Safeguarding your marketing channels: how AI-powered automation is fueling new threats and how to defend against them

Scammers are already using AI-powered automation to manipulate marketing channels. We don't want to hand out a playbook for bad actors, but it's important to recognize the growing number of scams that have been enhanced by AI and automation tools. Most scams are still about money, either directly or by collecting personal data that can be used to access financial information. If there is no money, there is typically little motive.

In a space like eCommerce, for example, we've seen scammers clone legitimate websites to trick customers into handing over their payment information. These spoof sites look identical to the real thing. 

The proliferation of low-code, no-code, and, more recently, vibe coding tools reduces the time and technical skills required to launch a site. A scammer could theoretically spin up a robust, fully functioning fake storefront in an afternoon and start harvesting credit card numbers the same day.

In business verticals that require customer service, such as financial services, we are also seeing AI used to make outbound scams more convincing. Voice cloning, combined with scripts generated by large language models (LLMs), makes it easy to spoof sales calls or customer service outreach. It's getting harder for even savvy professionals to tell the difference between a real rep and a fake one, especially when the voices could be indistinguishable.

How companies can defend themselves against these attacks

The unfortunate reality is that you can't count on big platforms to protect you. They are the tools by which the scams are perpetrated, but are often black boxes when it comes to customer service. 

We've reported hundreds of AI-generated articles that misrepresent our brand to bury real content in search results, a practice that Google calls 'scaled content abuse.' They claim to take the issue seriously in their help docs, but they're slow to act and nearly impossible to get in touch with.

As a result, you have to take the defense into your own hands. Here are a few recommendations on how to best do so:

1. Start with monitoring
   You can’t fight what you can’t see, so you must build or buy a system that monitors your brand in real time. That includes looking for fake versions of your website, impersonating social profiles, fake reviews, copyright infringement, and unusual search results. Tools like Red Points are a good place to start, but even basic Google Alerts and social listening tools can be helpful.
2. Have a response plan
   Once you’ve spotted an attack, you need a repeatable process to respond. That might mean submitting takedown requests to hosting providers, social platforms, or registrars. If you can quickly pull down the tools behind a scam, you can make it harder for the attacker to succeed.
3. Educate your customers
   Let your customers know how you communicate as a business by reminding them of which specific domains you use for email or the social handles tied to your business, noting that they should look for your verified accounts (i.e., those with blue check marks). Providing clarity helps your audience spot fakes. If someone gets an email from a lookalike address and knows that’s not your style, that might be all it takes to stop a scam from progressing.

The lessons learned from facing these attacks firsthand

1. Automated threats can feel relentless
   Sometimes, the scale of a single attack can be overwhelming and confusing. We’ve seen hundreds of fake pages, listings, and articles surface within weeks, all in an attempt to lure a few customers. Fighting back and protecting yourself against scams is an ongoing battle. 
2. Internal capabilities matter
   We used to rely on external vendors to clean up these issues, but that meant slow response times and a lack of accountability. When attacks increased in size and scale, we brought skills in-house, which made us faster and better at recognizing early warning signs.
3. Transparency builds trust
   Customers understand that attacks happen, but they don’t necessarily understand the reason behind the silence during problems. Let your customers know what’s going on and what you’re doing about it, even during turbulent moments.

Things companies should avoid doing

Attacks can feel personal, especially when they're targeting your brand and customers. But knee-jerk reactions -- like sending legal threats to everyone who reposts a fake article or ignoring the issue entirely -- can make things worse. 

Also, don’t assume this is a one-and-done deal. As AI continues to lower the cost of deploying a scam, we can expect to see an increase in activity. If something works once, you’ll likely see it again. 

A final take away

There's no perfect solution. Attackers adapt just as quickly as technology evolves. If you're proactive -- monitoring, educating, and building your defenses over time -- you can protect your brand and your customers. But if you want to eliminate the threat completely, you may need to reset your expectations. 

The more time and money you spend building internal muscles, the more quickly you can respond to attacks. Developing internal expertise can also expedite your work with trusted outside partners, since speaking the same language can be extremely beneficial.

Image credit: Napong Rattanaraktiya/Dreamstime.com

Kris Woods is chief technology officer (CTO) of Phoenix Energy.