AI-generated fraud is now aimed at small businesses, and the defense is procedural, not technical
Voice cloning, deepfake video calls, and convincing fake-supplier emails have moved fraud from a spray-and-pray nuisance to a targeted threat a small business without an IT or finance team is squarely exposed to. The defenses that work are not tools. They are two habits: verify any payment or bank-detail change by calling a number you already had, and require a second person to approve money movements.
Holding·reviewed14 Jun 2026·next+42dBottom line. AI has made voice cloning, deepfake video calls and fake-supplier emails good enough to fool a careful person, and the small business without a finance or IT team is the one most exposed, because the same person receives the request and approves the payment. The defense is not a product. It is two habits: verify any payment or bank-detail change by calling a number you already had, and require a second person to release money.
The reason this is a small-business problem and not just a consumer one is structural. In a large company, a fraudulent payment instruction has to pass a finance function, an approval chain, and controls. In a five-person business, it lands on the owner, who reads it, believes it, and pays it, all in one step. AI removes the tells that used to expose the request.
The threat, in plain terms
The US Small Business Administration ran a June 2026 session for small businesses on putting AI to work without getting burned, covering voice cloning and deepfake video calls used for wire-transfer fraud. That is the small-business shape of a much larger trend. The US Federal Trade Commission reported consumers lost more than $12.5 billion to fraud in 2024, a 25% increase year on year, with imposter scams the most commonly reported category at $2.95 billion in losses. The FTC’s consumer-protection chief framed the trajectory:
“The data we’re releasing today shows that scammers’ tactics are constantly evolving. The FTC is monitoring those trends closely and working hard to protect the American people from fraud.” — Christopher Mufarrige, Director, FTC Bureau of Consumer Protection
The global picture is larger. Google’s June 2026 fraud advisory, written by its VP of Trust and Safety Laurie Richardson and citing the NASDAQ Global Financial Crime Report, put total global fraud losses at nearly $580 billion for 2025 and noted roughly one in five adults fall victim to scams. These figures are consumer-wide, but the techniques driving them, cloned voices and faces and personalised lures, apply to a business inbox without modification.
What AI changed
What used to protect a small business was friction in the attack. Mass phishing was easy to spot: generic greeting, broken grammar, an obviously wrong address. A voice on the phone was hard to fake. A video call was proof of identity. AI removed each of those tells. A lure can now be written specifically to you, in your supplier’s tone. A voice can be cloned from a few seconds of public audio. A video call can show a face that is not there. The attack got personal and cheap at the same time, which is what moves it from nuisance to threat.
| Attack | How AI makes it worse | The procedural defense |
|---|---|---|
| Fake-supplier / invoice fraud | Spoofs a known vendor’s tone and asks to change bank details | Call back on a number you already had; never the one in the request |
| Owner or executive impersonation | Clones a voice or stages a deepfake video call to order a wire | Out-of-band confirmation plus a shared code word for money requests |
| Personalised phishing | Writes a flawless, specific lure instead of a mass email | Treat any link or attachment asking for action as unverified until checked |
Why the defense is procedural
The instinct is to buy a tool that detects deepfakes. That is the wrong layer for a small business, because the detection arms race is not one an owner-operator can win or maintain, and the failure mode is a single believable request on a busy day. A procedure does not depend on spotting the fake. It assumes the fake is good and removes the single point of approval anyway.
Two procedures cover most of the exposure. The first is out-of-band verification: any request to change payment details, or to move money urgently, gets confirmed on a channel you already trusted before the request arrived, a phone number from your own records, not one supplied in the message. AI can fake the request; it cannot answer a callback to a number it does not control. The second is dual-control: any payment or bank-detail change above a threshold you set requires a second person to approve, or at minimum a deliberate second step with a built-in delay if you genuinely work alone. Urgency is the attacker’s main tool, and a mandatory pause defeats it.
The operator move
Write the two rules down and tell anyone who can touch money what they are. State that the business will never change a payment based on a single email, call, or video, no matter who it appears to come from, and that a callback on a known number is always required first. That sentence, made a standing policy, neutralises the entire category, and it costs nothing but the discipline to follow it on the day a convincing request arrives.
Spotted an error? See corrections policy →
AI security for small teams →
Practical agent security without an IT department — non-human identity, shadow-AI audits, kill-switches, and tool-memory hygiene for small teams. 9 other pieces in this pillar.