As small business owners continue to incorporate positive and effective AI tools, criminals are using the tech to enhance and further their efforts to breach cybersecurity at companies.

Here’s what you and your employees should be aware of when it comes to AI-generated scams and how to protect against them.

Voice Cloning Scams

Scammers use AI apps to help them impersonate someone trusted, such as a friend, family member, co-worker or business partner, as a means to obtain personal and/or company data for their financial gain.

“They do this by manipulating videos and recordings found on social media to produce realistic sounding voice recordings or even videos,” explains a post by the NYC Department of Consumer and Worker Protection (DCWP).

One red flag that the call or video could be a scam is the urgent tone and pressure being used as they ask for business or personal data or for a transfer of money, cautions the municipal enforcement agency DCWP.

“Stop and think,” the post says. “Urgency is one of a scammer’s most powerful tools in getting you to do what they want. You can take control of the situation by pausing for a moment to consider the situation rationally.”

Watch for inconsistencies, advise cybersecurity experts, such as strange word choices, stilted language and choppy sentences.

Also, warning signs in deepfake videos include jerky or unrealistic movements, shifts in lighting or skin tone, strange or no blinking, and shadows around the caller’s eyes, the DCWP says.

AI-Enhanced Phishing Emails and Fake Websites

AI tech is enabling criminals to create more convincing phishing emails and fake websites, warn cybersecurity experts.

“These types of scams might appear to be from your bank, your favorite shopping site or even your friendly Help Desk,” warns a post by the IT department at the University of Wisconsin–Madison.

Essentially scammers are using AI as a job aid or an additional tool, just like everyone else, says  Dave Schroeder, director of National Security Initiatives at UW-Madison, in the article.

“What we are seeing is AI automating or ‘supercharging’ a lot of the same techniques that scammers are already using, including making possible some new attacks,” he adds.

So, it’s doubly important that business owners and employees stay watchful for these types of scams. 

Pay attention to subtle cues, advises a post on the University of Colorado at Boulder’s news site.

“The human factor often gets blamed for cybersecurity failures—and for good reason, since many breaches stem from our own actions,” explains Sebastian Schuetz, an assistant professor of organizational leadership and information analytics at the school’s Leeds School of Business.

“It’s natural to trust too easily, skip updates or password changes, or click too quickly out of hope or fear,” he adds. “These instincts make us human, but they’re also what criminals exploit.

Research shows that people who stay mindful and cautious by default are the most resilient to cybercrime, says the CU Boulder Today article by Katy Marquardt Hill.

AI-Driven Fake Refunds and Invoice Scams

Another AI-generated threat to companies, particularly retail businesses, are deepfake customer-service refund attacks. 

In these scams, AI voice bots pose as customers asking for a refund or credit and they’re armed with accurate order numbers and other relevant information, misleading employees to believe they’re real requests and real customers.

Other phishing variations include QR-code phishing, or quishing, and SMS phishing, or smishing, explains a post by global security firm ESET.

Also, AI is helping scammers with spearphishing, a more advanced form of phishing that utilizes highly tailored messages based on deep background research of a target, according to the ESET blog by Roman Cuprik.

“Traditionally, phishing tricks people into revealing personal data or downloading malware,” explains ESET solution architect Július Selecký in the post. 

“Spearphishing goes further, utilizing personalized messages after attackers gather details about a specific target. Today, AI automates this process, making spearphishing increasingly common.”

Further, cybersecurity criminals are using AI to create and send invoices that look legitimate,  mimicking real suppliers or vendors. “Their goal is to trick businesses into paying for goods or services that were never provided,” says the ESET blog.

For more tips on boosting cybersecurity at your business, see Strengthening the Frontline: Empowering Employees to Combat Data Breaches.