A finance clerk receives a video call from their company’s leadership team, asking them to authorize a large transfer. The faces and voices look and sound real. But they’re not. They’re AI-generated deepfakes, and the company is about to lose millions.

This isn’t a hypothetical. It happened earlier this year to UK engineering firm Arup, where a scammer used deepfake avatars of employees to steal over $25 million (Business Insider).

Generative AI is giving cybercriminals tools that make these attacks easier, cheaper, and more convincing than ever. For small and mid-sized businesses (SMBs), this “deepfake economy” is a fast-growing threat.

How AI Is Changing the Scam Game

• Cloning brands and websites: Attackers can now replicate your company’s website in minutes, complete with logos, layouts, and even staff bios.
• Impersonating employees: AI voice cloning and deepfake video tools can mimic your executives, salespeople, or customer service staff.
• Automating personalized attacks: Generative AI can scrape data from social media and past communications to make emails and calls highly believable.
• Scaling fraud like a business: Criminal groups run “Fraud-as-a-Service” operations—selling deepfake and phishing kits to anyone willing to pay.

The Numbers SMBs Can’t Ignore

• 456% increase in deepfake-related scams between May 2024 and April 2025. 
• 12% of small businesses reported at least one AI-driven impersonation attempt in the past year. (AI Invest)
• Losses can range from a few thousand dollars to tens of millions, depending on the target and attack method.

Why SMBs Are at Higher Risk

• Smaller budgets for cybersecurity tools and staff training.
• Limited processes for verifying unusual requests.
• Heavy reliance on trust-based communication channels.

What You Can Do Right Now

1. Train your staff to verify unusual requests: Require multi-step verification—especially for financial transactions.
2. Use code words or verification questions: Agree on internal “safe words” for sensitive actions like wire transfers.
3. Strengthen email and account security: Multi-factor authentication and phishing-resistant login methods are essential.
4. Limit public exposure of staff info: Reduce detailed employee profiles on your website and LinkedIn.
5. Test your defenses: Conduct phishing simulations and deepfake awareness training.

Stay Ahead of AI-Driven Threats

Generative AI is here to stay—and so are the scams it enables. The best defense is a layered security strategy that combines technology, processes, and people.

Protect your business from AI-powered scams before they strike. Our cybersecurity experts can help you assess your risks, train your team, and monitor your systems 24×7. Call Constructure Technologies at 631.396.7777 or email info@constructuretech.com to get started.