How well do you remember the front page of your favorite shopping site? How about your bank's website? If you don't have a photographic memory, beware: scammers are now using AI-powered tools to quickly create fake sites that "feel" right, hoping to trick people into handing over money or data.

They're called "VibeScams," and here's what you need to know to protect yourself.

If you've heard of "vibe coding"—the trend where people build apps and websites just by describing what they want to AI tools—VibeScamming is its dangerous twin. The term was coined by cybersecurity firm Guardio Labs earlier this year, and it refers to using AI chatbots and coding tools to create phishing scams, fake login pages, and credential-stealing websites with nothing more than a few typed prompts.

Here's the concerning part: someone with zero technical skills can now create a convincing fake Microsoft login page, complete with credential harvesting, in minutes. No coding required. Just describe what you want to an AI, and it builds it for you.

According to Gen Threat Labs (the research arm of AVG and Norton), VibeScams break down into three main categories: phishing attacks make up 48.6% of cases, crypto scams account for 28.5%, and tech support scams represent 3.7%. In just the first ten months of 2025, AVG alone protected 190,000 users worldwide from VibeScam attacks.

What makes these scams particularly dangerous is their speed and scale. Researchers have documented AI tools creating not just fake websites, but also the text message scripts to lure victims, admin dashboards to track stolen passwords, and even Telegram integrations to alert scammers when someone takes the bait—all from simple prompts.

VibeScams come in several flavors. You might encounter a fake cryptocurrency exchange that looks just like Coinbase—complete with professional charts and trading interfaces—designed to steal your login credentials or trick you into "investing" money that goes straight to scammers.

Or perhaps a fake shopping site offering suspiciously good deals on clothing and electronics. These sites look real enough to fool casual shoppers, collect your credit card information, and either never ship the products or steal your payment details for later fraud.

The common thread? They all aim to recreate the "vibe" of legitimate sites well enough to lower your guard.

Here's some good news buried in all this: the same tools that make scamming easier also create lazy scammers.

The reason these are called "VibeScams" is that criminals only want to recreate the vibe of a legitimate website, rather than produce a perfect 1-to-1 copy. That makes their fakes easier to build—but it also creates opportunities for attentive users to spot the lackluster work.

So keep those eyes sharp and your wits sharper: staying safe online is still possible!

The good news? The same red flags still apply—you just might encounter them more often now.

Before entering any login credentials, look at the actual web address. Phishing sites often use URLs that are similar to the real deal but with subtle typos. A scam page might use something like "microsoft-login-secure.lovable.app" instead of "microsoft.com." When in doubt, navigate to the site directly by typing the address yourself.

Like most phishing scams, VibeScams rely on urgency or too-good-to-be-true offers to lure people into their trap. Always use careful judgment when you see intriguing sales or investment opportunities. If something feels off, it probably is.

If you're ever even remotely suspicious about a site, leave immediately. Revisit it using a trusted link from a reliable search engine or by typing the address directly. This simple step can help you avoid similar fakes.

Use unique passwords for all your accounts—a password manager makes this easy. Enable multi-factor authentication (MFA) wherever possible. And consider using a reputable antivirus program; AVG and similar services have been actively blocking VibeScam sites and can add an extra layer of protection.

AI is transforming how we work and create—but it's also transforming how criminals operate. VibeScamming represents a significant shift in the threat landscape: scams that used to require technical expertise can now be generated by anyone.

The defense? Stay vigilant, trust your instincts when something feels off, and take a few extra seconds to verify before you click.

If this helped you feel a little more confident spotting VibeScams, don’t keep it to yourself. Most of the people we love—parents, neighbors, coworkers, that one friend who clicks every link—are seeing the same kinds of fake pages and have no idea how subtle they’ve become.

Take a moment to share this article with a friend or family member, post it in a group chat, or send it to that person who’s always asking you for tech help. A two-minute read today could be the thing that keeps someone you care about from getting taken tomorrow.

Stay safe out there.

—

The Chapel Hill Insider covers local business, community events, and practical insights for our neighbors. Subscribe at chapelhillinsider.com