Prominent cybersecurity firm Bitdefender warns that bad actors are now using AI to launch convincing scams against small businesses at a much larger scale.
In a new blog post, Bitdefender says AI-powered phishing now feels very real as fraudsters use generative AI tools to craft professional-looking messages, making scams more difficult to detect.
“AI can now write emails that sound like real coworkers, real vendors, or real clients. These messages often reference actual projects, use industry-specific language, and are sent to people in finance, HR, or leadership, the roles that can move money or data.
Attackers gather details from public sources like company websites, LinkedIn profiles, and past data breaches, then use AI to tailor each message.”
The cybersecurity firm also says small business owners should keep their guard up against calls and messages from people they know and trust.
“AI can now clone voices and generate realistic video or audio messages using very little source material. That means attackers can impersonate a CEO, business partner, or vendor using clips from interviews, webinars, or even social media videos. In some cases, employees receive urgent calls asking for wire transfers or ‘last-minute’ changes to payment details.”
Bitdefender adds that hackers are using AI to predict passwords and login credentials.
“They test variations across multiple platforms at once, looking for reused logins. If your password follows a common pattern — a season, a year, a symbol — AI likely already knows it.”
Another way scammers attack small businesses using AI is through constantly evolving malware.
“AI-driven malware changes its code automatically while keeping the same malicious behavior. By the time one version is detected, several new ones already exist.”
Bitdefender also says small business owners should keep their online footprint limited, as scammers can use the data to launch tailored attacks.
“Some of the most damaging attacks begin with research. AI tools can map your business before making contact. They scrape employee roles, vendor relationships, public tech details, and online habits.”
Lastly, the firm says scammers are using AI tools to generate fake receipts or send payment update details.
“Instead of asking for something new, these messages usually say:
‘We’ve updated our bank details.’
‘Please use the new account for this payment.’
‘Resending invoice with corrected information.'”
Bitdefender says small businesses should adopt clear procedures, hold regular employee training and set up verification rules to combat scams. The firm also says that employees should be encouraged to pause and double-check before greenlighting any transaction.
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.