CONTACT US

AI-Powered BEC: How AI Makes Email Fraud More Dangerous in 2025

[May 19, 2026]

Ron

A person holds a smartphone displaying an incoming call from an unknown caller, with green and red buttons to accept or decline the call, in a dimly lit setting.

AI-powered BEC attacks — where artificial intelligence supercharges business email compromise fraud — caused $893 million in losses in 2025 alone according to the FBI’s IC3 Annual Report. Here is what organizations need to understand, and what defenses still work.

It is a Tuesday morning. An email arrives from your primary vendor contact. The writing is fluent and professional. It references your most recent conversation. It asks you to update payment information before this quarter’s invoice processes. Nothing triggers a warning.

Except an AI wrote it — and the email address is fraudulent.

Artificial intelligence has changed what Business Email Compromise attacks look like. The FBI’s 2025 IC3 Annual Report documented 22,364 AI-related crime complaints with $893 million in associated losses, and noted explicitly that AI tools are increasingly used in phishing, social engineering, and impersonation attacks — all core BEC mechanisms. Meanwhile, BEC itself caused $3,046,598,558 in losses in 2025, ranking second among all crime types.

The intersection of these trends is what this post examines: how AI is being deployed in BEC attacks, what that changes about detection and defense, and what organizations need to do differently in an era when “does this look legitimate” is no longer a reliable question.

How Is AI Being Used in BEC Attacks?

AI tools are being used in BEC attacks in five primary ways: (1) generating high-quality, grammatically correct phishing and impersonation email content; (2) cloning executive voices for fraudulent phone verification calls; (3) creating deepfake video for live impersonation in video conferences; (4) automating the research and reconnaissance phase; and (5) enabling translation and localization for attacks across language barriers.

Each of these capabilities directly undermines a different layer of traditional BEC defense:

1. AI-Generated Email Content

Large language models generate contextually accurate, grammatically correct, stylistically appropriate email content on demand. An attacker provides the AI with context — the target organization, the impersonated relationship, the desired outcome — and receives polished, professional text that reads exactly as a real executive or vendor would write.

This eliminates one of the most reliable historical signals of BEC: poor writing quality. The awkward phrasing, grammatical errors, and unnatural formality that once characterized attacks from non-native speakers are gone. Security awareness training that taught employees to flag these signals now misses a significant proportion of attacks.

2. Voice Cloning for Fraudulent Verification Calls

Text-to-speech AI models trained on voice samples can generate synthetic audio that mimics a specific person’s voice with high fidelity. As little as a few minutes of publicly available audio — from a podcast, YouTube video, earnings call, or voicemail — can be sufficient to build a convincing voice clone. This technology is being used by attackers to make follow-up “verification” calls that appear to come from the executive whose email was just impersonated.

This directly compromises the most commonly recommended BEC prevention step: “Call to verify.” If the verification call itself is answered by an AI voice clone of the executive, the verification step becomes the attack vector rather than the defense.

3. Deepfake Video for Executive Impersonation

More resource-intensive attacks have used AI-generated video to create visual impersonations of executives during video conference calls. The 2025 IC3 report specifically notes deepfake technology as an emerging threat in cyber-enabled fraud. Documented cases include criminals impersonating senior executives in multi-participant video meetings to authorize large transfers, with other participants unaware the “executive” was synthetic.

4. Automated Reconnaissance

AI tools dramatically accelerate the research phase of BEC attacks. Tools that aggregate and analyze public data — LinkedIn profiles, company websites, press releases, social media, regulatory filings — can be used to generate detailed intelligence reports on target organizations within minutes. What previously required hours of manual research can now be done at scale, enabling attackers to run more simultaneous, better-researched campaigns.

5. Translation and Cross-Language Attacks

AI translation tools enable criminal networks operating in one country to execute highly localized, natural-sounding attacks against targets in entirely different linguistic and cultural contexts. This expands the global attack surface significantly and reduces the language-quality signals that once helped identify internationally-originated attacks.

What Does the FBI’s 2025 IC3 Report Say About AI in Cybercrime?

The FBI’s 2025 IC3 Annual Report flagged 22,364 AI-related crime complaints with $893 million in associated losses. The report notes that criminals use AI for “creating content for phishing, voice cloning, and deepfake attacks, among others.” The report’s operations director specifically warned that “cyber threats and cyber-enabled crime will continue to evolve as the world embraces emerging technologies such as artificial intelligence.”

The AI-related descriptor in the IC3 data captures complaints where victims specifically identified AI involvement. Given the difficulty of detecting AI-generated content and the broad under-reporting of cybercrime generally, the actual prevalence of AI in BEC and related attacks is believed to be substantially higher than the complaint data reflects.

$893 million in AI-related cybercrime losses reported to IC3 in 2025 (FBI IC3 2025 Annual Report)

22,364 AI-related crime complaints filed with IC3 in 2025

How Does AI-Enhanced BEC Differ from Traditional BEC?

AI-enhanced BEC differs from traditional BEC primarily in attack quality and scale: content is more convincing, research is faster and more thorough, verification steps can be compromised by voice and video cloning, and attacks can be run at greater volume simultaneously. The core mechanism — social engineering via email to authorize fraudulent transfers — remains the same.

The practical differences for organizations are:

  • Content quality signals are no longer reliable: You cannot use writing quality, tone, or grammar as a detection heuristic when AI generates the content.
  • Volume increases: Lower per-attack research investment means attackers can target more organizations simultaneously with well-researched, personalized attacks.
  • The verification call problem: Standard guidance to “call to verify” requires adaptation — verification calls using challenge questions with known-only shared context, not just a voice confirmation that could be cloned.
  • Faster reconnaissance: Attackers can identify high-value targets, map payment authorization structures, and generate attack content in a fraction of the time previously required.

How Do You Detect AI-Generated BEC Emails?

You often cannot reliably detect AI-generated BEC emails from content analysis alone — and that is precisely why AI-enhanced BEC is dangerous. The correct approach is to shift from content-based detection to process-based verification: regardless of how legitimate an email looks, all wire transfer requests require out-of-band verification through independently sourced contact information.

That said, some signals remain useful:

  • Check the full sending address — not just the display name. AI can generate the content but cannot fix a look-alike or spoofed domain. Expanding the sender field catches many impersonation attacks regardless of content quality.
  • Email authentication headers: Check SPF, DKIM, and DMARC results in the full header. Properly implemented DMARC enforcement blocks domain-spoofed messages before they reach employees.
  • Behavioral anomalies: AI can replicate writing style but may miss micro-contextual details only the real sender would know — specific project references, inside terminology, prior conversation threads. When something feels off despite looking right, that intuition matters.
  • Timing and context: AI-generated attacks still require the attacker to time and target them correctly. A request that arrives at an unexpected time, through an unexpected channel, or for an unexpected amount is worth extra scrutiny even when the content appears legitimate.

How Do You Protect Against AI-Powered BEC?

Protection against AI-powered BEC requires shifting defense from content detection to process enforcement: mandatory out-of-band verification for all wire transfers, dual authorization above defined thresholds, DMARC enforcement, MFA on all email accounts, and employee training that treats process adherence as non-negotiable regardless of how legitimate a request appears.

Process Controls — the Foundation

AI can generate convincing content. It cannot generate a legitimate second approval from a second employee calling an independently verified number. Process controls are AI-resistant because they do not depend on detecting fraudulent content — they require verification through channels the attacker cannot control.

  • Out-of-band verification: All wire transfer instructions received by email are confirmed by phone using a number from your own records — not from the email, not from Google search. This step applies regardless of how legitimate the request looks.
  • Dual authorization: Two independently acting employees are required to approve wire transfers above a defined threshold. Neither can be the one who received the original request.
  • Challenge questions for high-value verification: When the stakes are high, use verification questions that reference shared context known only to both parties — not just “is this really you?” but “what did we discuss in the last call about the XYZ project?” AI voice clones can confirm identity but cannot answer questions about private shared history.

Technical Controls

  • DMARC enforcement (p=reject) with valid SPF and DKIM: Eliminates domain spoofing as an attack vector.
  • Phishing-resistant MFA: Hardware security keys or passkeys provide authentication that cannot be compromised by the AI-generated phishing emails that defeat TOTP codes.
  • Full sender address display: Configure email clients to show the full address, not just the display name.
  • Behavioral analytics: AI-powered email security tools that detect anomalies in communication patterns, login behavior, and transaction requests can identify attacks that content-based filters miss.
  • Conditional access policies: Requiring managed devices or registered locations for email access limits attacker ability to maintain unauthorized access after credential theft.

Training Adaptation for AI-Enhanced Attacks

Security awareness training must evolve beyond “look for bad writing.” Updated training should focus on:

  • Process adherence regardless of content quality: The email that looks most legitimate is exactly the one that most needs verification.
  • Urgency as a primary red flag: AI-enhanced attacks are polished but still rely on urgency to compress the decision window. Urgency paired with a payment request is always a trigger for extra scrutiny.
  • Verification call protocols that account for voice cloning: Employees should understand that “calling to verify” requires using independently sourced numbers and asking questions that test shared private context.
  • Deepfake awareness: For high-stakes video-based authorizations, establish protocols that require in-person verification or specific challenge procedures that would expose a deepfake.

Is AI Making BEC Worse? The Trajectory

Yes. AI tools are lowering the cost and raising the quality of BEC attacks simultaneously — a combination that historically drives increased attack volume and financial harm. The 2025 IC3 data shows total cybercrime losses up 26% year over year, with BEC maintaining its position as a top-two crime type. The introduction of widely accessible AI tools correlates with continued loss growth.

The trajectory suggests that organizations relying on content-quality detection — awareness training focused on identifying “suspicious-looking” emails — are increasingly vulnerable. The organizations that will be most resilient are those whose defense is grounded in process controls that don’t depend on detecting fraudulent content at all.

Frequently Asked Questions

Can AI detect AI-generated BEC emails?

AI-based content detection tools exist but have significant limitations and meaningful false positive rates. They are less reliable defenses than process controls and technical controls. If resources require prioritization, invest in verified controls — DMARC, dual authorization, out-of-band verification — before AI content detection tools.

What is voice cloning in BEC?

Voice cloning in BEC is the use of AI-generated synthetic audio that mimics a specific person’s voice to impersonate them in phone calls. It is used to compromise the “call to verify” step in BEC defense — when an employee calls to confirm a suspicious wire request, the attacker answers with a cloned voice of the executive, providing false confirmation.

What are deepfake BEC attacks?

Deepfake BEC attacks use AI-generated video to impersonate executives during video conference calls, authorizing fraudulent transactions while appearing visually convincing to meeting participants. These attacks are more resource-intensive than email impersonation but have been used successfully against high-value targets. Defenses include in-person verification for high-stakes authorizations and challenge questions that require demonstrating private shared knowledge.

Does DMARC stop AI-generated BEC?

DMARC enforcement stops domain spoofing attacks — where attackers register look-alike domains — regardless of whether the attack content was AI-generated or human-written. DMARC does not stop account compromise attacks (where a real account is used) or display name manipulation attacks (which don’t require spoofing the domain). DMARC is essential but must be combined with MFA, out-of-band verification, and dual authorization.

How is AI being used to investigate BEC, not just conduct it?

AI is also being deployed defensively in BEC investigation: behavioral analytics tools detect anomalous communication patterns and login activity; machine learning identifies deviations from established vendor communication baselines; blockchain analysis tools use AI to trace cryptocurrency transactions across multiple hops; and natural language processing helps investigators identify related attacks that share content or infrastructure characteristics.

What should organizations do right now about AI-enhanced BEC?

Three immediate priorities: (1) implement DMARC at p=reject if not already in enforcement mode; (2) establish a written, enforced out-of-band verification requirement for all wire transfer instructions received by email; and (3) update security awareness training to remove content-quality detection as a primary defense and replace it with process-adherence culture. These three changes address the highest-leverage vulnerabilities that AI-enhanced BEC exploits.

AI-enhanced BEC represents the leading edge of what Rexxfield investigates and defends against. For BEC prevention resources visit rexxfield.com/prevent-business-email-compromise-bec/. For emergency incident response, visit rexxfield.com/bec-urgent-next-steps/.

Sources

FBI IC3 2025 Annual Report: https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf

Rexxfield BEC Prevention: rexxfield.com/prevent-business-email-compromise-bec/

Rexxfield Email Impersonation Guide: rexxfield.com/email-impersonation/

Recommended for You

AI-Powered BEC: How AI Makes Email Fraud More Dangerous in 2025

[May 19, 2026]

Ron

AI-Powered BEC: How AI Makes Email Fraud More Dangerous in 2025

AI-powered BEC attacks — where artificial intelligence supercharges business email compromise fraud — caused $893 million in losses in 2025 alone according to the FBI’s IC3 Annual Report. Here is
What to Do After a BEC Attack: A Step-by-Step 72-Hour Recovery Guide

[May 12, 2026]

Ron

What to Do After a BEC Attack: A Step-by-Step 72-Hour Recovery Guide

BEC attack recovery is possible — but only if your organization acts within the critical first 72 hours. According to the FBI’s 2025 IC3 Annual Report, business email compromise caused
CEO Fraud in 2025: What It Is, How It Works, and the Controls That Actually Stop It

[May 05, 2026]

Ron

CEO Fraud in 2025: What It Is, How It Works, and the Controls That Actually Stop It

CEO fraud — also called executive impersonation fraud or business email compromise via CEO spoofing — is one of the most financially devastating cybercrimes hitting organizations today. In 2025, CEO
All posts

Rexxfield is a first responder in cybercrime investigations since 2008. We support law enforcement, legal teams, and victims globally, and are
one of the longest-standing private cybercrime investigation teams.

CONTACT US

About Us

Team

Since 2008

Partners

Discover

Case Studies

Celebrities

Reviews

Features

Services

Blog

© 2026 Rexxfield. All rights reserved.

Privacy Policy

Return and Refund Policy