AI Is a Gift to Cyber Scammers and Nation-State Hackers This Holiday Season

This holiday season, the Grinch is using a computer to steal Christmas. The Department of Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released its annual consumer advisory warning on December 15, urging people to stay cyber-aware during the busy shopping season. Utilizing artificial intelligence (AI), these scams are becoming more effective. American consumers should learn to recognize potential scams and know who to contact if they are targeted or fall victim.

Cybercrime Is Expanding, and AI Is Making It Worse

“Scammers are exploiting digital platforms and emerging technology in increasingly sophisticated ways,” Deputy Assistant Treasury Secretary Cory Wilson warned. The FBI’s Internet Crime Complaint Center (IC3) reported $16.6 billion in total losses in 2024 from internet-enabled crime — a 33 percent increase over the previous year. The most common scam during the holiday season involves impersonating a legitimate business and tricking consumers with social media ads. A November 2025 AARP survey revealed that 39 percent of consumers filed fraud claims after purchasing something seen on a social-media ad (up from 35 percent in 2024). The other most common types of scams during the holidays involve setting up fake charitable websites and stealing gift cards.

Treasury’s advisory notes that what has changed is scammers’ growing use of AI and cryptocurrencies “to make scams more convincing, scalable, and difficult to trace.” Criminals are using AI-generated voice cloning to mimic family members to request emergency funds. AI-generated emails, ads, and deepfakes help scammers make their fraud more effective and believable. 

AI Is Not Just for Cybercriminals

While scammers are making quick money, nation-state threat actors are also exploiting AI to amplify their cyberattack capabilities. AI firm Anthropic revealed that Chinese hackers tricked Claude into assisting with and automating cyber operations against major U.S. companies and critical infrastructure. Over the summer, Ukraine’s national cybersecurity agency warned that Russia was using AI to direct some of its cyberattacks. OpenAI and Microsoft have similarly warned that nation states are using AI to automate hacking tasks, from generating code to orchestrating entire campaigns.

Awareness and Law Enforcement Can Clean Up the Online Ecosystem

As Treasury’s advisory notes, cyber fraud “is not merely a seasonal nuisance,” it is a daily threat that does not take a vacation. The advisory contains advice on how to avoid falling victim to scams, but most Americans are not visiting Treasury’s website. The U.S. government needs its public awareness campaigns to reach members of the public where they already are — including on the social media platforms where they are seeing fraudulent ads. The public service announcements should remind consumers how to spot a scam and how to contact their banks, the Federal Trade Commission, and the FBI’s Internet Crime Complaint Center if they are the victim of fraud.

Additionally, the U.S. government needs to increase law enforcement resources to tackle cybercrime. That means more funding for the FBI’s cyber investigative capabilities and the Secret Service’s Cyber Fraud Division. These same agencies are critical members of the National Cyber Investigative Joint Task Force responsible for investigations into all cyber threats. With additional resources, law enforcement should step up efforts to bring individuals to justice and dismantle the global ecosystem of scammers, hackers, and money launderers that allows cybercrime to flourish.

Annie Fixler is the director of the Center on Cyber and Technology Innovation(CCTI) at the Foundation for Defense of Democracies (FDD) and an FDD senior fellow. Branson Chi is a CCTI intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow FDD on X @FDDand @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.