From evolution to mutation, digital fraud has transformed by leveraging generative AI and deepfake technologies for deep-sea phishing…

Traditional phishing attacks, once identifiable by their clumsy grammar and generic appeals, are evolving into something far more sophisticated and dangerously convincing.

We are entering the era of deep-sea phishing, a new frontier of digital deception where generative AI and deepfakes create a level of realism that can fool even the most discerning eye and ear.

This advanced threat goes beyond simple email scams, deploying hyper-personalized, multi-channel attacks that exploit our most fundamental sense of trust. The digital landscape is shifting beneath our feet, and digital fraud takes on a new dimension.

Thriving on VUCA in the AI era
“Fraud thrives in uncertainty, and today’s mix of economic volatility, rapid digitalization, and AI acceleration has created the perfect storm,” he added. “Every channel, from social media to video conferencing, can now be weaponized.”

According to KPMG’s Global Banking Scam Survey 2025, 91% of banks rate real-time transaction pausing or blocking as effective. “But how long can this customer impediment to fast money last?” Holmes asked rhetorically.

Additionally, 79% cite access to centralized mule-account data across institutions as key to detection, which needs industry collaboration. “Astoundingly, only 15% say they are currently leveraging advanced analytics and machine learning at scale – a widening gap in AI capability compared to the nimbleness of the threat actors working against them.”

Effective fraud management
Holmes proffered a path ahead for managing fraud more effectively: “Effective fraud prevention today, then, is even more about prediction than it has ever been. No longer can reaction be accepted. Advanced analytics and AI now make real-time scoring of transactions along with synchronous decision response to act upon these insights, and detect anomalies as they emerge.” 

The path forward, he said, lies in predictive intelligence, mapping behavior, linking networks, and as a final stage, identifying mule networks before the money moves.

What next? “The next frontier is collaboration built on shared insight,” he continued. “As organizations connect data across departments and industries, intelligence will transform into foresight. In this new era, data itself becomes defense, the unifying frontline against fraud’s relentless evolution.”

Practical steps to take today

1. Adopt a “zero-trust” mindset: Be inherently skeptical of unsolicited messages. Don’t click links or open attachments from unknown senders.
2. Verify through alternate channels: If an email from your “boss” or “bank” asks for something unusual, call them on a known, official number to confirm.
3. Use strong, unique passwords and a password manager: This prevents one breached account from compromising others.
4. Enable multi-factor authentication (MFA): This is the single most effective way to protect accounts, even if a password is stolen.
5. Keep software updated: This includes OS, browser, and all applications to patch security vulnerabilities.
6. Security awareness training: Regularly train and test employees with simulated phishing attacks. Make cybersecurity part of the company culture.
7. Network segmentation: Limit the damage if an attacker gains a foothold by ensuring they can’t easily access critical systems.
8. Endpoint detection and response (EDR): Use tools that can detect and respond to malicious activity on devices after a phishing link is clicked.
9. Threat intelligence: Subscribe to services that provide information on new phishing campaigns and tactics, often sourced from the dark web.