AI ‘Boss’ Fraud: How Deepfakes Are Targeting Business Assets
Last year, Lithuanian authorities and financial institutions tracked nearly 15,500 fraud attempts targeting both residents and businesses. The scale of the threat is significant: the total amount attempted to be stolen reached approximately €58.8 million, according to data from the Lithuanian Centre of Excellence in Anti-Money Laundering. While the numbers themselves are staggering, the real concern for international business leaders is the rapid evolution of the methods used to bypass traditional security.
Criminals are shifting away from mass-scale, generic phishing emails toward highly targeted, sophisticated operations. These attacks often leverage artificial intelligence (AI) to impersonate high-level executives or intercept long-standing business communications, making the deception nearly impossible to detect through casual observation.
The Rise of the AI-Generated Executive
The most alarming development in the corporate fraud landscape is the use of AI to replicate human voices and appearances in real-time. Imagine a scenario where a company’s accountant receives a call via Microsoft Teams. The face on the screen is the CEO; the voice is unmistakable, and the request—an urgent, confidential payment to secure a major deal—sounds entirely plausible.
In reality, this is a deepfake. Experts warn that we have entered an era where language errors or suspicious email addresses are no longer reliable red flags. Current AI tools allow fraudsters to mimic not just a person’s voice, but their mannerisms, facial expressions, and even emotional tone. This psychological manipulation relies on the ‘authority’ of the caller and a manufactured sense of urgency, pressuring employees to bypass standard verification protocols to avoid ‘ruining’ a business opportunity.
The Danger of Intercepted Communications
While AI represents the high-tech frontier, one of the most financially damaging schemes remains the interception of business-to-business correspondence. In these cases, criminals gain access to an email thread between a company and its supplier. They wait silently for weeks, observing the tone and timing of the interaction.
When it comes time for an invoice to be sent, the fraudster replaces the legitimate bank details with their own. The victim company, seeing a familiar thread and a valid-looking invoice, processes the payment without realizing they are sending funds directly to a criminal account. One Lithuanian clinic recently lost €30,000 in this exact manner while ordering interior decor from an international gallery; the theft was only discovered when the gallery followed up on the ‘missing’ payment weeks later.
Implementing ‘Friendly Suspicion’ in Corporate Culture
To combat these evolving threats, security experts are moving away from purely technological solutions toward a culture of ‘friendly suspicion’ and disciplined internal processes. Technology can filter many threats, but human behavior remains the final line of defense.
Security leaders suggest that businesses must move toward automated payment verification systems where bank details cannot be easily altered by a single user. Furthermore, any request to change payment details or execute an ‘urgent’ transaction should be verified through a secondary, independent channel. If a request comes via email, the employee should call the partner or manager using a known, previously saved phone number—not any number provided in the suspicious message.
Practical Safeguards for Modern Teams
For businesses operating in an environment where AI can mimic anyone, establishing ‘pre-shared keys’ or internal code phrases has become a practical necessity. A manager requesting a sensitive operation should be prepared to provide a pre-agreed password or phrase known only to the relevant staff members.
Additionally, the ‘four-eyes’ principle—requiring at least two employees to approve any significant financial transaction—remains one of the most effective safeguards against fraud. By slowing down the process and requiring multiple checkpoints, companies can neutralize the ‘urgency’ tactic that fraudsters rely on to cloud professional judgment. As cybercrime becomes more personalized and technologically advanced, the most effective weapon is not a better firewall, but a more attentive and disciplined workforce.
Source: BNS
Comments