VibeScams: How AI-Generated Phishing Websites Are Fooling Millions

In the rapidly evolving landscape of cybercrime, a new threat has emerged that is changing how we think about online security. Welcome to the era of VibeScams—sophisticated phishing operations that succeed not through complex coding, but by simply looking and feeling right.

What Are VibeScams?

The term “VibeScams” was coined by cybersecurity researchers at Gen (the company behind Norton and Avast) to describe a disturbing new trend: AI-generated phishing websites that pass what security experts call the “vibe check.” These are not the clumsy phishing attempts of the past, filled with broken English and obvious design flaws. Instead, they are pixel‑perfect replicas of trusted brands that fool users at first glance with the right colours, spacing, logo placement, and even the familiar footer links people have learned to trust.

The danger lies in their authenticity. These sites capture the subtle visual cues that signal legitimacy—the kind of polish that once required professional web developers and graphic designers. Today, thanks to AI-powered website builders, creating a convincing fake Coinbase login page or Amazon storefront can take minutes rather than hours, and can be done without technical expertise.

The Technology Behind the Threat

AI-driven web-building platforms have dramatically lowered the barrier to creating professional-looking websites. Tools such as Lovable, Webflow, Elementor, and others were designed to help legitimate users build sites without coding knowledge. Unfortunately, this same accessibility can be abused by cybercriminals.

The process is shockingly simple. A scammer can:

• Upload a screenshot of a legitimate website
• Ask the AI to recreate it
• Deploy a fully functional phishing site within minutes
• Translate it accurately into multiple languages for global targeting

Some platforms can recreate entire websites—from homepage to checkout—based on little more than a screenshot and a few text prompts. The attacker does not need to understand HTML, CSS, or JavaScript; the AI handles the technical work.

By the Numbers: A Growing Crisis

The scale of this threat is staggering. Since January 2025, Gen’s cybersecurity team has reported:

• Blocking approximately 140,000 AI-generated scam websites
• Identifying an average of 580 new malicious AI-generated sites every day
• Protecting nearly 190,000 users worldwide from these threats

The geographic spread is global, with the United States, France, Brazil, Germany, and Japan among the most heavily targeted countries. This is not a localized issue—it is a worldwide epidemic.

What Are Scammers Targeting?

Analysis of detected VibeScam sites reveals clear patterns in what cybercriminals impersonate:

• Nearly 50% are traditional phishing pages mimicking familiar login portals such as Microsoft Office 365, Gmail, and Amazon. These sites harvest credentials when unsuspecting users attempt to sign in.
• About 25% target the cryptocurrency sector by impersonating popular exchanges like Coinbase, Binance, and MetaMask, or by promoting fraudulent investment opportunities. The combination of high value and technical complexity makes crypto an especially attractive target.
• The remaining quarter includes tech support scams, fake delivery notifications from services like DHL, and various other fraudulent schemes.

The Typosquatting Trick

VibeScams frequently rely on typosquatting—registering domain names that closely resemble legitimate ones but contain subtle misspellings. Examples include:

• app-trrezor-wallet (Trezor with three “r”s)
• coiinbase-com-wallet (Coinbase with two “i”s)
• connect-metamesk-wallet (MetaMask with a “k”)

At a quick glance, especially on mobile devices, these differences are easy to miss. When combined with professional design generated by AI tools, the deception becomes remarkably effective.

The Economics of VibeScams

One of the most concerning aspects of VibeScams is their extremely low cost barrier. Many AI web-building platforms offer:

• Free tiers with basic functionality
• Paid subscriptions range from approximately $0.50 to $500 per month
• Lifetime deals for as little as $249
• Credit-based pricing models that allow easy scaling

Researchers testing these platforms reported creating convincing replicas of TikTok, Coinbase, and Binance login pages using only free versions of AI web builders. The sites were generated by having AI write the prompts, then simply copy‑pasting them into the platforms—no customization or manual coding required.

This low barrier to entry means even relatively unsophisticated criminals can launch highly convincing phishing campaigns. The era in which believable fake websites required significant technical skill is over.

How VibeScams Work in Practice

A typical VibeScam follows a predictable but effective pattern:

1. Initial Contact: The victim receives a text message, email, or social media message about a fake delivery, payment issue, or account problem.
2. The Redirect: Clicking the link leads to a professional-looking website that closely resembles the brand’s real site.
3. The Hook: The site prompts the victim to enter sensitive information such as login credentials, credit card details, or personal data.
4. The Theft: The information is immediately captured and transmitted to the scammers.
5. The Aftermath: Victims often remain unaware until unauthorized transactions occur or accounts are taken over.

These sites frequently use valid SSL certificates (the padlock icon), convincing URLs, and flawless visual design—removing many of the warning signs users once relied on.

Why Traditional Defences Are Struggling

VibeScams create unique challenges for cybersecurity professionals:

• Speed of Evolution: With hundreds of new malicious sites appearing daily, blocking them becomes a continuous game of whack‑a‑mole.
• Low Cost of Relaunch: When a phishing site is taken down, scammers can deploy a replacement within minutes, often at no cost.
• Visual Perfection: Traditional detection methods that relied on poor grammar or sloppy design are far less effective against AI-generated sites.
• Guardrail Limitations: While AI platforms employ safeguards to prevent abuse, these controls are often inconsistent and can be bypassed.

What This Means for Organizations

For businesses and institutions, defending against VibeScams requires more than brand recognition. Effective protection includes proactive domain monitoring, rapid takedown partnerships, user education focused on URL verification, and layered security controls. Assuming users will spot a fake site based on appearance alone is no longer realistic.

Protecting Yourself in the Age of VibeScams

Given the sophistication of these attacks, protection depends on vigilance and smart digital habits:

• Verify URLs Carefully: Check spelling and structure before entering sensitive information.
• Use Official Apps and Bookmarks: Avoid clicking links in emails or text messages.
• Enable Multi-Factor Authentication (MFA): MFA can prevent account takeovers even if passwords are stolen.
• Be Skeptical of Urgency: Scammers rely on panic and time pressure to bypass critical thinking.
• Use Password Managers: These tools only auto-fill credentials on legitimate domains.
• Deploy Reputable Security Software: Modern solutions can block known phishing domains before pages load.
• Trust Your Instincts: If something feels off—even if the site looks perfect—pause and verify through official channels.

The Industry Response

Many AI web-building platforms have acted quickly when abuse is reported. Companies including Lovable, Elementor, Flazio, Softr, Webflow, and WebWave have demonstrated fast response times by removing malicious sites and cooperating with researchers. However, the cat-and-mouse dynamic persists as scammers migrate to new platforms or create fresh accounts.

The cybersecurity community continues to share intelligence. Gen maintains a public GitHub repository of known VibeScam domains, enabling other organizations to improve detection and response.

Looking Ahead: The Future of VibeScams

As AI technology advances, VibeScams are likely to become even more sophisticated. Possible developments include:

• Highly interactive fake sites are indistinguishable from legitimate ones
• AI-powered chatbots that convincingly answer victim questions
• Real-time adaptation based on user behaviour
• Integration with deepfake technology for identity or video verification scams

The same innovations that benefit legitimate users will continue to expand criminal capabilities.

Conclusion

VibeScams represent a troubling evolution in cybercrime—one in which artificial intelligence tools designed to help users are increasingly abused to deceive them. The ability to create convincing phishing websites in minutes, without significant technical skill or cost, has fundamentally changed the economics of online fraud.

With roughly 140,000 malicious AI-generated sites blocked in eight months and hundreds more appearing daily, VibeScams are not a passing trend. Defending against them requires both advanced security technologies and a mindset shift toward constant verification.

In this new era, passing the “vibe check” is no longer enough. We must question what looks perfect, verify before we trust, and remember that the most dangerous phishing sites are the ones that appear flawless. The scams of yesterday were easy to spot. The VibeScams of today—and tomorrow—will look absolutely real. That is precisely what makes them so dangerous.