top of page

The AI Scam Era Has Arrived — Why They’re Harder to Detect Than Ever

A Report by CYS Global Remit FinTech Development Unit 

 

Payment fraud has not just grown — it has evolved.  Deepfake voices, AI-generated impersonation, and socially engineered payment redirects are now among the most dangerous threats facing businesses and individuals alike. Here is what Singapore’s new protections do — and what they cannot.


 The phone rings. It sounds exactly like your supplier’s finance director. He urgently needs you to update the bank account for next week’s invoice payment because the old account has been frozen. The voice sounds real. The urgency feels real. The request is not.


 AI-generated voice cloning — which can replicate a person’s voice from just a few seconds of audio — has made business email compromise and voice impersonation scams significantly more convincing and far harder to detect. It is one of several ways payment fraud has fundamentally changed, prompting Singapore’s most significant anti-scam framework update in years.


What Singapore's 2026 Anti-Scam Measures Do

In 2026, MAS introduced a suite of mandatory safeguards for payment service providers. These include 12-hour cooling periods for first-time high-value transfers to new payees, configurable transaction limits, and “kill switch” capabilities that allow customers to immediately freeze outgoing transfers. ScamShield infrastructure has also been expanded, enabling real-time intelligence sharing between banks, telcos, and the Singapore Police Force.


 These measures target the gap scammers exploit most effectively: the short window between a victim authorising a transfer and the funds becoming irrecoverable. Cooling periods and transaction limits do not stop scams from happening — but they create time and friction, giving victims a chance to reconsider or allowing banks’ fraud systems to detect unusual activity before money disappears.


What They Cannot Do

No regulation can fully prevent a customer from voluntarily authorising a transfer to a fraudster. The Monetary Authority’s guidance is clear: safeguards can strengthen the payment infrastructure, but they cannot eliminate the psychological manipulation at the heart of many scams.


The scale of modern impersonation scams is no longer theoretical. In May 2026, a Singapore victim reportedly lost S$4.9 million in a fraudulent “Strait of Hormuz funding assistance” scheme involving scammers impersonating Prime Minister Lawrence Wong and a Cabinet secretary. The case underscored a key reality of today’s fraud landscape: scammers are no longer merely stealing identities — they are manufacturing credibility.


Fraud schemes involving prolonged grooming — such as investment scams, romance scams, or long-running impersonation attempts — are unlikely to be stopped by a 12-hour cooling period on a single transaction.


The Cyber Security Agency of Singapore (CSA) has also warned that AI-assisted phishing is becoming an increasingly serious threat in 2026. Emails, invoices, and even fake websites can now be generated at scale with enough contextual accuracy to bypass standard awareness checks.


CSA’s advice remains consistent: always verify payment instruction changes through a second, independent channel — never through the same email thread or phone call that delivered the request.


The Practical Checklist

For businesses handling regular cross-border payments, the exposure is significantly higher. Supplier account changes, urgency-driven payment requests, and invoice amendments sent close to settlement deadlines remain the three most common entry points for fraud. 

A simple internal rule can dramatically reduce risk: any change to a beneficiary’s bank details must be verified verbally through a known contact number before the update is processed. No exceptions.


For individuals, the most valuable tool in Singapore’s new anti-scam framework may be the kill switch. Know where it is in your banking app before you ever need it. In a scam situation, the seconds you save could make all the difference.

 

Sources 

Singapore Police Force — Annual Scams and Cybercrime Brief 2025 

bottom of page