In an era where artificial intelligence is reshaping industries, it’s also empowering scammers to craft highly convincing fake scams.
At Oculus Group, we are committed not only to managing your accounts but also to helping you protect your hard-earned assets and reputation.
A recent Accountants Daily article highlighted a warning from Commonwealth Bank (CommBank) urging small business owners to be vigilant against deepfake scams.
What are Deepfake Scams
Deepfake scams are fraudulent schemes that use AI to imitate real people, emails, invoices, and even voices to trick victims into transferring funds or revealing sensitive information.
The Growing Threat of Deepfake Scams
Deepfake scams are no longer just theoretical. According to research cited in Accountants Daily, many small business owners are overconfident in their ability to recognise AI-generated scams. But when tested, accuracy is low.
In fact, only around 42% of people could correctly identify a deepfake in controlled tests, despite a much larger proportion believing they could.
Scammers are using AI to spoof trusted contacts like suppliers, executives, government officials, and family members. These scams may arrive as:
- AI-generated emails or invoices with altered payment details.
- Fake investment opportunities featuring cloned voices or visuals of well-known personalities.
- Impersonation of senior staff requesting urgent transfers.
- Sophisticated business email compromise (BEC) attacks.
If scammers succeed, the financial and reputational damage to your business can be significant, especially if payments are made before anyone realises something is wrong.
The “Stop. Check. Reject.” Principle
CommBank’s advice which has been repeated across multiple scam-prevention guides is simple but powerful: Stop. Check. Reject.
- Stop: Take a breath and slow down whenever you receive an unexpected request, especially if it involves money, personal details, login credentials, or changes to supplier bank details.
- Check: Don’t rely on the contact details in the suspicious message. Instead, call or email the person or business using verified contact information you already have.
- Reject: If something doesn’t feel right after you’ve paused and checked, reject the request. Delete the message, block the sender, and report it to your bank or IT/security team.
This approach still applies even to highly polished scams that use AI-generated visuals or voices to mimic trusted people.
Practical Steps for Small Business Owners
At Oculus Group, we recommend layering good habits and controls into your business operations to reduce scam risk:
1. Strengthen Internal Processes
- Institute clear approval processes for invoices and payment changes.
- Segregate duties so that no single person can approve and execute significant payments without oversight.
2. Verify Changes to Financial Details
- Always confirm new or changed bank account details for suppliers or contractors by calling their known number – never by replying to the email you’ve just received.
3. Educate Your Team
- Train staff to recognise red flags such as urgent language, unfamiliar senders, spelling/grammar errors, and requests for immediate action.
4. Use Technology Wisely
- Implement multi-factor authentication (MFA) on all business accounts.
- Ensure your software and security systems are up to date to reduce vulnerabilities.
5. Foster a Culture of Questioning
- Encouraging employees to ask questions, especially about unusual payment requests, can be one of your best defences.
Protect your Business from Deepfake Scams
Deepake scams are evolving, and technology that can be beneficial can also be misused.
Awareness and cautious behaviour remain your strongest protective tools.
As your advisers, Oculus Group is here to support you not just with compliance and reporting, but with practical risk mitigation and business resilience.
If you’d like help strengthening your internal controls or reviewing your scam-prevention procedures, please reach out.
Stay safe, stay vigilant, and remember: Stop. Check. Reject.
