Advances in artificial intelligence are creating new opportunities for innovation but they’re also opening the door to highly convincing scams. One of the fastest growing risks to Australian and New Zealand businesses is AI-powered impersonation: fake phone calls, voice clones, and deepfake videos used to trick employees into transferring funds, sharing passwords, or revealing confidential information.
A 2024 survey by Regula revealed that nearly half of businesses globally reported incidents involving audio or video deepfake fraud, marking a significant increase from previous years.
And since the average self-reported cost of cybercrime per report for small businesses was $49,600, these tactics can be particularly damaging. Unlike larger organisations, small and medium businesses may not have dedicated cybersecurity teams or formal verification processes in place. That makes awareness and prevention especially important.
What Is Voice Fraud and How Does It Work?
AI voice fraud typically involves a scammer using machine learning tools to replicate a person’s voice. With just a few seconds of audio—often pulled from social media or public video—a fraudster can generate a realistic clone that mimics someone’s speech patterns, tone, and accent.
The cloned voice is then used in:
- Phone calls pretending to be a company director or senior manager, urgently requesting money transfers or password resets
- Voicemail messages with specific instructions, often tied to a fabricated emergency or deadline
- Audio sent via email or messaging platforms, adding perceived legitimacy to phishing attempts
These scams are often part of a broader impersonation strategy, paired with spoofed email addresses or SMS messages.
Deepfake Videos: A New Frontier in Impersonation
Deepfakes are AI-generated videos that make it appear as though a real person is saying things they never actually said. In a business setting, this technology might be used to create a fabricated video message from a company executive requesting urgent action, simulate a “live” video call where a scammer pretends to be someone familiar to the victim, or produce manipulated content intended to mislead staff, customers, or partners.
While deepfakes have been more commonly associated with political or celebrity impersonations, their use in business fraud is on the rise—and becoming increasingly difficult to detect.
Why SMEs Are at Risk
Small businesses often have fewer resources to devote to cybersecurity, and scammers know this. Tactics like voice fraud are designed to exploit trust, familiarity, and urgency—elements that are common in fast-moving business environments.
Particularly vulnerable moments include:
- End-of-month accounting tasks
- Staff leave periods
- Busy sales seasons
Scams often rely on an employee’s willingness to help, respond quickly, or act on a directive from someone perceived as senior.
Practical Steps to Reduce Your Risk
While deepfake and voice clone technology is advancing quickly, there are still practical, low-cost steps SMEs can take to reduce exposure:
- Implement verification procedures: For any financial transaction or request involving sensitive information, require a secondary form of confirmation—ideally written and from an internal system or known contact.
- Educate staff on impersonation tactics: Brief employees on how AI voice fraud works and what red flags to watch for, such as unexpected urgency or unusual language.
- Secure public-facing audio and video: Consider limiting how much audio content is published online—especially interviews or speeches from leadership team members.
- Review access to communication tools: Ensure systems like email, VOIP, and team messaging platforms are protected by strong authentication settings and managed user roles.
Staying Ahead of a Moving Threat
As voice cloning and deepfake tools become more accessible, SMEs will need to stay informed and cautious. Fraudsters are constantly testing new ways to exploit trust and familiarity—and while the technology may be new, the goal remains the same: to gain access, create confusion, and ultimately profit.
By maintaining clear internal processes and helping employees spot the signs of impersonation, small businesses can reduce their exposure and respond quickly to emerging threats.
This information is for general information purposes only. The information contained herein does not constitute financial or professional advice or a recommendation. It has not been prepared with reference to your financial circumstances or business and should not be relied on as such. You should seek your own independent financial, legal and taxation advice as to whether or not this information is appropriate for you.