AI fraud is on the rise: Defend your business

While technological innovation drives new business opportunities and revenues, it also sharpens tools for fraudsters.

One of the more tech-savvy groups in the business arena is fraudsters looking to steal from your organization. The new weapon in their arsenal: AI. With AI, computers perform tasks that typically require human-like intelligence, such as learning, problem solving and decision making. For business owners, understanding AI’s role in fraud and educating employees to spot scams is crucial to protecting your bottom line.

According to the 2024 Association for Financial Professionals Payments Fraud and Control Survey Report, 80% of organizations experienced attempted or actual payment fraud in 2023. Business Email Compromise (BEC) remains the root cause of payment fraud in most organizations. A classic BEC scheme is "CEO/CFO fraud," where a fraudster sends an email acting as a top company executive. The email directs an employee to initiate a funds transfer to a bank account controlled by the criminal. Not wanting to challenge a superior, the employee complies. BEC has been financially damaging to businesses, and now AI is making BEC and related schemes harder to detect.

What makes BEC work is the fraudster’s ability to impersonate the executive and deceive someone who is authorized to send payments. This is where AI adds to a criminal’s bag of tricks. AI systems can be trained to mimic the style, tone and language patterns of a particular person. This includes generating emails that are designed to sound like a top executive or manager. AI can also enable fraudsters to mimic the voice of an executive on a phone call. One of the first cases of AI-powered voice-mimicking business fraud was reported in 2019. The managing director of a British energy company, believing his boss was on the phone, followed verbal orders to wire more than $240,000 to an account in Hungary. The funds "disappeared," and the director later told The Washington Post that the request seemed strange, but the boss’s voice was so lifelike he felt he had no choice but to comply. In some cases, the phone call with the familiar voice of authority comes on the heels of a BEC email as a way of legitimizing the fraudulent request.

Respond with fraud awareness training

Defending against these threats requires effective fraud awareness training. Forensic Strategic Solutions, a fraud investigation firm, recommends business owners:

Communicate the impact of fraud. Explain to employees how fraud can lead to legal repercussions, loss of reputation and financial loss.

Develop a fraud prevention policy. Outline the roles and responsibilities of employees in preventing and reporting fraud. Highlight the need for employees to authenticate payment requests in multiple ways, such as callbacks to the person making the request.

Provide examples of fraudulent activities. Examples can help employees spot fraud attempts.

Reinforce training through communication. Provide regular updates on the company’s fraud prevention policy, address new fraud risks and encourage the reporting of suspected fraud.

For more information, visit hancockwhitney.com/cybersecurity-for-business.