The latest evolution in cyber-enabled fraud techniques is a significant cause for concern, particularly for small and medium-sized businesses (SMBs). 

Fraudsters are supercharging existing schemes using artificial intelligence (AI), making fraud harder to detect and prevent. From sophisticated social engineering campaigns to deepfakes and AI-enabled password cracking, a new generation of AI-powered fraud has officially arrived.

These new, AI-powered fraud attacks have in common the ability for attackers to compromise targets in less time. As David Stender, Executive Vice President, Chief Information Security Officer at BankUnited, explains, “AI allows attackers to collect information and narrow it down to what they need to compromise a target in microseconds, where that may have taken months of research in the past.” Now, with the ability to execute more successful attacks on more businesses, the cost of cybercrime is only expected to grow—to about $9.5 trillion by the end of 2024. 

As AI-driven fraud becomes increasingly prevalent, small businesses must take steps to avoid these attacks. Here, we provide some background and best practices, so your business can protect itself today and in the future.  

The numbers don’t lie: fraudsters are using AI to augment fraud schemes. Today, 42.5% of fraud attempts use AI, and 29% of these attacks are successful. However, AI hasn’t changed the game; it’s made old strategies much more dangerous. 

In the past, fraudsters relied on manual processes to execute schemes—scouring through endless amounts of data, conducting days' worth of research, and launching attacks based on their findings. With AI, fraudsters can gather and analyze vast amounts of information in the blink of an eye to create more frequent, targeted, and profitable attacks than ever.

“Fraud is all about analysis,” says Stender, “the more data you have, the better you can analyze it, the better your fraudulent attack will be. And all that information can be used to develop several different types of attacks.”

Preventing AI-enabled cyber fraud may seem intimidating, but with the proper precautions, protecting your business is possible. The first step is educating yourself about new tactics. 

The playing field is far from the level of the ongoing battle between businesses and cybercriminals. One of the biggest reasons is the powerful capabilities AI brings to the table for those on the wrong side of the law. 

“The fraudsters do have a slight advantage,” Stender notes, “because they can take advantage of the full capability without restraints or constraints.” While businesses are just beginning to tap into the potential of AI, fraudsters are already using it to devastating effects, leveraging both predictive AI and generative AI to launch sophisticated attacks. 

Here are some of the most concerning AI-powered fraud attacks cybercriminals are launching today:

As AI continues to evolve, the gap between what cybercriminals can do and what businesses can defend against is only widening. “You’ll find that in the cybersecurity and fraud world,” Stender says, “hope is an actual strategy.” 

Small businesses may seem like easy targets for AI-driven fraud, but they have unique advantages to help them fight back. 

One of the biggest strengths lies in close-knit leadership teams. When everyone knows each other well, it’s easier to spot inconsistencies. Even if your business operates in unconventional ways, trust your instincts. If you receive an email that seems a bit off, take a moment to step back and analyze it. If something doesn’t feel right, pick up the phone and call the person directly. And remember, face-to-face conversations are always better than video calls, which can be manipulated too. 

“It’s sort of the old school way of looking at things,” Stender says, “but in the modern world, we really need to get back to those personal connections and take a few extra steps.”

This tight-knit approach works well for small and medium-sized businesses, especially those operating in close quarters. However, it’s not as effective for geographically dispersed or entirely online companies. In those cases, staying vigilant is key. Be on the lookout for urgent messages asking for money or credentials, as these are classic signs of phishing or social engineering attacks. 

Implementing Multi-Factor Authentication (MFA) is another critical step. By requiring multiple verification forms, you make it much harder for cybercriminals to gain unauthorized access to your accounts and systems. If you encounter deepfake content involving you or someone you know, report it to the hosting platform. And if you ever suspect that your business has been targeted, don’t hesitate to submit a cyber complaint to the FBI’s Internet Crime Complaint Center. 

Beyond the technical defenses, personal connections and procedural due diligence can be your best allies. Always verify wire transfer instructions, be cautious when using free email accounts, and regularly change your passwords. Train your employees to detect this new generation of attacks by teaching them how to authenticate the source and content of communications. Show them what to look for, like audio or video quality inconsistencies, mismatched lip-syncing, unnatural facial movements, or uncharacteristic behavior in messages. 

Encourage your team to use secure communication methods for sensitive conversations, like Signal or Proton texting. Document your processes thoroughly and ensure everyone follows them to the letter. Give your employees the tools and authority to verify message authenticity and make it clear that management supports this verification process.

Businesses considering adopting AI should also be cautious. “Any business that wants to get into the use of AI to support their business needs to be very prudent,” Stender says, “make sure that those guard rails are in place.” And if AI tools are out of reach for your business, consider working with experts who can help you stay protected. 

Finally, partnering with a trusted bank is one of the best ways to protect your business. Ensure you have the right call-back procedures in place and that the bank covers all known numbers and emails. Building a relationship with a small business manager who knows your business well can also provide extra protection. Regularly checking in with your bank to review account activity and using any fraud detection tools they offer can give you peace of mind. 

At BankUnited, we take fraud risk management seriously, understanding that protecting your business is crucial to building a long-term relationship with our customers. We commit to continuously improving our fraud prevention strategies to ensure that your company remains secure. Contact us today if you’re ready to take fraud prevention to the next level.