Smart fraud, smarter defence: how AI is reshaping social engineering and what banks must do now

This article has been published on the BANK.PL magazine on the occasion of Cleafy's participation in the Banking Security Forum in Warsaw.

The hardest fraud to stop is the one where the customer does everything right. This is already the reality of financial crime. European banks are dealing with it now.

AI is often discussed as an evolution in fraud techniques, but that misses the bigger shift.

What is emerging is not better scams, but more structured financial crime operations. AI has reduced the variability in how attacks are created, delivered, and repeated. 

Recent estimates from the SANS Institute suggest that AI is increasing attacker efficiency by up to 47 times.  Even if that number is directionally generous, the effect is visible: more output, less friction, far greater consistency.

Social engineering still sits at the entry point of many of these operations, but it is no longer a standalone tactic. It has become a delivery layer inside broader, increasingly automated fraud operations.

Voice cloning, deepfake content, and AI-generated messages are not isolated innovations; they are components of campaigns that are increasingly stable, repeatable, and continuously and relentlessly executed. That consistency changes what banks can actually see: repeatable patterns of coordinated activity entering digital environments. Social engineering remains central to modern financial crime across Central and Eastern Europe. It’s how trust is initiated and how access is influenced. What matters operationally is what follows.

In many cases, a phishing message, a spoofed call, or manipulated SMS is only the trigger. From there, the activity moves into a broader chain that may include device compromise, credential reuse, session takeover, or guided execution of actions inside digital banking channels. Increasingly, these chains are not linear, but orchestrated: multiple inputs - messaging, voice, automation, sometimes even AI-driven agents - converge into a single operational objective.

What a bank sees is not the full attack but rather the point of fraud execution, the transaction.

The fraud only becomes visible after the money is gone.

Deepfake audio, caller ID spoofing, and AI-generated messages are often treated as separate threat types.  In practice, they operate as part of the same campaign across digital banking touchpoints. At the same time, fraud operations are increasingly blending remote and physical channels. Branch interactions, call centre impersonation, and digital sessions can all be part of the same coordinated effort.

Modern fraud operations are designed to pass traditional fraud checkpoints. By the time a transaction is initiated, earlier stages of the campaign have already occurred across multiple channels and access points.

What matters is not the transaction itself, but the pattern of activity leading into it. The risk only becomes visible when signals are connected across sessions, devices, channels, network, and interactions.

A login from a familiar device. A session that looks ordinary. A sequence of actions that, on their own, don’t justify concern; maybe even nothing unusual at all. These operations are built to pass through normal checkpoints one by one, and they do.

Inside digital banking systems, you don’t see the story; you see pieces of it.

On their own, these signals don’t hold much weight.

A session that looks slightly off. A device that reappears in a different context. A sequence of actions that feels structured but not obviously malicious.

Individually, they don’t justify intervention.

That’s why they pass.

The shift happens when they are no longer evaluated in isolation.

Across sessions, devices, and time, patterns begin to repeat. Activity that looks unrelated at first starts to align. Not perfectly, but enough to suggest coordination rather than coincidence.

That’s the point where detection changes.

Not at the transaction, but before it, when the structure behind it starts to surface.

Across Europe, frameworks like DORA and PSD3 are shifting expectations. It’s no longer just about whether fraud was stopped at the point of payment. It’s about what could have been seen earlier.

Whether signals were there. Whether they were connected. Whether the system had the ability to act before money moved. That changes the standard. Quietly, but significantly. Because after-the-fact detection is no longer enough to explain why something wasn’t prevented.

The response to AI-powered social engineering requires a strategic shift in how banks think about fraud defence. Four priorities stand out.

Extend visibility beyond the transaction. Session-level monitoring, behavioural intelligence, and real-time flow analysis must become core components of the fraud prevention stack, not optional add-ons.

Build cross-channel awareness. Fraudsters operate across voice, SMS, email, and digital banking simultaneously. Detection systems that only see one channel at a time will always be a step behind.

Prepare for the liability shift. With DORA now in force and PSD3 on the horizon, banks should proactively audit their detection and prevention capabilities against emerging regulatory expectations. Demonstrating robust, pre-transaction fraud detection is becoming as important as the detection itself.

Invest in collaboration. AI-powered fraud campaigns target multiple institutions simultaneously. Intelligence sharing between banks, across sectors, and with technology partners accelerates responses and raises the cost of attacks for criminal operations.

AI has not changed the objective of fraudsters. They want money, access, and control. It has changed the consistency with which it can be executed across channels and environments. That consistency produces structure. And structure produces detectability; if the detection model is built to correlate signals rather than evaluate events in isolation.

Banks that continue to rely on transaction-level controls will continue to observe outcomes. Banks that correlate signals across their digital environments will observe operations in progress. That is where intervention is still possible.