Electronic payment fraud is evolving at an alarming pace. During our recent presentation at Nixon Peabody's 2025 Cybersecurity and Privacy Law Summit, we shared how traditional business email compromises have given way to sophisticated AI-powered deepfake attacks that are increasingly difficult to detect. According to a KPMG study, 71% of organizations have already been targeted, and FBI data shows that losses from these types of schemes now exceed $3 billion annually. Understanding these threats is critical for organizations.
This article highlights the key trends and prevention strategies we discussed. For the complete picture, we encourage you to watch our full electronic payment fraud session.
The evolving threat landscape
Funds Transfer Fraud (FTF) has become one of the most financially damaging cyber threats organizations face. The basic premise remains simple: threat actors impersonate executives, vendors, or banks to redirect legitimate payments into fraudulent accounts. What’s changed is the sophistication of these attacks.
From typos to deep fakes
Traditional business email compromise relied on spoofed email addresses and social engineering. In our presentation, we showed examples of obvious red flags—misspelled company names, awkward phrasing, mismatched fonts—that employees should catch with proper training.
But the game has changed. AI-generated deepfake videos now allow criminals to impersonate executives with stunning realism. We discussed cases where organizations lost millions to video calls featuring AI-generated versions of their CFOs and senior executives. As one Wall Street Journal article noted, “Tech companies are competing for employees with AI skills, and so are the hackers.”
Prevention strategies that work
During our presentation, we walked through specific examples of fraudulent emails and invoices, showing attendees exactly what to look for. The key takeaway? Vigilance and verification remain your best defenses.
Essential electronic payment fraud prevention measures:
- Train employees to spot suspicious emails and verify payment changes through secondary channels
- Implement safe word protocols—surprisingly simple but dramatically effective
- Require dual verification for any changes to payment instructions
- Deploy multifactor authentication and strong password policies
- Maintain healthy skepticism around urgent payment requests
The safe word strategy deserves special emphasis. Whether for your organization or your family, establishing a verification question that only legitimate parties can answer provides a simple but powerful defense against both traditional and AI-powered fraud.
When fraud occurs, cyber incident response speed matters
Despite best efforts, fraud succeeds. In our presentation, we outlined the critical first steps organizations must take:
- Contact cyber counsel immediately to coordinate response and protect privilege
- Notify banks to attempt freezing funds transfers
- Alert insurance carriers
- Consider notifying law enforcement
- Engage forensic investigators to understand the attack vector and prevent recurrence
The path forward
The electronic payment fraud landscape will continue to evolve as AI technology advances. Organizations can’t prevent every attack, but they can significantly reduce their risk through proper training, robust verification protocols, and rapid response when fraud occurs.