518-373-4111
While the emergence of AI over the past several years has provided businesses with tools to streamline operations and save valuable time, AI has also given scammers new ways to commit fraud. Our cybersecurity partner, OrbitalFire, offers an in-depth look at AI scams and deepfakes that pose a risk to businesses, as well as strategies to mitigate these threats.
Fraudsters have upgraded. What used to be opportunistic phishing is morphing into something much more disconcerting: AI-powered scams and deepfakes that impersonate voices, faces, and entire identities. The level of sophistication continues to increase at a breakneck pace. Small organizations often assume those threats are reserved for big enterprises. They aren’t. These attacks pose a significant risk to smaller organizations.
What Are Deepfakes and AI Scams?
Deepfakes are synthetic or manipulated audio, video, or images created using generative AI. They can convincingly mimic someone’s voice or face. AI scams, more broadly, utilize automated tools to scale fraud, whether it involves fake websites, chatbots, or voice clones.
How Has AI Enabled “Smart” Fraud?
AI tools make it possible for attackers to:
- Generate emails that read like they’re from your boss or a client.
- Create deepfake videos or audio that mimic the voices of executives.
- Launch hyper-personalized scams at scale, targeting dozens of employees at once.
What used to be a clumsy scam is quickly becoming convincing.
How Do AI Scams Target Small Businesses?
AI is evolving rapidly, and smaller organizations must continue to think critically about the data presented to AI applications and work to ensure their entire team does the same. Examples of how cyber criminals are using AI to target small businesses are:
- “CEO voice” scams trick staff into transferring money or sharing sensitive data.
- Deepfake invoices appear legitimate, complete with forged voices confirming payment requests.
- AI-powered phishing messages blend in so well that they may bypass traditional filters.
For example, the major engineering firm Arup lost $25 million after attackers used a deepfake video impersonating a senior manager to authorize fund transfers. (credit: Financial Times)
For smaller businesses, where staff often juggle multiple roles and lack formal approval processes, these scams are particularly dangerous.
How is AI and Fraud Co-Evolving?
Generative AI doesn’t just empower fraud; it also creates a moving target:
- Criminals utilize prompt injection and AI-based tools to refine phishing messages, minimize errors, and circumvent filters.
- Deepfake attacks are blending into other types of fraud, such as identity theft and spoofing. One survey found deepfake fraud is as common now as traditional fraud techniques.
Fraud tools are evolving fast. Your defenses need to keep up.
What is Prompt Injection?
Prompt injection is a type of cyberattack that targets artificial intelligence (AI) systems, especially those that rely on large language models. Instead of hacking software code directly, attackers manipulate the instructions (or “prompts”) given to the AI so it behaves in unintended ways.
Small businesses are rapidly adopting AI tools, including chatbots for customer service, AI-powered email filters, and even bookkeeping and scheduling apps. Prompt injection turns those helpful tools into risks.
- A malicious actor could trick your chatbot into leaking private customer data.
- An attacker could manipulate your AI-driven invoice processor into approving fake payments.
- They could use compromised AI tools to spread misinformation in your name.
- You don’t need a PhD in AI to defend against this. The key is knowing the risk exists, choosing vendors who actively protect against it, and building simple checks and balances into how you use AI.
Takeaway: If your business uses AI tools, prompt injection isn’t an abstract threat. It’s a practical risk worth factoring into your cybersecurity strategy.
What Are Practical Steps Small Businesses Can Take Against AI Scams and Fraud?
Here are the steps OrbitalFire recommends that you take:
1. Cultivate skepticism for high-stakes requests
If someone calls, emails, or video-chats asking for money or data, especially unexpectedly, verify through a separate channel (in person, on a known number).
2. Set policies about verification
Require two-factor validation for money transfers or sensitive decisions. You can enforce “red flags” even without heavy tech.
3. Train your people on deepfake awareness
Show examples. Teach employees what unusual behavior or context mismatch might look like. Humans are still vital filters.
4. Limit exposure from vendors and partners
If someone requests that you change wiring instructions via a video call or email, treat it as suspicious. Confirm through a known source.
5. Have a response playbook for suspected deepfake fraud
Know who to call: OrbitalFire, your bank, and your legal counsel. Have documentation ready to move quickly.
Deepfakes and AI scams can amplify your vulnerabilities because they exploit trust, speed, and low scrutiny. But you have options. Understanding how these scams work, training your team, putting in verification controls, and having a response plan give you a fighting chance.
OrbitalFire works with smaller businesses to assess their current cybersecurity strategies and understand their business missions, helping them create a Culture of Security that can help fight evolving threats. Learn How Today.
GTM’s Cybersecurity Practices
Security is integral to our operations. It’s at the core of what we do with multiple layers of protection embedded into our products, processes, and infrastructure.
Our state-of-the-art security measures are designed to safeguard your data from unauthorized access and cyber threats. We employ a robust combination of physical, administrative, and technical controls, including advanced encryption technologies, continuous network monitoring, and strict access controls, ensuring your data is protected around the clock.
GTM undergoes annual security assessments conducted by the New York State Department of Financial Services and adheres to the National Institute of Standards and Technology (NIST) cybersecurity standards. GTM also submits to several third-party audits, including SOC 1 audits, Nacha audits, and financial statement audits.
Cyber and Data Breach Liability Insurance
As an additional method of security, cyber and data breach liability insurance is available in case of a cyberattack or data breach. A cyber liability and data breach insurance policy can help if your business’s computers are infected with a virus that exposes private or sensitive information, your business is sued for losing customers’ sensitive data, or your business incurs public relations costs to protect its reputation after a data breach.
If you are interested in cyber and data breach insurance, the GTM Insurance Agency can discuss your options with you. Contact them for a free quote or more information.
