Most Small Business Owners Overestimate Their Ability to Spot AI Scams, Survey Shows

The Commonwealth Bank (CommBank) is urging small business owners to slow down and double-check unexpected requests after new research showed many are less prepared for deepfake scams than they believe.

According to a recent CommBank survey, many small business owners feel confident they could spot an AI-powered scam. In reality, their ability to correctly identify deepfakes was far lower. On average, participants correctly identified only42% of deepfake attempts.

The findings highlight a growing risk as artificial intelligence makes scams faster, more convincing, and harder to detect. “Only around four in ten small business owners are familiar with deepfake scams, yet scammers are using AI to imitate suppliers, loved ones, and even government officials, highlighting the critical role awareness plays in spotting these scams,” said David Coote, CommBank’s Queensland general manager of small business banking.

To help reduce risk, CommBank is encouraging businesses to follow a simple approach: stop, check, and reject. That means pausing when something feels different, confirming payment or account changes through a trusted contact method, and refusing requests that don’t add up.

The research also found that while around 41 % of small businesses were aware of deepfake scams, many were still vulnerable. Most scam attempts arrived by email, yet only 55% of business owners had recently verified their supplier payment details.

Impersonation scams are becoming more common and more effective. For example, criminals often pose as suppliers or senior executives to pressure teams into making urgent payments. Email also remains a weak point, because it’s widely used for supplier communication but offers limited built-in security. In some cases, attackers even gain access to real employee inboxes to make their messages appear legitimate, as found in the survey.

Related:

How to protect your small business against AI scams

AI is accelerating these tactics: deepfake invoices, cloned voices, and highly realistic messages are increasingly being used to catch busy business owners off guard.

But that doesn’t mean small businesses are powerless. A few habits and safeguards can significantly reduce the risk.

Slow down payments and changes
Most AI scams rely on urgency. If an email, message, or call pressures you to act fast, pause. Scammers want to bypass your usual checks.
Verify requests outside the original message
Never confirm payment changes, invoices, or “urgent requests” by replying to the same email or message. Call the supplier, client, or colleague using a phone number you already trust.
Create a simple verification rule
Decide in advance how payment changes are approved. For example:
– No bank detail changes without a phone call
– No urgent payments without a second person checking
Be skeptical of familiar voices and faces
AI can now clone voices and mimic writing styles. A message that sounds exactly like your supplier or boss isn’t proof that it’s real. Treat unexpected requests with caution, even if they feel familiar.
Limit what scammers can learn about you
Public information fuels impersonation. Review what your business shares online about suppliers, staff roles, email addresses, and internal processes.
Protect your business email Many AI-driven scams succeed because attackers either gain access to real email accounts or exploit the trust people place in familiar names and writing styles. Using strong, unique passwords and enabling two-factor authentication makes it much harder for criminals to take over business inboxes and use them to deceive clients, suppliers, or colleagues.

Bitdefender Ultimate Small Business Security addresses this exact risk. It protects business email accounts from phishing attempts and account takeovers, while also detecting suspicious messages early, before someone clicks, replies, or pays.

Start a free trial to protect your business email from AI-driven scams.