When a customer has a problem with a product or service, they might start by calling a phone number, using a helpdesk portal, or visiting a brand’s official website. But just as often they go where they already are, posting messages on Instagram, TikTok, X, Facebook, or Reddit.
By posting a public complaint and tagging the brand or support handle, they expect speed and a human response.
Cybercriminals understand that expectation just as well as brands do.
As social platforms become customer service channels, impersonation is becoming a customer experience problem, and a security threat.
The same channels brands use to deliver convenient customer experiences are increasingly being exploited by fraudsters impersonating customer support teams, executives and trusted brands. What begins as a customer service interaction can quickly become a sophisticated social engineering attack, with victims persuaded to hand over sensitive information.
Fake support accounts, spoofed brand profiles, cloned executives, lookalike handles, AI-written scam replies and fraudulent “customer care” pages are exploiting the moment when customers are particularly vulnerable—when they are frustrated, seeking help and inclined to trust whoever appears to be solving their problem.
Fraud Starts Long Before Payment
A white paper on authorized push payment (APP) fraud by the Payments Association in the U.K. illustrates the shift in the attack surface, as 66 percent of reported APP fraud cases in the first half of 2025 began on online platforms, including social media and messaging services, while 17 percent originated via telecoms channels.
The report argues that fraud frequently begins well before a payment is initiated, often through interactions on social media, messaging apps or online marketplaces. By the time a scammer requests payment details or credentials, victims often believe they are communicating with a legitimate organization.
The Payments Association notes that reimbursement rules and banking controls only address the final stage of the fraud lifecycle. The initial compromise typically occurs elsewhere, placing greater responsibility on digital platforms, social networks and organizations whose brands are being impersonated.
AI Is Accelerating Impersonation
Impersonation scams are not new, but GenAI has fundamentally changed their speed, scale, and realism.
Vyntra’s 2026 Anatomy of Modern Banking Fraud report describes today’s environment as one of “industrialized AI,” where fraudsters combine automation, hyper-personalization, and real-time monetization to operate at unprecedented scale. Global scam losses reached an estimated $442BN over the past year, while 70 percent of adults experienced at least one scam attempt and almost one in four lost money.
The report also indicates that AI has reduced the time criminals need to produce convincing phishing campaigns from more than 16 hours to less than five minutes, enabling them to generate highly personalized messages, cloned identities, deepfake videos and spoofed communications that they can proliferate widely.
This creates a significant challenge for customer experience teams, as cybercriminals no longer rely on poorly written messages or obviously fake accounts. They can reproduce a brand’s tone of voice, customer service language, visual identity and even the communication style of individual executives with a high level of accuracy.
“Our daily digital habits are no longer as safe as we expected them to be,” Darius Belejevas, CEO of Incogni, told CX Today.
“We see data breaches occurring at an alarming rate and with significant impact, which understandably makes respondents feel that their personal data is almost inevitably going to be exposed at some point. If a user’s data is breached elsewhere, scammers can easily triangulate it with what that person shares on social media and use it to spearhead more convincing AI-powered attacks.”
Belejevas pointed to US Federal Trade Commission data showing that losses from social media scams have increased sharply since 2020, with consumers reporting $2.1BN in losses during 2025 alone. “Social media has become a honey pot for scammers,” Belejevas said.
Customer Trust Is the Newest Attack Surface
The Payments Association concludes that APP fraud can no longer be viewed solely as a banking problem because the customer journey typically begins elsewhere.
The same observation applies to customer experience. Every public customer complaint represents an opportunity for either a genuine service recovery or a fraudster posing as the brand.
Organizations should view privacy as a strategic trust issue rather than simply a regulatory obligation, Belejevas said. “Users have every right to be concerned about how their data is handled by Big Tech and by the brands they interact with online.”
“The fact that more than half of respondents say privacy or security risks could push them to delete their social media accounts should be a clear warning: Privacy has moved beyond compliance. It is now central to the trust users place in platforms, brands and the AI-powered experiences they are asked to engage with.”
As organizations expand customer service across social and messaging platforms, delivering fast responses is only part of the challenge.
Protecting customers from convincing impersonation has become equally important. In an era of AI-generated identities, cloned brand voices and increasingly sophisticated social engineering, customer trust has become one of the most valuable—and vulnerable—assets a business possesses.
Recent attacks demonstrate how convincing these impersonation campaigns have become.
Last week, NatWest warned customers after AI-generated images falsely portrayed CEO Paul Thwaite participating in what appeared to be a BBC interview promoting fraudulent investments. The manipulated content circulated widely on X before being removed.
“We’re working closely with social media platforms to remove these false images,” a NatWest spokesperson told CityAM. “They are another reminder of criminal activity designed to defraud people—especially the vulnerable—and we encourage members of the public to stay vigilant and report any suspicious activity.”
Although the campaign centered on investment fraud rather than customer support, it illustrates the broader challenge as customers increasingly assume that content featuring familiar branding, recognized executives or professional production values is authentic. AI significantly lowers the effort required for criminals to create that appearance.
The same techniques are increasingly appearing in customer service environments, where fake support accounts monitor public complaints before responding with offers to help. Victims are encouraged to continue conversations through direct messages, where identity verification becomes much harder.
The challenge extends beyond criminals adopting AI. Belejevas argued that technology platforms themselves are introducing new questions about how user data is collected and reused for AI-powered experiences. “AI certainly plays a big role in the social media equation, especially in the daily challenge of users sifting through what is real and what is AI-generated.”
“We all see how social media platforms too quickly embrace AI, posing a direct risk to users’ data. Big Tech often favors opt-in-by-default models, which cannot really translate as consent, paving the way for the next wave of AI-personalized tools that will treat public data as available by default.”
Belejevas pointed to Instagram’s new Muse Image feature, which automatically enrolls public accounts into AI image remixing unless users actively opt out from a setting buried in profile sub-menus. “Users have the right to be worried about how their data is handled by Big Tech and should be able to opt out.”
The result is a growing trust challenge for organizations that increasingly rely on these platforms to deliver customer service.
Customers are simultaneously being asked to engage with AI-powered brand experiences while becoming less certain whether the person, or even the organization, they are interacting with is genuine.
Recent research conducted by Incogni found that more than half of consumers could abandon social media platforms if they believe their personal information is not adequately protected.
“The fact that more than half of respondents say privacy or security risks could push them to delete their social media accounts should be a clear warning: Privacy has moved beyond compliance. It is now central to the trust users place in platforms, brands, and the AI-powered experiences they are asked to engage with.”
Social Media Customer Care Is Becoming a Security Function
Historically, social media teams focused on response times, customer satisfaction and protecting brand reputation. But now they are increasingly responsible for identifying fraudulent interactions before customers suffer financial harm. That requires much closer collaboration between customer service, cybersecurity, fraud operations, legal teams, communications and digital brand protection specialists.
Rather than treating impersonation reports as isolated social media incidents, organizations need workflows that connect social listening platforms, CRM systems, fraud investigations and customer case management. The challenge is that many customer service platforms were designed to resolve legitimate enquiries, not detect coordinated impersonation campaigns. CRM systems increasingly need to capture suspected impersonation attempts alongside traditional customer service interactions.
Reports of fake social accounts, suspicious direct messages, cloned websites, phishing links and impersonated customer service agents should become searchable signals within customer records rather than isolated incidents handled by separate teams. Doing so enables organizations to identify emerging campaigns earlier, warn potentially affected customers and coordinate responses.
In effect, CRM becomes part of the organization’s fraud intelligence capability.
What Buyers Should Ask Vendors
As social engagement becomes increasingly intertwined with fraud prevention, customer experience leaders should broaden how they evaluate technology suppliers.
Questions worth asking include:
- Can the platform identify suspicious or duplicate brand accounts across major social networks?
- How are impersonation reports captured within CRM and linked to customer records?
- Can customer service agents escalate suspected scams directly into fraud investigation workflows?
- Does the platform integrate with digital risk protection and brand monitoring tools?
- How quickly can suspected impersonation campaigns be shared across customer service, security, legal, and communications teams?
- Can AI help distinguish genuine customer conversations from coordinated impersonation attempts?
These capabilities are becoming as important as traditional social care metrics such as response times or channel coverage.