. A password manager is a software application that securely stores and manages your login credentials, including usernames and passwords, for various online accounts. The main benefits of using a password manager include secure storage, unique and complex passwords, and centralized management.
  • Enable multi-factor authentication (MFA). Enabling MFA on all of your accounts adds an extra layer of security beyond just a password by requiring you to also enter a code that’s sent to your mobile phone via text message or through an authentication application to your account. Choose to have MFA codes or messages sent to your phone rather than via email (if given a choice). Ignore or reject all MFA codes and messages that you weren’t expecting, and then follow the steps in the next bullet.
  • Protect against phishing attempts and impersonation scams. Be cautious of emails, texts or calls that ask for personal information or claim to be from one of your service providers, especially if they seem urgent or suspicious. Don’t respond with identity-verifying or sensitive information—such as passwords, account numbers or credit card information—and never click on links or open an unexpected email attachment from someone you don’t know. Instead, contact the firm through information provided on an account statement or its website to help ensure that the company or individual you’re communicating with is legitimate.
  • Use biometric verification. Biometric identifiers, like facial scans or fingerprints, are unique to each person and can be harder for fraudsters to replicate.
  • Monitor account activity regularly. Actively review your account statements and online activity for suspicious transactions or logins from unfamiliar locations that could indicate a potential account takeover. Login history for your account is often found in the platform’s “security” or “privacy” section.
  • Turn on notifications. By turning on notifications for your account, you can receive a quick alert of any suspicious activity, such as transactions, transfers or newly linked banked accounts you don’t recognize. When a fraudster takes over someone’s account, they might turn off notifications to delay discovery of their actions. Make sure you’re receiving all notifications you’ve signed up for, and contact your firm promptly if notifications are stopped.
  • Use identity-theft protection and credit monitoring services. These services can warn you of possible data breaches and initiate protective measures. If you believe your data has been compromised, consider requesting a credit freeze. This might decrease the chances of a bad actor opening fraudulent financial accounts in your name.
  • Report suspicious activity immediately. Immediately terminate any communication that makes you start to feel unsafe. If you suspect fraudulent activity, contact your financial institution, regulatory authorities and local police or law enforcement (see below) right away to report the issue and initiate security measures.

Monitoring for New Account Fraud

Along with monitoring your existing accounts, watch for new account fraud by:

  • monitoring your credit reports regularly for accounts opened in your name that you didn’t authorize;
  • looking into notifications regarding new accounts that are unfamiliar to you; and
  • checking your bank statements for transactions you don’t recognize.

Some of the same actions that can help you avoid having your existing account information stolen—including securing your accounts and avoiding phishing attempts—might also reduce your chances of facing new account fraud.

GenAI has made it easier to impersonate consumers and commit fraud. Although financial institutions are working to fight fraud on their platforms, you can also take actions to protect yourself and to alert firms to any suspicious activity.

If you think you’ve been a target or victim of GenAI or other investment fraud, submit a regulatory tip to FINRA. If your regulatory tip information concerns potential criminal activity, you should also report the matter to law enforcement, such as your local police department or the Federal Bureau of Investigation (FBI) (Field Office or Electronic Tip Form)—and, for cybercrime, to the Internet Crime Complaint Center.  

Learn more about the use of GenAI and financial fraud.

Updated on 12/1/25