AI-generated scams

Upgrade to High-Speed Internet for only ₱1499/month!

Enjoy up to 100 Mbps fiber broadband, perfect for browsing, streaming, and gaming.

Visit Suniway.ph to learn

Check Point Software Technologies, an Israeli cybersecurity company with operations in over 60 countries, recently exposed an AI-generated reality scam wherein victims are led on to believe that they are part of a “real”  online investment and trading group that eventually lures the gullible participants to share their personal and financial data, and invest in an AI-generated platform and community, eventually leading to losses in their perceived “real” investments and trade portfolios.

According to Check Point experts Nir Horovitz and Yediya Vachnish, a new class of financial fraud is emerging. It does not rely on malware or crude phishing pages, but instead builds a fully synthetic, AI-powered reality around the victim. In the OPCOPRO “Truman Show Scam,” attackers combine AI-generated personas, fabricated investment communities, WebView-based mobile apps in official app stores, and staged media presence to create the illusion of a legitimate institutional trading program. Victims don’t just receive a scam message — they’re drawn into a scripted world where every expert, peer, chart, contract and “win” is fake.

The movie, ‘The Truman Show’ — which starred comedian Jim Carrey, was about a man who lived his whole life in a fake environment that was being watched by millions of TV viewers.

According to Check Point, “The Truman Show Scam,” as they call it, marks a turning point wherein fraud is evolving from isolated scams into scalable AI-driven systems that industrialize trust-building and identity theft.

The scam victims are first contacted via SMS, messaging apps, or ads, often impersonating respected financial institutions and promoting extraordinary returns. The goal is simple: move the target into a private WhatsApp or Telegram group where skepticism can be controlled.

Inside these groups, AI-generated “experts” and fabricated members simulate an active trading environment, with fluent, native-language interactions and professional-sounding market commentary. There are also staged daily profits and fake partnerships and compliance claims, complete with AI-generated profile photos.

However, according to Check Point, there is no dissent, no debate and constant positive reinforcement — creating emotional trust and social proof. Once trust is established, victims are directed to install the official OPCOPRO app from legitimate app stores.

The app, however, Check Point warned, contains no real trading logic and is simply a WebView shell that displays server-generated fake balances and trades.

Victims are convinced of the authenticity of the platform and  then complete KYC-style identity verification and deposit funds via bank transfer or crypto, handing over both money and high-value identity data.

After the personal and financial data is acquired and the actual funds are transmitted, Check Point said, the victims lose their deposited funds, copies of government ID and biometric photos, control of their digital identity, and will likely be subject to ongoing exposure to re-targeting and coercion.

According to Check Point, the scam succeeds because everything feels institutional and familiar — contracts, dashboards, analysts, community and documentation — even though none of it is real.

Thus, Check Point explained, AI doesn’t replace the scam — it amplifies it through scalable multilingual conversations, consistent personas without human labor, automated emotional manipulation and rapid deployment across regions and brands.

Furthermore, Check Point said, the scam shifts fraud from opportunistic crime to repeatable systems — industrialized social engineering that lowers cost and increases believability.

Although current-generation AI still leaves detectable artifacts (like unnatural phrasing or template repetition), those signals will fade as models improve, Check Point said. As such, C-Suite executives — particularly chief information security officers or CISOs of big enterprises must ensure that their company and personnel are not unwittingly exposed or drawn to such AI-generated reality scams.

While the scam targets individuals, its real impact extends into the enterprise, Check Point added, citing the possibility of identity harvesting  that enables account takeover – which is stolen ID + selfie = strong pretext for SIM swaps and help desk resets – potentially bypassing multi-factor authentication or MFA.

Victims under financial or emotional pressure become exploitable, it was pointed out. Likewise, mobile devices become the weakest link, as a benign-looking app installed via official stores may evade corporate risk controls while driving high-risk behavior.

Attackers, Check Point said,  could convincingly impersonate executives — with “proof,”  and that  is how a “personal scam” becomes a corporate breach.

Traditional detection, which is  scanning for malicious code, the cybersecurity firm explained,  is no longer enough. Defenders must correlate  the app infrastructure, domain ecosystems, social engineering patterns and  AI-generated narrative signals.

Key protective actions include:

For individuals, their advice is to treat unsolicited investment outreach as unsafe. There should also be more verification of companies from official regulators and not merely through chat links.

More importantly, Check Point stressed that there should be more care in giving out personal data – never upload ID documents to unknown platforms and treat crypto wallet deposits as irreversible.

For enterprises, elevated scrutiny must be applied to WebView financial apps, and track domain clustering tied to app ecosystems. Companies must also be ready to flag funnels that move users from chat – app – KYC – deposit. And  lastly, create internal support pathways for scam exposure and identity risk.

The OPCOPRO operation, Check Point said,  shows where cyber fraud is headed: Apps that look legitimate, communities that feel real, content that reads professional, trust manufactured at scale using AI and everything the victim sees supports a single narrative — and none of it exists outside the scam.

In conclusion, Check Point reiterated, “This isn’t just a phishing scam — it’s a fully constructed digital reality, powered by AI, engineered to manipulate trust over time. As generative technology advances, the line between legitimate digital business and synthetic fraud will continue to blur. Defenders who rely only on traditional indicators will be left fighting yesterday’s threats. The lesson is clear: we are entering an era where trust itself can be automated — and so must our defenses.”