Microsoft’s Tools Against the Rise of AI-Powered Scams

The democratisation of AI has created a parallel arms race between cybersecurity defenders and fraudsters, with both sides now deploying increasingly sophisticated AI systems to outmanoeuvre each other.

While enterprises have invested in AI to strengthen security, criminals have simultaneously repurposed both commercial and open-source AI tools to circumvent these defences and automate fraud at unprecedented scale.

This means that the technical barriers used to create convincing scams have collapsed, as the tasks that once required teams of specialists with coding expertise can now be executed by individuals with minimal technical knowledge using AI-assisted tools – creating a proliferation of threats that traditional security approaches struggle to contain.

Microsoft has documented a surge in AI-enhanced cyber scams where perpetrators leverage Gen AI to create deceptive content at scale, yet it has also reportedly blocked US$4bn in fraud attempts in the last year.

AI tools lower technical barriers for cybercriminals

According to data released in the ninth edition of Microsoft's Cyber Signals report, the company rejected 49,000 fraudulent partnership enrolments and blocked approximately 1.6 million bot signup attempts per hour during the 12-month period.

These statistics show how AI software – ranging from legitimate applications repurposed for malicious activities to specialised fraud tools available in cybercriminal forums – enables attackers to generate convincing content for social engineering at unprecedented speed and reduced cost.

These tools scan and scrape the web for company information, helping build detailed profiles of employees or targets to create highly convincing lures.

Fraudsters now deploy deepfakes, voice cloning, phishing emails and authentic-looking websites to appear legitimate at a wider scale.

Microsoft's Anti-Fraud Team identified that a substantial portion of AI-powered fraud originates from China and Europe, with Germany representing a particular hotspot due to its position as one of the largest e-commerce markets in the European Union.

“Cybercrime is a trillion-dollar problem, and it's been going up every year for the past 30 years. I think we have an opportunity today to adopt AI faster so we can detect and close the gap of exposure quickly,” says Kelly Bissell, Corporate Vice President of Anti-Fraud and Product Abuse within Microsoft Security.

Microsoft’s enhanced tools to protect from cyber attacks

In response to these threats, Microsoft has deployed defensive technologies across its product portfolio.

Microsoft Defender
Microsoft Defender for Cloud, a security service that provides threat protection for Azure resources, now includes vulnerability assessments and threat detection capabilities for virtual machines, container registries and endpoints.

Microsoft Edge
The company has also enhanced Microsoft Edge, its web browser, with website typo protection and domain impersonation protection using deep learning algorithms to prevent users from visiting fraudulent websites.

Edge now features a machine learning-based Scareware Blocker designed to identify and block deceptive pop-ups claiming computer compromise.

“Now we have AI that can make a difference at scale and help us build security and fraud protections into our products much faster,” says Kelly.

Quick Assist and Remote Help tools
Tech support scams continue to represent a significant threat vector even without AI involvement.

In mid-April 2024, Microsoft Threat Intelligence observed a financially motivated cybercriminal group known as Storm-1811 abusing Windows Quick Assist by posing as IT support.

These attacks employed voice phishing (vishing) – where attackers place calls pretending to be from legitimate organisations – rather than AI technologies to convince victims to grant remote access to their devices.

For enterprises facing tech support fraud threats, Microsoft has implemented new safety features in its Quick Assist and Remote Help tools, which allow remote connections to Windows or macOS devices.

The company blocks an average of 4,415 suspicious Quick Assist connection attempts daily, representing approximately 5.46% of global connection attempts.

Microsoft's Digital Fingerprinting
Microsoft's Digital Fingerprinting capability also drives these safeguards by collecting signals to detect fraudulent activity.

If risk indicators suggest a potential scam, Quick Assist sessions terminate automatically.

This technology leverages AI and machine learning to provide fraud and risk signals. Microsoft has implemented warning messages in Quick Assist that alert users about potential scams before they grant access.

Windows users must now explicitly acknowledge security risks by clicking a checkbox before authorising remote access.

Microsoft's Secure Future Initiative (SFI)
In January 2025, Microsoft introduced a new fraud prevention policy as part of its Secure Future Initiative (SFI), requiring all product teams to perform fraud prevention assessments and implement fraud controls during the design process.

The company has developed domain impersonation protection using deep-learning technology at the domain creation stage to help protect against fraudulent e-commerce websites and fake job listings.

Microsoft Edge has incorporated website typo protection, and the company has developed AI-powered fake job detection systems for LinkedIn, its professional networking platform.

Global collaboration forms essential part of anti-fraud strategy

Microsoft collaborates externally to combat fraud.

Microsoft's Digital Crimes Unit partners with private and public sector organisations to disrupt the infrastructure used by cybercriminals and this has resulted in hundreds of arrests related to tech support fraud worldwide.

The company has also joined the Global Anti-Scam Alliance (GASA), an organisation bringing together governments, law enforcement, consumer protection groups, financial authorities, social media companies and cybersecurity firms to share knowledge and coordinate actions against scammers.

“If I protect Microsoft, that's good, but it's not sufficient. In the same way, if Apple does their thing and Google does their thing, but if we're not working together, we've all missed the bigger opportunity.

“We must share cybercrime information with each other and educate the public. If we can have a three-pronged approach of tech companies building security and fraud protection into their products, public awareness and sharing cybercrime and fraudster information with law enforcement, I think we can make a big difference,” says Kelly.

Explore the latest edition of AI Magazine and be part of the conversation at our global conference series, Tech & AI LIVE. 

Discover all our upcoming events and secure your tickets today.

Also sign up to our free weekly newsletter for the latest insights and stories straight into your inbox.

AI Magazine is a BizClik brand