While technological innovation continues to drive new business opportunities and revenues, it’s also been sharpening the tools of business fraudsters.
One of the more innovative and tech-savvy groups of people in the business arena are the fraudsters looking to rob your organization. The new weapon in their arsenal? An emerging technology you’ve probably been reading about: artificial intelligence (AI).
With AI, computers perform tasks that typically require human-like intelligence, such as learning, problem solving and decision making. For business owners and financial managers, understanding how AI is helping fraudsters increase the effectiveness of one of their favorite cyber scams — and educating employees so they can spot this scam in its more sophisticated form — is critical to protecting your operation’s bottom line.
BEC continues to flourish
According to the 2023 AFP Payments Fraud and Control Survey Report1, business email compromise (BEC) remains the root cause of payments fraud in most organizations. More than 7 out of 10 organizations experienced attempted or actual BEC fraud in 2022, the report says.
A classic form of BEC is the “CEO/CFO fraud” scheme where a fraudster sends an accounts payable employee an email falsely purporting to be from a top company executive. The email directs the employee to initiate a funds transfer to a bank account controlled by the criminal. Not wanting to challenge a superior, the employee complies.
BEC has been financially damaging to businesses. But now AI is making BEC and related impersonation schemes even more difficult to defend against.
Scam gets a boost from AI
What makes BEC work is the fraudster’s ability to convincingly impersonate the executive and deceive someone at your business who is authorized to send payments. This is where AI adds to a criminal’s bag of tricks.
AI systems can be trained to generate text that mimics the style, tone and language patterns of a particular person. This could include generating emails that are designed to sound like one of your company’s top executives or managers.
AI can also enable fraudsters to mimic the voice of one of those executives in a phone call. One of the first cases of AI-powered voice-mimicking playing a role in a business fraud was reported in 2019. The managing director of a British energy company, believing his boss was on the phone, followed verbal orders to wire more than $240,000 to an account in Hungary. The funds “disappeared,” and the director later told The Washington Post that the request seemed strange, but the voice of his boss was so lifelike he felt he had no choice but to comply.2
In some cases, the phone call with the familiar voice of authority comes on the heels of a BEC email as a way of legitimizing the fraudulent request.
Respond with fraud awareness training
Defending against new forms of deception requires businesses to provide employees with effective fraud awareness training. Here are four training strategies suggested by Forensic Strategic Solutions, a national fraud investigation firm3:
1. Communicate the impact of fraud. Explain to employees how fraud can lead to legal repercussions, loss of reputation and financial loss.
2. Develop a fraud prevention policy. Outline the roles and responsibilities of employees in preventing and reporting fraud. Highlight the need for employees to authenticate money-movement requests in multiple ways. For instance, callbacks to the person making the request can be a highly effective control.
3. Provide examples of fraudulent activities. Examples can help employees spot fraud attempts.
4. Reinforce training through ongoing communication. Provide regular updates on the company's fraud prevention policy, address new fraud risks and encourage the reporting of suspected fraud.
A helpful training resource with information on fraud trends and controls is the Hancock Whitney Cybersecurity for Business website.
Our role in defending you
Two final points for clients:
- Hancock Whitney will never contact you by phone or email asking for your passwords or other private information.
- If you believe you have been the target of a payments fraud attack, please call 1-866-594-2304.