Verify Before You Pay: Stop AI Voice and Email Scams.
“It sounds like your boss.“
“It looks like your vendor.”
“But it’s not.“
With AI, scammers can now clone voices, mimic writing styles, and craft emails that feel urgent, real, and impossible to ignore.
One wrong click or a rushed “yes” can drain thousands from your account.
The fix? Pause. Confirm. Then Pay.
The Scam Setup: It’s More Convincing Than Ever
- A call from “your CFO” demands a wire transfer now.
- An email says a vendor has “updated banking details.”
- A text claims your CEO authorized a fast payment.
The FTC warns: voice-cloning makes fake requests feel real.
FBI reports: AI-generated voice and email scams are growing.
IC3 data: Business Email Compromise (BEC) losses exceed $2.9 billion annually.
The One-Page Playbook: Verify AI Voice Email Scams
Use this for every invoice, every bank update, and every urgent request.
➤ First, call back using a known number
Do not trust numbers in the message. Use the contact saved in your system or CRM.
Even if it sounds like your CFO, confirm on their known number.
➤ Next, require two-person approval
For risky payments or any banking changes, get two written approvals.
Keep the record in one shared folder or an approval tool.
➤ Then, place first-time or changed accounts on a 24-hour hold
If the account is new or modified, pause for one day. Use that time to verify by callback.
Most scams rely on urgency, your delay blocks them.
➤ Meanwhile, use a code phrase for urgent asks
Create a short, private phrase your team knows.
If a caller cannot repeat it, stop.
➤ Also, log everything where all can see
Use Teams Approvals in Microsoft 365 to record actions, names, and timestamps.
Clear trails keep your team aligned and ready for audits.
➤ Finally, report every attempt
If something felt off, document it.
If money moved, call your bank at once and report at IC3.gov.
Callback Script (read this word-for-word)
Hi [Name], I’m calling on our known number because urgent payment requests can be faked, to avoid a costly mistake, please confirm the invoice number and amount, then the last four digits of the bank account on file, and finally who requested the change and when we’ll proceed only after this confirmation.
Extra Guardrails that actually work
1) Start with stronger sign-ins.
Move to phishing-resistant MFA and passkeys in Microsoft Entra ID. These methods block many login-theft tactics and cut off scams at the source.
2) Then watch for session-stealing kits.
Some tools can grab cookies and bypass basic MFA. Upgrading to phishing-resistant methods and tightening endpoint controls reduces this risk.
Train your team in 10 minutes
First, run a quick role-play.
Assign a “fake CFO” and a finance clerk who follows the callback script without bending the rules.
Next, post a simple reminder.
Place signs near desks and in Teams: No Callback, No Payment.
Finally, repeat monthly.
Short refreshers keep the habit strong.
If you think you slipped
Immediately call your bank to freeze or recall the transfer. Next, notify the vendor in case their account was spoofed. Then report the incident at IC3.gov and save every record for investigators.
Want to Put This in Place?
Centrend can help you:
- Set up Microsoft Approvals
- Secure your vendor list
- Review your MFA and identity protections
- Train your team to always verify before they pay
Secure your Defenses Now
📞Book your AI CyberDefense Today