VibeScams: AI-built fake websites that feel real

Research on VibeScams conducted by cyberthreat experts at Gen, the company behind Norton, highlights how prominent this new phishing threat is becoming. In an analysis of 40 AI web builders — tools that let casual users easily create fully functional websites using artificial intelligence — 12 were identified as hosting a high volume of malicious websites.

Between January and the end of August 2025, Gen’s Cyber Safety products, including Norton 360, blocked approximately 140,000 different AI-generated scam sites, amounting to an average of around 580 new scam websites per day.

What are VibeScams?

VibeScams are malicious fake websites designed to mimic the look and feel of legitimate ones. “Vibe coded” in minutes using AI, their true purpose is often phishing: they aim to trick users into revealing sensitive information — like login credentials or payment details — or downloading malware. Another common use case for cybercriminals is cryptocurrency scams.

Entering sensitive data into a VibeScam website may result in account compromise, malware infection, financial loss, data theft, or, in extreme cases, identity theft.

VibeScam sites focus on replicating visual cues people instinctively trust, like brand colors, logos, layout, navigation menus, login forms, and even privacy policies, creating an overall trustworthy vibe. The goal is to create a page that feels familiar enough that users assume it’s legitimate and enter sensitive information.

Because AI tools can reproduce these details quickly and convincingly, scammers can launch large numbers of believable phishing pages with very little effort.

How VibeScams work

Vibe scams typically start with AI website-building tools that generate pages from a simple prompt or screenshot. A scammer might ask the tool to recreate a login page for a bank, email provider, crypto exchange, or online retailer. Basic designs are often free to generate; AI builders typically offer functional elements like login forms or payment portals as paid features.

Once generated, the fake site is published — potentially on a typosquatted domain featuring a URL that’s almost the same as that of a legitimate organization. For example, the scammer might use netfllix[dot]com instead of Netflix’s real URL. Scammers then drive traffic to the fake site using phishing via various channels, like emails, text messages, social media posts, malicious ads, or links in forums.

When an unsuspecting user lands on the page, they may be asked to sign in, enter payment details, connect a digital wallet, invest in crypto, or call a support number. The design looks legitimate, but the information entered goes directly to the attacker.

The low technical barrier for cybercriminals makes VibeScamming highly scalable. Gone are the days when you needed to be a gifted black-hat hacker to commit cybercrimes. Now, inexperienced profiteers with little technical or design expertise can produce realistic phishing websites that look legitimate.

VibeScam examples

VibeScams may be spoofed websites impersonating well-known brands, generic fake e-shops offering too-good-to-be-true prices, fake cryptocurrency exchange platforms, or anything else that strikes scammers’ imagination. Here are some common VibeScams:

• Login pages that imitate online banking portals, social media platforms, or companies like Microsoft, Google, or Amazon to steal account credentials.
• Delivery or account alerts directing users to a page asking them to confirm personal or payment details.
• E-shops offering suspiciously low prices on popular items and brands.
• Cryptocurrency or investment platforms that mimic legitimate exchanges or wallets to trick users into connecting their accounts or transferring funds.
• Pop-ups or fake tech support websites warning that a device is infected and urging users to call a scam number.

Below, you can browse some real examples of VibeScams encountered by Gen threat researchers “in the wild” during their research.

Threat researchers also discovered VibeScam websites impersonating MetaMask, DHL, and AT&T, among others.

Just how easy is it to launch a VibeScam?

The process is very simple. To test just how easy these malicious websites are to create, Gen threat researchers used several AI web builders to generate their own VibeScams. They relied on free versions of the tools and used AI-generated prompts, which were simply copied and pasted into the builders. In most cases, no additional adjustments were needed.

The results were realistic-looking phishing and scam pages mimicking well-known brands, created with minimal effort and no coding knowledge. You can see examples of the experimental VibeScamming websites our threat researchers created below.

These test sites were limited to design only — additional functionality, such as credential harvesting, would have required paid features or further development outside the platform (for example, using AI to generate code to create a working fake “login page”).

How to protect against malicious websites

If you suspect you’ve landed on a VibeScam website, the safest approach is to pause, verify the source, and avoid interacting further until you’re confident the website is legitimate. Here’s what we recommend:

• Question steep discounts: Be cautious of unusually large sales or deals that seem too good to be true, especially if everything on the site appears discounted.
• Distrust urgent language: Be wary of messaging that pressures you to act quickly or creates a sense of urgency.
• Inspect URLs: Double-check for misspellings, extra words, or strange domain structures.
• Navigate to trusted sites directly: Access official websites by typing in the URL instead of clicking links in suspicious emails, texts, or ads.
• Protect your accounts: Use unique, strong passwords and enable multi-factor authentication across accounts. Store passwords in a password manager.
• Use scam protection software: Install AI-powered Cyber Safety tools with scam protection capabilities to help assess the security of links and pages, while protecting your devices from malware. Norton 360 Deluxe provides AI-driven protection from phishing websites.

What to do if you fell for a VibeScam

If you think you’ve interacted with a fake website, acting quickly can help limit the fallout. Focus on securing your accounts, protecting your finances, and monitoring for any unusual activity.

• Update your passwords: If you entered login details on a fake site, change them immediately for any affected accounts, especially where the same password was reused.
• Enable 2FA or MFA: Turn on two-factor or multi-factor authentication wherever available. That way, even if a cybercriminal knows your password, they won’t be able to access your account without a special code sent to you via email, SMS, or authentication app.
• Notify financial institutions: If you accidentally revealed your payment card details to scammers, immediately warn your bank or credit card issuer so they can freeze your cards and potentially reverse unauthorized transactions.
• Watch for suspicious activity: Monitor accounts for any unusual activity like unauthorized financial transactions, password reset notifications, email or phone number changes, or new linked devices.
• Scan your device: Use a trusted antivirus to scan your device for malware, as clicking on links in a VibeScam website may have triggered a malware download.
• Report the incident: Report fake websites to Google Safe Browsing, the FTC, and the Internet Crime Complaint Center to help protect others from falling for the same scams. If possible, identify the AI website builder or hosting provider used to create the site and report it there as well.