← All Resources

Published · Cybersecurity · Threat Awareness

How AI is powering a new wave of scams

Artificial intelligence has made scams faster, cheaper, and far more convincing. In its 2025 Internet Crime Report, the FBI tracked AI-related fraud for the first time as its own category: more than 22,000 complaints and over $893 million in reported losses. For a small business, the three biggest risks are AI-written business email compromise, voice cloning, and deepfake video. Here is how each one works and how to defend against it.

How criminals are using AI

AI does not create entirely new scams so much as it removes the limits on old ones. The grammar mistakes and awkward phrasing that used to give a phishing email away are gone. A criminal can now generate thousands of personalized messages, or a convincing clone of someone's voice, in minutes. The FBI highlights four uses that matter most.

AI-written business email compromise

Chat generators can instantly produce official-sounding emails that mimic a CEO, a vendor, or a finance manager, complete with the right tone and details. These messages ask staff to wire funds or change banking information, and AI voice cloning is increasingly used to follow up with a phone call that sounds like the boss. In 2025, businesses reported more than $30 million in losses to AI-assisted business email compromise. For the full picture on this scam, see our guide on business email compromise.

Voice cloning and distress scams

With only a few seconds of audio, often scraped from social media, criminals can clone a person's voice. The classic version is the "distress" or grandparent scam, where a victim gets a call that sounds exactly like a loved one in trouble and begging for money. Victims reported more than $5 million in losses to voice-clone distress scams in 2025, and the same technique is now used to impersonate executives and colleagues.

Deepfake video on calls and interviews

AI can place a synthetic face on a live video call. Scammers use deepfake video and the cloned voices of celebrities, CEOs, and trusted figures to sell fraudulent investments and to impersonate real people on conference calls. The same technology shows up in fake job interviews used to gain access to company networks. Watch for audio that does not quite match lip movement, and actions like coughing or sneezing that do not line up with the video.

AI-enhanced investment scams

Investment fraud was the single largest source of losses in 2025 at more than $8 billion, and AI is making it worse. Scammers use AI to generate thousands of believable conversations and to produce fake celebrity and executive endorsements. Losses in investment complaints with a reported AI element topped $632 million, and the FBI notes that many more victims simply never realized AI was involved.

How to protect your business from AI-powered scams

The reassuring part is that the defenses have not changed as much as the attacks have. AI makes a lie more convincing, but it does not change the underlying ask, which is almost always money or access. Verifying that ask is what defeats the scam.

Step 1

Verify money and identity requests on a second channel

This is the single most effective defense against every scam on this page. No matter how real an email, call, or video looks, confirm any request to move money or change account details using a different, trusted channel.

  • Call back on a number you already have on file, not one provided in the message.
  • Treat any change to banking or payment details as a red flag until you have confirmed it in person or by phone.
  • Do not rely on the channel the request arrived on to verify it.

Step 2

Agree a code word for urgent or distress requests

Because voices and faces can now be faked, a shared secret is a simple and powerful check.

  • Set a family code word for emergencies, so a "loved one in distress" call can be verified instantly.
  • Set a separate verification phrase or process at work for any urgent payment or wire request.
  • Keep these phrases off social media and out of email.

Step 3

Be skeptical of voice and video alone

Seeing or hearing someone is no longer proof of who they are.

  • Watch for tell-tale glitches on video: audio out of sync with lip movement, odd lighting, or unnatural movements.
  • Ask an unexpected question on a suspicious call. A real person can answer; a script or clone often cannot.
  • Hang up and call back if a call creates pressure to act immediately.

Step 4

Turn on MFA and layer AI-aware email security

Strong technical controls stop many AI-assisted attacks before they reach a person.

  • Enable multi-factor authentication on email, banking, and all critical accounts.
  • Add email security that uses AI and threat intelligence to detect impersonation and business email compromise that standard filtering misses.
  • Keep staff trained on what current AI scams look like, since the techniques evolve quickly.

Step 5

Slow down: urgency is the tell

Nearly every scam depends on pressure to act before you think.

  • Treat urgency and secrecy as warning signs, not reasons to move faster.
  • Give staff explicit permission to pause and verify, even when a request appears to come from the top.
  • Make reporting easy and blame-free so a near miss becomes a lesson, not a cover-up.

Common questions

Can you tell if a voice or video is an AI deepfake?

Sometimes, but not reliably, and the technology is improving fast. On video, look for audio that does not match lip movement, unnatural lighting or blinking, and movements that seem slightly off. On a call, ask an unexpected personal question or one that requires real-time thought. The safest approach is not to depend on spotting the fake at all, but to verify the request through a separate trusted channel.

Is voice cloning really that easy for criminals?

Yes. Modern tools can produce a convincing clone from only a few seconds of recorded audio, which is often available on social media, voicemail greetings, or public videos. That is why a shared code word for urgent or distress situations is such an effective, low-tech defense.

How is AI changing business email compromise?

AI removes the old warning signs. Impersonation emails are now grammatically perfect and well-matched in tone, can be produced in large volumes, and are increasingly paired with a cloned voice on a follow-up call. The defense is unchanged: verify any payment or banking-change request on a second channel before acting.

What is the single best protection for a small business?

A firm rule that every request to move money or change payment details is verified by a phone call to a known number before anything happens. Combine that with multi-factor authentication and AI-aware email security, and you defeat the large majority of AI-powered scams.

Worried your team could fall for an AI-powered scam?

Veldtech layers AI-powered email security on top of Microsoft 365 to catch impersonation and business email compromise, and we help your team build the verification habits that stop voice-clone and deepfake fraud. We work with small businesses in Sacramento, Citrus Heights, and across Northern California.

Contact Veldtech