All articles

AI-Augmented BEC: Deepfakes, Look-Alike Domains, and the New Fraud Playbook

Business email compromise was already the most expensive cyber attack category by reported loss. AI has now industrialised the parts that used to fail — voice mismatch, language errors, time-to-target. Mid-market UK firms need to update their controls or accept the new loss rate.

Business email compromise has always been the quietly catastrophic category. It does not encrypt servers, it does not break into the news cycle the way ransomware does, and it rarely produces a regulatory announcement. It simply moves money out of the firm and into someone else’s account, and by the time the finance lead notices, the funds are several hops away. For most of its history, BEC was a text-based crime. The controls firms relied on — spotting bad grammar, unfamiliar phrasing, a payment instruction that did not match the usual cadence — worked because the attackers were, in the main, neither native English speakers nor close students of the target. AI has removed each of those tells. The fraud is the same in shape. The detection signals are not.

What changed in 2024-26

Three specific shifts have moved BEC from a high-volume nuisance into a category that mid-market UK firms must now treat with the same seriousness as ransomware.

The first is voice cloning. Synthesised CFO, CEO, and managing-partner voices are now generated from publicly available audio — a single conference panel, a recorded webinar, a podcast appearance, a results-day call. A 90-second clip is sufficient for production-grade synthesis. The output passes casual scrutiny on a voicemail or a brief live call, particularly through the compression and noise of a mobile network. The cost has collapsed; the time-to-produce is minutes.

The second is look-alike domain automation. Attackers register typo-domains, internationalised-character-set domains that substitute Cyrillic or Greek glyphs for visually identical Latin ones, and subdomain spoofs at industrial scale. Domains are spun up, used for a single campaign, and abandoned before manual review can catch them. The throughput now exhausts the kind of analyst review most mid-market firms could ever sustain.

The third, less visible but more consequential, is prompt-injection-enabled email manipulation. Attackers compromise a real mailbox at a trusted supplier or professional adviser and then craft messages that pass the recipient firm’s AI-based email filter precisely because they look benign — no urgency markers, no suspicious links, just a quiet change of bank details inside an otherwise routine thread. The filter is doing what it was trained to do. The training data did not anticipate this.

A composite incident — the voicemail that wasn’t from the CFO

The following is a composite, drawn from incidents we have responded to. Details are altered.

At 09:42 on a Tuesday, a finance assistant at a mid-market UK firm received a voicemail from what sounded unmistakably like the CFO. The message instructed her to expect an email shortly with a same-day wire to a new supplier; the deal had moved faster than expected and the legal team was already in the loop. The email arrived eleven minutes later, from a domain one character different from the firm’s own, signed off in the CFO’s habitual phrasing. The assistant followed standing process: she replied to confirm. The reply landed in the attacker’s inbox and was answered within two minutes. The wire — £340,000 — went out at 10:31. The real CFO learned of it at 14:50, returning from an offsite. Forensic analysis later traced the voice synthesis to a 90-second clip of the CFO from a panel published on YouTube the previous autumn.

Why traditional controls miss this

The first reason is that tone-and-style heuristics no longer work. Filters and staff training that taught people to spot “this email reads oddly” assumed an attacker who could not write fluent native English in the target executive’s voice. That assumption no longer holds. The synthesised text matches the executive’s habitual phrasing, sign-off, and cadence.

The second is enforcement drift. Most mid-market firms have an out-of-band verification policy somewhere in the finance manual. Very few audit it. Under deadline pressure, the policy is shortcut by the same people who wrote it, and the shortcut is rarely logged. Auditors testing the control find it present in writing and absent in practice.

The third is that vendor-onboarding controls focus on KYC, not communication-channel integrity. Firms confirm the supplier is a real entity with real bank details. They rarely confirm that the email thread approving the bank details has not been hijacked midway through.

The controls that actually work

  1. Out-of-band verification for any wire transfer over a stated threshold, mandatory and audited. The threshold should be low enough to catch the common-case fraud, and the audit should include a quarterly sample of transfers above the line to confirm the verification step was performed and logged.
  2. Dual-authorisation in the finance function for any new beneficiary, with the second authoriser barred from acting on the first authoriser’s verbal or written assurance alone — they must perform their own independent check.
  3. Vendor-onboarding hold periods — a 48-hour minimum between a new beneficiary being added and the first payment being released. Most legitimate suppliers can absorb this. Most fraud campaigns cannot.
  4. Caller-verification protocols on inbound voice instructions — any payment instruction received by phone or voicemail is met with a back-channel callback to a number held on the firm’s directory, not the number the caller supplied.
  5. Quarterly tabletop exercises specifically for deepfake-enabled fraud scenarios, run with the finance team and a board observer. The point is not to test the technology; it is to rehearse the friction of saying “I need to call you back” to a person who sounds exactly like the CFO.
  6. Reduced executive video and audio surface area where reasonably possible. This is a trade-off. Public visibility builds the brand; it also supplies the training data. Firms with high-value transfer exposure should at least be aware of the trade and price it deliberately.

The threat statistics worth knowing

Phishing volume is up 129% year-on-year on NCSC’s most recent Annual Review. BEC remains the single most expensive reported cyber attack category by financial loss in the FBI’s IC3 reporting, ahead of ransomware on a pure-dollar basis. Major UK financial institutions reported deepfake-enabled BEC incidents through 2025, including cases where synthesised voice was used to authorise multi-million-pound transfers. The category is no longer experimental.

How Rhentech helps

We carry an incident response retainer for when this happens, with onboarding and a defined response time so that the first hour after the discovery is not spent looking for a phone number. We run readiness assessments and the kind of tabletop exercises described above before it happens. And from 2026 onward, AI-augmented threat work — deepfake-enabled BEC included — is part of every cybersecurity audit we run; it is no longer a separate workstream.

Book a free initial consultation if you want a candid view of where your firm stands on this category, or speak to a consultant about a retainer if you want the response capability in place before the call comes in.

Back to all articles
Free consultation

Ready to act on
what you've read?

Book a free consultation with a senior consultant to discuss your cybersecurity posture and next steps.

Book a free consultation