FDIC Ribbon
FDIC Ribbon

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

FDIC Ribbon
FDIC Ribbon

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

    • weeks-jeff-800.jpg

    • Jeff Weeks

      Sr. Vice President and Chief Information Security Officer
      Read Time: 5 minutes
      Date Published: June 08, 2026

How to Protect Yourself and Your Business from AI Scams and Deepfakes

Author: Jeff Weeks, Senior Vice President and Chief Information Security Officer

Artificial intelligence has transformed our daily personal and work lives. Unfortunately, it has also transformed the way criminals deceive.

AI scams and deepfakes are no longer futuristic concepts or isolated incidents; they are active, rapidly growing cybersecurity threats affecting individuals and businesses. From eerily accurate voice cloning scams to convincingly realistic fake videos, artificial intelligence scams are making fraud harder to detect and far more damaging when they succeed.

What makes AI especially dangerous is not just the sophistication of the technology, but how easy it is to use to create impersonations.

  • A voicemail that sounds like your organization's CEO authorizing a wire transfer. 
  • A video call that appears to show a trusted executive asking for urgent action.
  • An email that mirrors a familiar writing style so closely it bypasses instinctive skepticism.
  • A text message that appears to come from your bank asking you to verify account information.

These types of attacks are happening today. But there are steps you can take to protect yourself and your business.

Key Takeaways

  • AI scams and deepfakes can convincingly impersonate trusted people and organizations.
  • Verify requests involving money, data, or account changes through a separate trusted channel.
  • Layered approvals help protect businesses from fraud and impersonation attacks.
  • Employee awareness remains a critical defense against AI-powered scams.
  • A healthy dose of skepticism can help prevent costly mistakes.

How Voice Cloning and Deepfakes Are Changing Fraud

At its core, AI is a neutral tool. It analyzes patterns, generates content, and convincingly mimics human behavior. Cybercriminals have learned to exploit these capabilities to target more victims, more quickly than ever before. With minimal technical expertise, attackers can now generate AI-created content that once required significant time, skill, and resources.

  • Voice cloning scams have become particularly effective. A few seconds of audio, usually pulled from social media or other recordings, can be enough for AI to recreate a person’s voice with shocking accuracy. When paired with urgency and authority, these calls can persuade even experienced professionals to act quickly without full consideration of the situation.
  • Deepfake videos raise the stakes further. Modern fake videos can simulate facial expressions, eye movements, and speech patterns well enough to pass a casual inspection. For businesses, this creates serious risk during video-based approvals, virtual meetings, or identity verification processes. For individuals, it opens the door to impersonation, emotional manipulation, and fraud.

Unlike older scams that relied on obvious errors or generic messaging, AI-generated fraud feels personal. It sounds right. It looks right. And that is precisely why it works.

Why Traditional Defenses Are No Longer Enough

For years, cybersecurity awareness focused on teaching people to spot obvious warning signs, such as poor grammar, unfamiliar senders, or suspicious links. While those lessons still matter, they are no longer sufficient. AI scams are designed to bypass human intuition.

Attackers understand organizational pressure points. Using requests that appear routine but urgent, they target:

  • payroll teams
  • finance departments
  • executives

They exploit trust, hierarchy, and time pressure, knowing that a moment of hesitation could stop the attack and that speed often prevents verification.

Federal agencies and cybersecurity firms have repeatedly warned that AI-powered fraud is accelerating. The financial losses associated with deepfake-enabled scams are already significant, and the trend shows no sign of slowing. This is not a problem organizations can afford to address reactively.

How Organizations Can Reduce Their Risk

Effective defense against AI scams begins with process, not technology alone. Organizations must assume that audio, video, and written communications can be fabricated and build safeguards accordingly.

  • Verification through trusted, independent channels is essential. Any request involving money movement, changes to payment instructions, or the release of sensitive data should be confirmed using a known contact method — one that is not embedded in the original message. This concept, often referred to as out-of-band verification, remains one of the most reliable countermeasures against impersonation.
  • Technology also plays an important role. Liveness detection tools can help determine whether a person appearing on camera is real, rather than a recording or AI-generated simulation. While no solution is a silver bullet, these controls add meaningful friction for attackers.
  • Equally important is layered approval for high-risk actions. Payroll changes, wire transfers, and unusual purchasing requests should never rely on a single approval or communication. Requiring additional validation steps may feel inconvenient, but it is far less disruptive than recovering from fraud.
  • Finally, employee education must evolve. Training should reflect modern threats, emphasizing that realism is no longer a reliable indicator of legitimacy. While staff can be taught to notice visual inconsistencies or odd audio artifacts, they should also understand that some deepfakes will pass visual inspection. Policies, verification procedures, and leadership reinforcement are critical to ensuring people feel supported when they pause or challenge a request.

What Individuals Can Do to Stay Safe

AI scams do not only target businesses. Individuals are increasingly vulnerable, particularly when scammers impersonate family members, friends, or trusted institutions. The emotional pull of an urgent plea, especially one that sounds exactly like a family member or friend, can override logic in seconds.

  • Healthy skepticism is essential, particularly when messages create a sense of urgency or fear. Requests for immediate money transfers, secrecy, or personal information should always be treated as suspicious, even when they appear to come from a familiar source.
  • Social media hygiene also matters more than many people realize. Publicly available photos, videos, and voice recordings provide raw material for AI-generated content fraud. Keeping accounts private, limiting the sharing of voice and video content, and being careful about who you connect with on social media sites reduces threat exposure.
  • Most importantly, verification should become a habit. Before acting on any request involving money or sensitive data, take the time to confirm through a separate channel. A quick phone call or text to a known number can prevent financial loss and emotional distress. Trust should never be based on a single message, no matter how real it appears.

Why AI-Powered Fraud Is Here to Stay

AI scams and deepfakes have changed the threat landscape. Visual realism and familiar voices are no longer sufficient verification methods. In a world where artificial intelligence can convincingly fabricate reality, instinct alone is not a reliable defense.

The most effective defense combines awareness, verification, and disciplined processes. By slowing down, double-checking requests, and communicating through trusted channels, individuals and organizations can reduce their risk significantly.

For more security tips and resources, visit the FNBO Security Center.

Frequently Asked Questions

What is an AI scam?

An AI scam uses artificial intelligence to create convincing messages, voices, images, or videos that impersonate trusted people or organizations. Criminals use these tools to steal money, sensitive information, or account access.

What is a deepfake?

A deepfake is AI-generated or AI-manipulated audio, video, or image content designed to make it appear that someone said or did something they never actually said or did. Deepfakes can be used to impersonate executives, employees, family members, or public figures.

How do voice cloning scams work?

Voice cloning scams use artificial intelligence to replicate a person's voice using audio samples found online, such as social media videos, podcasts, or recorded messages. Scammers then use the cloned voice to create urgency and convince victims to send money or share sensitive information.

How can I tell if a video or voice message is a deepfake?

Some deepfakes may contain visual glitches, unnatural facial movements, awkward pauses, or unusual audio quality. However, many AI-generated impersonations are difficult to detect. The safest approach is to verify unexpected or urgent requests through a separate, trusted communication channel.

How can businesses protect themselves from AI scams?

Businesses can reduce risk by requiring multiple approvals for financial transactions, implementing out-of-band verification procedures, training employees on AI-powered fraud tactics, and using security technologies such as liveness detection and identity verification tools.

What is out-of-band verification?

Out-of-band verification is the process of confirming a request through a separate communication channel. For example, if you receive an email requesting a wire transfer, call the requester using a known phone number rather than responding directly to the email.

Can AI scams target individuals as well as businesses?

Yes. Scammers frequently target individuals by impersonating family members, friends, financial institutions, or government agencies. 

How can I reduce my exposure to AI-powered scams?

Limit publicly available voice and video content when possible, keep social media privacy settings up to date, be cautious about accepting connection requests from unknown individuals, and verify requests involving money or sensitive information before taking action.

About the Author

Jeff has been with First National Bank of Omaha for more than 26 years and is currently the Senior Vice President and Chief Information Security Officer. The executive leadership and oversight provided by Jeff in the development, management, and execution of information security for FNBO enables the company’s ability to posture and protect private, personal information, and assets of the company’s clients, employees, and business partners.

Get More Security Tips

The articles in this blog are for informational purposes only and not intended to provide specific advice or recommendations. When making decisions about your financial situation, consult a financial professional for advice. Articles are not regularly updated, and information may become outdated.

© 2026 First National Bank of Omaha (FNBO). All Rights Reserved. 1601 Dodge Street, Omaha Nebraska, 68197

FNBO is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer.

NMLS 412727

Only deposit products are FDIC insured.

 Investment Products are: NOT FDIC INSURED • NOT A DEPOSIT OR OTHER OBLIGATION OF THE BANK • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT GUARANTEED BY THE BANK • MAY LOSE VALUE

Awards based on independent surveys and editorial methodologies for the years shown. Recognition does not imply endorsement or affiliation.