Connect with us

Thought Leaders

AI-Powered Fraud Campaigns are Increasing “Pre-Approved” Payment Attacks

mm
Published

Most organizations are still defending against the last generation of fraud. What’s changed from then to now isn’t just volume; it’s the operating model. Or, how fraud actually runs day to day. Let’s say someone sends a payment request that looks exactly like your vendor. Same tone, same format, same timing. What happens? A few years ago, simple email detection software would have caught it. Now? It just moves through, using your workflows as cover. The most effective campaigns no longer look like intrusions; they look like business as usual.

What many teams miss is how systematically trust is being exploited. And it’s always the same three things: trust in the sender, trust in documents, and trust in the approval process. Requests arrive with built-in credibility, match internal expectations, and appear already validated, so they get executed without friction. AI is accelerating this shift, compressing the effort required to run continuous, adaptive campaigns that feel routine at every step.

The implication is straightforward: if your controls assume a “valid-looking” request is in fact a valid request, they’re outdated. The risk surface is now your own operating rhythm; how decisions get made and approved. Every critical action needs independent verification, no matter how normal it appears.

Inside Modern AI-Powered Fraud Campaigns

At the end of the day enterprises are structurally unprepared for AI-driven fraud. Finance teams are operating with fewer resources while being pushed to move faster, creating an overreliance on manual reviews and outdated systems. That combination leaves critical gaps. AI-driven fraud is designed to exploit exactly this environment, slipping through routine workflows, mimicking legitimate requests, and avoiding scrutiny. These attacks don’t look suspicious. They look operational. The reality is, most of the controls we see today were built for a much slower environment and are now fundamentally misaligned with how fraud modern operates.

AI has rapidly evolved fraud from isolated, polished messages into fully orchestrated campaigns. Early use cases focused on improving tone and eliminating obvious red flags. That phase is over. More than 90% of fraudulent accounts appeared legitimate and locally aligned in 2025. Attackers now generate entire ecosystems of deception that include spoofed domains, complete email conversations, and realistic financial artifacts like invoices and banking documents all delivered in a single, cohesive attempt. These campaigns are engineered to pass verification because they mirror real business processes end-to-end. The cost of producing convincing fraud has collapsed, while its scale has exploded. Enterprises are no longer dealing with occasional attempts; they’re facing persistent, high-volume campaigns that are designed to succeed.

Now, what’s changing again is agentic AI. These models don’t just generate content. They actually act with autonomy, continuously refining their approach based on context and response. They can launch, adapt, and scale fraud campaigns without constant human input. So, what happens? Teams get flooded. Everything looks legitimate. And mistakes start to happen. Unlike traditional tools or static phishing kits, agentic systems learn and evolve mid-campaign, making them far more resilient to detection. This is the shift from automated fraud to intelligent, self-directed fraud operations, and it renders static, point-in-time defenses obsolete.

Fighting AI with AI: The New Fraud Defense Playbook

AI is reshaping how finance and security teams operate, automating workflows, approvals, and payments at scale. But automation can create gaps between what’s completed and what’s actually verified. A payment may proceed because it follows the correct process, not because the request is legitimate. These gaps, across identity, context, and behavior, are where modern fraud thrives. Teams must look beyond workflow completion and ensure requests are truly verified.

Security and finance teams should build on the core principles of prevention, protection, and mitigation to address evolving enterprise payment fraud. Expanding these foundations into actionable, operational practices allows organizations to adopt AI-driven automation while strengthening defenses across critical systems and financial workflows. So, let’s break it down into how teams actually operate.

  • Prevention reduces abuse before it starts. A proactive posture is no longer enough; teams must embed safeguards like risk-based due diligence and oversight to detect and stop misuse early.
  • Protection means making user safety the default. It also requires scalable defenses that shield employees from phishing and cyber-enabled fraud. Teams should strengthen insider risk training and implement safeguards that reduce exposure to social engineering.
  • Detection and response remain essential. Monitoring should enable ecosystem-wide sharing of verified, privacy-preserving indicators of abuse across departments and industries. This shared intelligence helps defenders act faster and counter advanced threats more effectively.

Effective defenses also rely on behavioral AI that understands how finance operations normally function across the payment lifecycle, vendor communications, invoice patterns, payment timing, approvers, workflow routes, and changes to bank details or contact information. Solutions that integrate directly into existing systems, email, ERPs, and procure-to-pay platforms provide the visibility and anomaly detection needed to stop threats in real time.

This is especially urgent as Nacha introduces requirements for stronger fraud monitoring of ACH transactions. These changes respond to rising fraudulent payment requests and socially engineered scams targeting finance teams. To comply, enterprises must reassess their detection and prevention capabilities and upgrade monitoring and response where needed. Nacha’s aim is clear: ensure every enterprise payment is secure, accurate, and reliable.

From Risk to Resilience: The Path Forward

AI hasn’t just improved fraud; it has operationalized it, turning what was once sporadic into persistent, high-frequency activity that blends seamlessly into everyday workflows. Attacks are now faster, more convincing, and designed to pass through controls by appearing routine. This means traditional, reactive defenses are already outpaced. This is a structural shift. Fraud is no longer an edge case. It’s constant. It’s always there, and leaders must respond accordingly by embedding real-time detection, behavioral insight, and independent verification directly into critical processes. At the end of the day, the risk isn’t just that attacks are more sophisticated. It’s that they look completely normal. 

mm

Shai is a seasoned cybersecurity leader with over 15 years of experience in information security and risk management. As the former CISO of Israel Discount Bank, one of Israel’s largest banks, he led large-scale cybersecurity initiatives and developed innovative strategies to combat financial fraud in complex banking environments. Shai’s expertise in building and leading security operations centers, along with his deep understanding of the evolving threat landscape, positions him to drive Trustmi’s mission to eliminate socially engineered attacks targeting financial fraud.