From Deepfakes to Deception: Navigating the Evolving Landscape of Business Fraud

Traditionally, fraud felt like something that only happened in the shadows – quiet, hidden and far away – like a stolen check or a hacked account, things you might not notice until long after the damage was done. But now, fraudsters are pulling individuals and businesses directly into the process. They’re calling, texting and emailing, posing as trusted sources in real-time, attempting to trick victims into unknowingly helping carry out the fraud themselves. This growing boldness marks a major shift in the fraud landscape, one that requires heightened awareness and proactive defenses. Read on for insights from our Director of Treasury Management and Merchant Services, Nick Benz, on how fraud tactics are evolving, the growing role of AI and how our Merchants Bank Treasury Management team can help you protect your business.
 
 

The Evolution of Fraud and the Current Landscape

Everything evolves, including fraudsters.
 
Understanding how they’re evolving is the first step to staying ahead.
 
“Fraudsters are taking a much more proactive approach,” says Nick. “It’s not just check theft anymore, they’re now actively targeting direct access to financial accounts through impersonation methods.”
 
Today’s fraudsters aren’t just operating behind the scenes, they’re reaching out and blending in. That shift has made fraud harder to spot and easier to fall for, especially as they borrow the tools of legitimate businesses to mask their intentions.
 
Here’s a quick look at some of the tactics fraudsters are using to target businesses today:

• Direct contact posing as someone you trust. Whether by call, text, or email, fraudsters often impersonate vendors, colleagues or financial institutions to request changes to account or payment details, demand urgent payments or ask for sensitive information.
  • Tip: Always verify any requests you get by contacting the vendor, colleague or financial institution directly using known contact information. Never trust the contact details provided in the message.
• Phone number spoofing. Calls and texts can look like they’re coming from a familiar number, even your financial institution, but may actually originate from a fraudster.
  • Tip: Be cautious with unsolicited calls or messages asking for sensitive information. When in doubt, hang up and call back using a verified number. Remember that your financial institution will never ask for login credentials or an account number.
• Malware hidden in plain sight. Even something as routine as an “unsubscribe” link can contain malware designed to compromise your system.
  • Tip: Don’t click unsubscribe links from unknown sources. Report the email as spam using your email provider's tools, and always double-check unusual requests through a separate communication channel.
• Inbox interference. Once a fraudster gains access to your email, they can delete any incoming alerts or warnings from your financial institution, allowing them to continue operating without interruption
  • Tip: Regularly check your financial account activity directly through your provider’s secure website or app and report any suspicious behavior immediately.

  
 

The Double-Edged Sword of Technology and AI

Technology has improved many aspects of how businesses manage finances, but it’s also given fraudsters new tools.
 
The rise of generative AI has added a dangerous new layer to modern scams. With easy access to AI-powered tools, fraudsters can now create emails, text messages and even voice messages that closely mimic the tone, language and behavior of real people, making impersonation scams significantly more convincing and harder to detect.
 
“AI has completely changed the fraud landscape, especially in how convincing scams have become,” says Nick. “A fraudster can now replicate someone’s writing style, mannerisms and even voice using specific tools. That makes it easier to trick people into trusting a message that looks or sounds familiar.”
 

Generative AI: Supercharging Scams with Realism

Here are just a few ways AI is being used to enhance scams:

• Impersonation through writing. AI can quickly learn how someone typically writes emails — their tone, phrases and even typos — and replicate them convincingly.
• Voice and video spoofing. Some fraudsters are now using AI to create fake voice messages or even video deepfakes to impersonate executives, colleagues or vendors.
•  What’s a deepfake? A deepfake is a video of an individual in which their face or body has been digitally altered so they appear to be someone else. These are often used for malicious purposes. 
• Email and message manipulation. Generative tools can craft highly targeted messages that feel personal and urgent, increasing the likelihood that someone will respond without verifying the request.

 

Fraudsters Still Love Paper Checks

Despite these technological threats, a common misconception is that all fraud is now digital. In reality, most business fraud still originates from paper checks. While electronic payments often feel riskier, the truth is the opposite:
 
“Electronic payments are significantly more secure,” says Nick. “Check fraud is still one of the biggest threats we see, mainly because it’s easier to manipulate and intercept.”
 
Technology isn’t just being used by fraudsters. It’s also essential in helping businesses detect and prevent fraud. But that technology only works when people stay engaged and up to date.

Too often, businesses fall into a false sense of security. They assume that fraud won’t happen to them, or that existing systems will catch everything.
 
“Fraudsters are constantly adapting to new security measures,” Nick adds. “That’s why it’s so important not to let your guard down. Stay informed, review your processes regularly and take full advantage of the fraud prevention tools your bank offers.”
 
 

Building a Fraud Prevention Plan for Your Business

So now the question is how can you protect yourself and your business? We’re glad you asked.
 
According to Nick, the best approach is a layered defense strategy, one that combines awareness, daily habits and the right Treasury Management solutions.
 
Four key steps that make for a good, layered approach:

• Make sure all employees understand the potential risks of malware and phishing. It only takes one click on a malicious link or attachment to compromise your entire system.
• Early detection is one of your best defenses. By logging in and reviewing transactions every day, you’re more likely to catch suspicious activity before it turns into a larger issue.
• Use dual control for all outgoing payments. Never let one person have full control over payments. Dual control means two separate people are required to initiate and approve transactions, greatly reducing the chance on internal fraud or external manipulation.
• Take full advantage of the advanced fraud management solutions your financial institution offers. At Merchants Bank, this includes:
  • Positive Pay: checks presented to the Bank for payment are compared to a pre-approved list, ones that do not match must be reviewed or may be rejected. This is a great option for businesses with a large amount employees.
  • Reverse Positive Pay: you received a list of check presented to your account for payment and review them against the checks you have issued. This is a great options for smaller businesses with only a few employees.
  • ACH Blocks and Filters gives you the ability to prohibit or block unauthorized electronic withdrawals. This is great for businesses who have ACH debit or credit activity in their business checking account.
  • Check Blocks: completely blocks checks from being processed on an account. This is a great option for businesses who do not issue checks.
  • IP Restrictions: limits account access to approved networks and locations only. This is a great option for any business to help protect against foreign users trying to log into your business accounts.

 
Tip: Work with the Merchants Bank Treasury Management team (which includes Nick!) to determine the best combination of solutions for your business’s size and risk level.
 
 

The Future Frontier of Fraud and How to Prepare

Remember that even with strong defenses in place, it’s important to continue to be proactive in staying up to date and taking advantage of improved security measures. As we look forward into the next one, two, five years, the battle against business fraud is only going to get more complex.
 
“Fraudsters are getting smarter, and AI is going to insert itself more and more into how they operate,” says Nick. “At the same time, banks and businesses will need to use AI and advanced security tools to stay one step ahead.”
 
With AI making it easier to impersonate voices, writing styles and even full digital identities, the lines between real and fake will become increasingly blurred. That’s why businesses must go beyond basic protection and invest in layered, proactive defenses.
 

Your Business Fraud Defense Summarized

Here’s what Nick recommends for staying ahead:

• Always verify and trust your instincts. If you receive a call, text or email asking for sensitive information, don’t respond directly or use the contact details provided. Instead, reach out using a known, trusted phone number, whether it’s a vendor, colleague or your financial institution.
• Remember that tools protect your accounts, not your clicks. Treasury Management tools can help block unauthorized transactions, but they can’t stop you or your employees from clicking a malicious link or sharing information with a fraudster.
• Leverage IP address controls and system restrictions. Adding this helps limit access to certain networks and locations, reducing the risk of unauthorized logins or system breaches.

  
 

What’s one piece of advice you give every business leader?

“Even if something looks 100% legitimate, stop and verify,” says Nick. “That one extra step can save your business from a major loss.”
 
Our team is here to help you protect what you’ve built. Contact your local banker or a Treasury Management team member to learn more about fraud prevention.