Day 5: AI Chatty Scammers
Chatty Scammers: When AI Holds a Conversation to Steal Your Cash
Traditional phishing was like a smash-and-grab, one dodgy email, poorly worded, hoping someone would bite. With AI, criminals have become far more patient and polished. Welcome to conversational phishing, where scammers don’t just send one email, they hold an entire dialogue with your staff.
Picture this, your accounts team gets an email from what looks like a regular supplier chasing a late payment. They reply, and instantly, a polite, natural-sounding response comes back. Over the next few days (or even weeks), the “supplier” keeps chatting, sharing believable details, and sounding utterly convincing. Only later do they slip in the sting, a change of bank details, a link to “settle the invoice,” or a subtle request for confidential data.
For small businesses, this kind of scam is particularly nasty. Unlike big corporates with complex supplier management systems, many SMBs rely on trust and personal relationships with their partners. That trust is exactly what criminals exploit.
Real-life example: In 2023, a UK-based manufacturing firm lost £60,000 after an accounts clerk corresponded with what they thought was a long-standing supplier. The emails stretched over two weeks, building confidence. On the final day, the “supplier” explained they’d updated their bank account and urgently needed payment. The transfer went through and the real supplier only flagged the missing money weeks later.
What SMBs Can Do
Set ironclad rules for bank detail changes. No matter how convincing the email, verify any new payment details using a trusted phone number or direct contact.
Introduce supplier verification steps. A short checklist (e.g., “call before you pay”) can stop scams dead in their tracks.
Train staff to be politely suspicious. If something feels off, sudden urgency, unfamiliar tone, or repeated requests, pause and double-check.
Use shared mailboxes or monitoring. If only one person deals with a supplier, scams are easier to miss. Having a backup pair of eyes helps.
AI has given cybercriminals the patience of a saint and the tongue of a silver-tongued salesperson. But with clear rules and a healthy “verify first, pay second” culture, SMBs can stay one step ahead of the chatty scammers.
