AI-generated fraud (voice cloning, deepfake video calls, fake-supplier emails) is now a primary cyber-risk for small businesses without a dedicated finance or IT function, and the effective defenses are procedural, out-of-band callback verification on a number you already had and dual-control on any payment or bank-detail change, rather than technical detection tooling.
Drafted 14 Jun 2026, awaiting Peter's publish-move. Operator-register advisory; the procedural-defense recommendation is editorial synthesis on top of verified macro data and the SBA small-business anchor. Verified: US SBA ran a June 2026 small-business session (3 Jun 2026, MA SBDC Western Region) covering voice cloning and deepfake video calls used for wire-transfer fraud; FTC reported consumers lost $12.5B to fraud in 2024 (+25% YoY), imposter scams the most commonly REPORTED category at $2.95B in losses; Christopher Mufarrige (Director, FTC Bureau of Consumer Protection) quote verbatim. Google's June 2026 fraud advisory (8 Jun 2026, by VP Trust & Safety Laurie Richardson), citing the NASDAQ Global Financial Crime Report, put global fraud losses at ~$580B for 2025 and ~one-in-five adults victimised. PRECISION: imposter scams are most-reported by count, #2 by dollars ($2.95B); the FTC/Google figures are consumer-wide, not SMB-specific, and are presented as context, with the SMB angle anchored on the SBA event (Google's advisory is consumer-facing and does not mention SMBs). AVOIDED: the unverifiable $15.9B FTC-2025 figure and the third-party '1,210% AI fraud growth' stat. Triggers: (1) a primary SMB fraud-loss dataset revises the picture; (2) a technical control materially outperforms the procedural defenses; (3) new FTC/Google data changes the threat profile.
/holding/OPS-104/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when OPS-104's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: AI-generated fraud (voice cloning, deepfake video calls, fake-supplier emails) is now a primary cyber-risk for small businesses without a dedicated finance or IT function, and the effective defenses are procedural, out-of-band callback verification on a number you already had and dual-control on any payment or bank-detail change, rather than technical detection tooling.
About this register
The Operators register tracks claims published from practitioner-advisory pieces addressed to solo founders, micro-SMB, and small businesses up to around fifty people. Claims are reviewed on a 30–45 day cadence — tooling and SMB-relevant pricing shift faster than enterprise procurement signals.
Recent corrections in Operators
- OPS-051 · Partial · 10 Jun 2026
One named member of the generation cluster was already defunct at publication: Tome shut down its presentation/narrative product (Tome Slides) in March 2025 and pivoted to sales tooling, with the brand later sold to AngelList (deckary.com shutdown timeline; signalhub.substack.com post-mortem, both checked 10 Jun 2026). The generation cluster reduces to Pitch + Gamma. The two-cluster thesis itself is unaffected and arguably strengthened — the pure AI-narrative product failed to find a sustainable business while Gamma (70M users, $100M ARR as of Nov 2025) and the assembly cluster (PandaDoc, Better Proposals, Proposify per Luniq 2026 agency comparison) both compound. Status Up → Partial for the factual error in the tool list.
- OPS-022 · Partial · 10 Jun 2026
Vendor attribution error in the claim text. The claim names Polley Faith among 'Spellbook with named small-firm customers Westaway, KMSC Law, Polley Faith'. Polley Faith LLP is a Harvey-listed law-firm customer, not a Spellbook customer: the live Spellbook site (now spellbook.com; spellbook.legal 301-redirects) names Westaway, KMSC Law, and McInnes Cooper with no Polley Faith, and the source article's own body correctly places Polley Faith on Harvey's roster — the claim text and the article excerpt bundled it with the wrong vendor at publish. The remaining legs verify against extracted source text on 10 Jun 2026: Anthropic's GC AI customer story carries 'More than 1,500 companies' and '14 hours saved per week on average ... based on a survey of more than 100 active customers' verbatim; Harvey's published roster (Thompson Hine, Fox Rothschild, Lowenstein Sandler, Polley Faith) matches; ABA Formal Opinion 512 remains the governance baseline. The corpus reading (AI ships at 1-to-20 lawyer scale; privileged work stays on Enterprise-tier zero-retention access) is unaffected. Status Up -> Partial.
- OPS-071 · Partial · 10 Jun 2026
Trigger condition (2) fired: the effective date moved. Governor Polis signed SB 26-189 on 14 May 2026 (Holland & Knight client alert, May 2026; Seyfarth; Littler). The signed law repeals and reenacts the original Colorado AI Act and its obligations take effect 1 Jan 2027 — not 30 Jun 2026 as the claim asserted. No operator obligation starts 30 Jun 2026; the only pre-2027 item is Colorado AG rulemaking due by 1 Jan 2027. The claim's structural reading holds (risk-management programmes and impact assessments dropped for a notice-and-transparency framework; consequential-decision scope covering employment, housing, credit, insurance, education, healthcare; no small-firm exemption). The urgency leg ('obligations from 30 June 2026') is overtaken. Status Up → Partial.
Reviews coming up in Operators
- OPS-030 · Holding · next +11d (27 Jun 2026)
The fastest path for an owner-operator to build practical agentic-AI competence in 2026 is the three-week build-by-ship…
- OPS-029 · Holding · next +11d (27 Jun 2026)
For solo founders and small teams (under ~50 people) building with AI in 2026, the build-vs-buy decision tree has inver…
- OPS-005 · Holding · next +11d (27 Jun 2026)
At sub-1M tokens per month (typical SMB agent volume) in 2026, the absolute dollar gap between Claude Haiku 4.5, GPT-4o…