Commonwealth Bank (CommBank) is urging small business owners to slow down and double-check unexpected requests after new research reveals many small businesses are less prepared than they think against deepfake scams.
According to a recent CommBank survey, many small business owners are confident in their ability to detect AI-powered fraud. In reality, their ability to correctly identify deepfakes was much lower. On average, participants correctly identified only 42% of deepfake attempts.
The findings highlight that artificial intelligence is increasing the risk as fraud becomes faster, more convincing, and harder to detect. “While only around four in 10 small business owners are familiar with deepfake scams, fraudsters are using AI to imitate suppliers, loved ones and even government officials, highlighting the important role that awareness plays in identifying these scams,” said David Coote, CommBank’s general manager for small business banking in Queensland.
To reduce risk, CommBank encourages businesses to follow a simple approach: Stop, Review, Decline. That means pausing if something doesn’t seem right, confirming payments or account changes through trusted communication methods, and rejecting requests that don’t make sense.
The study also found that while approximately 41% of small businesses are aware of deepfake fraud, many remain vulnerable. Although most scams were received via email, only 55% of business owners had recently checked their supplier payment details.
Identity fraud is becoming increasingly common and effective. For example, criminals often pose as suppliers or senior executives to pressure teams into making urgent payments. And while email is widely used to communicate with suppliers, it remains a weak link due to limited built-in security. In some cases, attackers can even gain access to real employees’ inboxes to make messages appear legitimate, as we found in our research.
Related:
How to protect your small business from AI fraud
AI is accelerating these tactics. Deepfake invoices, cloned voices, and hyper-realistic messages are increasingly being used to catch busy business owners by surprise.
But that doesn’t mean small businesses are powerless. With a few habits and safety measures, you can greatly reduce your risk.
Slow down payments and changes
Most AI fraud relies on urgency. If you are pressured to act immediately via email, text, or phone call, pause. Fraudsters want to bypass normal checks. Please verify the request other than the original message
Do not confirm payment changes, invoices, or “urgent requests” by replying to the same email or message. Call suppliers, clients, or colleagues using phone numbers you already trust. Create a simple validation rule.
Decide in advance how you will approve payment changes. for example:
– Bank account details cannot be changed without calling
– Urgent payments cannot be made without a second person’s confirmation Be skeptical of familiar voices and faces
AI can now replicate voices and imitate writing styles. A message that sounds exactly like your supplier or boss isn’t proof that it’s genuine. Treat unexpected requests with caution, even if they are familiar. Limit the information scammers can learn about you.
Public information facilitates identity theft. See what your business is sharing online about suppliers, staff roles, email addresses, and internal processes. Protecting Business Email Many AI scams are successful because attackers gain access to real email accounts or exploit people’s trust in familiar names and writing styles. Using strong, unique passwords and enabling two-factor authentication will make it much harder for criminals to take over your business inbox and use it to deceive your clients, suppliers, and colleagues.
Bitdefender Ultimate Small Business Security addresses exactly this risk. Protect your business email accounts from phishing and account takeovers, while detecting suspicious messages early, before anyone clicks, replies, or pays.
Start your free trial to protect your business email from AI fraud.
