EU watchdogs team up to arm consumers against AI-powered crypto scams

What the ESAs released today and why it matters now

Three European supervisory authorities — the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority — published two joint factsheets today aimed at consumers. One covers online fraud more broadly and the other focuses on scams that touch crypto. The papers combine plain-language tips with concrete examples and a short checklist for people who might be targeted.

This matters because scammers are using more advanced tools, including artificial intelligence, to create believable lies: deepfake voices and videos, automated ‘social’ accounts, fake websites and tailored messages that look official. At the same time, crypto products and platforms are still unfamiliar to many users, which makes them prime targets. By issuing joint guidance, the ESAs are signalling a coordinated push to protect consumers and to push firms to tighten controls.

Practical tips the factsheets give consumers

Both factsheets stick to plain steps people can use. They break guidance into three stages: how to spot a scam, how to prevent becoming a victim, and what to do if you’ve already been targeted. The documents include short, consumer-facing checklists and screenshots showing common tricks — for example, fake login pages that mimic real platforms and phoney confirmation emails that pressure you to act now.

Key detection tips include verifying the sender or caller, checking web addresses carefully, watching for spelling errors or odd phrasing, and being sceptical of urgent requests that demand payment in crypto. For AI-driven threats, the ESAs warn that voices or videos can be synthetic and recommend cross-checking with a known contact method rather than replying directly to the message.

On prevention, the papers reiterate familiar but still useful measures: use strong, unique passwords; enable two-factor authentication; avoid reusing recovery phrases or keys; and only use wallets and exchanges you can independently verify. They also explain how to report scams to national authorities and to the platform where the scam appeared, giving examples of the information to include when you report.

How changing scam tactics affect everyday users and crypto holders

Scammers are getting better at sounding, writing and looking genuine. AI lets them clone voices, generate images and craft personalised lures at scale. For everyday users, that raises the bar for simple trust signals — a phone call from a friend may be an AI imitation; an urgent message from a ‘platform’ may be fake.

For retail crypto users, that means scams increasingly ask for moves that bypass normal protections: transferring coins to a different wallet, entering private keys into a website, or installing software that gives attackers control. The factsheets expect users to become more cautious: people will pause before clicking, demand extra verification, and rely more on official channels. In the short term, victims will still appear, but the guidance should help reduce the easiest, most common scams.

Why this matters to investors, crypto platforms and compliance teams

The joint guidance is a hint at what supervisors will focus on next. Exchanges, custodians and wallet providers face a higher bar for consumer-facing security and clearer expectations on reporting suspicious activity. That can raise costs for compliance, force product changes, and increase the value of strong security practices and transparent user education.

For investors, this is a mixed signal. Firms with good controls and clear customer protections may become more valuable relative to sloppy competitors, because reputational damage from widely publicised scams can hit customer numbers and revenue. At the same time, smaller or newer crypto platforms could face higher operational costs as they implement the suggested checks and reporting processes.

Supervisors named in the factsheets have mandates to follow up, so expect more targeted inspections and, eventually, enforcement or more formal rules tied to these recommendations.

Steps you can take right now to prevent or respond to a scam

Start with verification: if anyone asks you to move money or reveal keys, confirm the request using a phone number or account you know is real, not one supplied in the message. Check web addresses by typing them yourself, not by clicking links. Use two-factor authentication and a hardware wallet for holdings you can’t afford to lose.

If you’re asked to send crypto, pause. Crypto transactions are typically irreversible. If you suspect a scam, collect screenshots, transaction IDs, email headers and any phone numbers, then report to the platform where the scam appeared and to national reporting channels listed by your supervisor. The factsheets describe what details make a useful report — a concise timeline, copies of messages and proof of payments.

Finally, change passwords and recovery phrases if you shared them or clicked suspicious links, and consider freezing or moving remaining assets to a more secure wallet while you investigate.

Where to read the full factsheets and what to watch next

The ESAs published this guidance as a coordinated consumer-protection step. You can find the full factsheets and the joint press release on the official websites of the three authorities; they include examples, templates for reporting, and national contact points. Watch for follow-up actions: supervisors often use these consumer guides as the basis for inspections, targeted guidance for firms, or formal rule changes that will affect exchanges and custodians.

For now, the main takeaway is simple: scams are getting smarter, and both consumers and firms must get smarter too. Expect more regulatory attention and clearer standards in the months ahead.

Sources

• eba.europa.eu