5-Minute Phishing: How AI is Revolutionizing Scams and Morphing Attacks

In this episode of the Fraudology podcast, Karisse Hendrick is joined by Matt Vega, Chief Fraud Strategist at Sardine, to explore how artificial intelligence has fundamentally altered the threat landscape for financial institutions and online retailers.

First, Matt reveals the alarming ease with which AI can now be used to orchestrate phishing campaigns. Using advanced tools like Vercel’s v0, Matt demonstrates how he can clone a legitimate website—complete with branding, functional images, and login flows—in less than five minutes. He explains how attackers use these replicas to execute sophisticated "man-in-the-middle" attacks, tricking victims into handing over two-factor authentication (2FA) codes to gain fully authenticated access to accounts.

Later in the episode, Matt and Karisse dive into the rise of "polymorphic" AI attacks. These autonomous agents are capable of adapting their behavior in real-time to bypass bot detection and security thresholds as soon as they are implemented. Matt also discusses "dust trailing," a tactic where fraudsters spread large volumes of small transactions across hundreds of platforms to make traditional human investigation cost-prohibitive.

In this episode, we discuss:

1. The 5-Minute Phish: How AI models use simple screenshots and prompts to create pixel-perfect clones of banks and government agencies.
2. Polymorphic Attacks: The emergence of autonomous AI agents that instantly adapt to security controls, making traditional bot mitigation obsolete.
3. The Power of Basics: Why "low-tech" solutions like card-to-name matching and behavioral biometrics remain the most effective tools against high-tech fraud.
4. Threat Intelligence: Best practices for proactive defense, including beacon technology, "hidden watermarks," and strategic domain acquisition.
5. Upcoming Events: Details on meeting Matt and the Sardine team at the upcoming MRC conference in Las Vegas.