Skip to main content
Become a Member
Become a Member

Social engineering fraud using generative Artificial Intelligence

March 13, 2025

Lance Kelly

Share

A middle-aged man with grey hair and long scruffy beard, sitting at a table, holding a smartphone in one hand and a cup in the other in a kitchen, with natural light coming through the window behind him.

At Meridian Credit Union, we’re committed to helping each Member live their best life. Part of that involves keeping you informed about fraud risks and scams while providing you with access to support if you are ever victimized.

In today's digital age, social engineering fraud has become a prevalent threat that leverages psychological manipulation to deceive and coerce individuals into sharing confidential information. With the advent of Generative Artificial Intelligence (“GenAI”), the tactics used in social engineering fraud have evolved, making it even more critical for you to understand and protect yourself against these sophisticated attacks.

What is social engineering?

Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Fraudsters may pose as trusted individuals or authorities to trick victims to conduct an action. This could be to reveal sensitive data, download malicious software, or conduct a fraudulent transaction, etc. These scams can lead to severe consequences for victims that could include identity theft, financial loss, and/or unauthorized access to the victims’ accounts.

The role of GenAI in social engineering fraud

GenAI can be used to create content that mimics human language and behaviour, and it poses significant risks when used maliciously. Fraudsters can use it to craft highly convincing phishing emails, fake social media profiles, and even deepfake videos. These AI-generated attacks are often more sophisticated and harder to detect, increasing the likelihood of success.

Steps you can take to protect yourself

  • Be skeptical of unsolicited communications: Always verify the identity of the sender before responding to emails, messages, or phone calls. Look for signs of phishing, such as generic greetings, spelling errors, and suspicious links.
  • Educate yourself and others: Stay informed about the latest social engineering tactics through such resources as the Canadian Anti-Fraud Centre, and share this knowledge with friends, family, and colleagues. Awareness is a crucial defence against these attacks.
  • Always use unique and strong passwords for each of your accounts and change passwords frequently: Scammers often re-use passwords and login information they’ve obtained from previous attacks. Unique passwords that are updated regularly can help protect you.
  • Enable Two-Step Authentication (“2FA”) and/or One Time Passcodes (“OTP”): 2FA and OTP add an extra layer of security by requiring multiple forms of verification before granting access to your accounts. These measures make it more challenging for attackers to gain unauthorized access.
  • Never share your OTP with anyone under any circumstances: Sharing an OTP can enable unauthorized access to your account. Meridian employees will never ask for your OTP.
  • Regularly update software and systems: Keep your operating systems, applications, and antivirus software up to date. Regular updates often include the addition of new security patches that protect against known vulnerabilities.
  • Be cautious with personal information: Limit personal information you share online. Fraudsters can use details from social media profiles and other online sources to craft more convincing social engineering attacks.
  • Never provide information to individuals you are unable to authenticate on a call. If a caller claims to be from a financial institution, hang up and call back via an official phone number, such as the number on the back of your debit or credit card. Never use a phone number without verifying it independently. One way to do this is to access an official website (e.g. MeridianCU.ca)
  • Use a generic voicemail greeting: Voicemail greetings may be used by fraudsters to attempt to clone your voice using GenAI. Using a generic greeting can help protect your identity.
  • Never provide remote access to your computer unless you engaged the vendor first through their official site, application, or phone number.
  • Never click suspicious links or attachments, even if the sender seems legitimate.

If you encounter a scam, or believe you have been the victim of fraud, Meridian recommends that you:

  1. Report the incident to your local police department immediately.
  2. Talk to our Fraud Team at 1-866-592-2226.
  3. Report the incident to the Canadian Anti-Fraud Centre.

Learn more about protecting yourself

Double up on security with Two-Step Authentication

How to create a strong password

Tagged:

Common Sense

Meridian Credit Union communications are intended for informational purposes only and do not constitute financial advice or an opinion on any issue. We would be pleased to provide additional details or advice about specific situations if desired.

For permission to republish this content, please contact Meridian at media@meridiancu.ca.

©️ 2025 Meridian Credit Union

Lance Kelly

Fraud Analyst, Meridian

With a background in fraud prevention, investigation, and risk management, Lance has built a career across various industries, including financial services and credit bureaus. His knowledge and experience in these fields has enabled him to research and write helpful content.