Rising Middle Eastern investment in Türkiye’s FDI landscape
Read more
Share
The barrier to executing sophisticated fraud operations has significantly decreased in recent years. Activities that once required considerable expertise and coordination can now be carried our rapidly and at scale through the use of artificial intelligence (AI).
Risk consultants and intelligence analysts are no longer just fighting human adversaries; they are defending against AI-enabled Tactics, Techniques, and Procedures (TTPs) – behavioural patterns, methods and specific tools used by cyber threat actors to plan and execute attacks.
These modern threat actors leverage TTPs, including Large Language Models (LLMs), to generate highly convincing communications, and generative technologies to replicate corporate assets and digital identities with near-perfect accuracy.
This “industrialisation of social engineering” allows scammers to create fraudulent business entities that appear indistinguishable from legitimate enterprises. For the B2B sector, the implications extend well beyond credential theft. Organisations now face heightened risks to supply chain integrity, counterparty authenticity, and overall institutional trust.
Table of contents
Anatomy of an attack: The 5-step lifecycle
Real-world cases
Key indicators of fraudulent activity
Foundational defensive measures
Limitations of conventional controls
Conclusion: Strengthening business integrity
Anatomy of an attack: The 5-step lifecycle
While the objectives of fraud remain consistent, AI has significantly optimised execution. A typical attack lifecycle now includes:
-
AI-enabled cloning
Scammers systematically scrape and replicate a target organisation’s digital footprint, including websites, branding, and content structures. The resulting replicas are often indistinguishable from legitimate assets upon quick inspection. -
Lookalike domains
Fraudulent domains are registered using minor variations in spelling or alternative domain extensions. These are frequently obscured through WHOIS privacy services.1 -
Traffic acquisition through manipulation
Rather than relying solely on email, attackers utilise SEO poisoning and paid advertising to position fraudulent sites prominently within search engine results, thereby establishing perceived legitimacy. -
Data harvesting and reconnaissance
Beyond payment data, these platforms collect login credentials and organisational information, supporting broader Business Email Compromise (BEC) operations.2 -
Rapid extraction
The final phase is the rapid exfiltration of capital or sensitive intellectual property, often through automated channels, before the victim realises a breach has occurred.
Real-world cases
The following cases, drawn from recent intelligence, demonstrate how these TTPs are being actively deployed across multiple sectors:
This campaign targeted citizens via SMS messages purporting to relate to traffic fines. The associated websites closely replicated the official governments portal in multiple languages and functionality, enabling the capture of personal data. The system then generated fake fines and captured credit card data through a spoofed transaction interface.
Recruitment fraud
Fraudulent networks posing as legitimate employers conduct accelerated, AI-assisted hiring processes, including staged interviews. Victims are quickly “selected” and required to pay advanced fees for a work permit or administrative costs, while personal identification documents are collected at scale. As well as financial and emotional harm to the job seekers, the companies being impersonated face reputational damage.
Tourism and travel fraud
AI-driven lead generation is used to identify targets who are lured to attend promotional travel events with “free gifts.” After, an often aggressive, high-pressure sales presentation, victims pay for expensive, non-existent travel services. Following payment, these entities cease operations.
Business formation scams
In more severe cases, victims are persuaded to establish legal entities under the pretext of legitimate business activity. These entities are subsequently used for financial crime, while the registered directors, i.e., the victims, retain full liability.
Key indicators of fraudulent activity
Effective risk assessment requires looking beyond the surface to structural indicators, such as:
- Recently registered domains (typically less than 90 days old)
- Use of WHOIS privacy by entities that would ordinarily maintain transparency
- Reliance on automated Domain Validated (DV) SSL certificates in place of Organisation Validated (OV) or Extended Validation (EV) certificates, which require manual vetting of the business entity
- Subtle inconsistencies in language, terminology, or branding
- Lack of verifiable physical presence or reliance on minimal contact infrastructure with only Gmail type email addresses
Foundational defensive measures
Despite increasing sophistication, core security practices remain highly effective and start with individual hygiene and rigorous verification standards:
- Direct navigation protocols
Users should avoid interacting with embedded links for sensitive actions such as financial transactions (via SMS and email) and instead manually enter verified URLs directly into the browser. - Password management tools
These act as a first line of defense, providing an inherent safeguard, as credentials will not autofill on fraudulent domains. - Multi-factor authentication (MFA)
Hardware-based MFA solutions (such as YubiKeys) offer robust protection against the "man-in-the-middle" proxies often used by AI-driven phishing technologies.
Limitations of conventional controls
Standard security controls are generally effective against low-complexity threats, but often insufficient against advanced impersonation campaigns.
At this level, the critical question shifts from interface valuation to entity verification: Does the organisation genuinely exist, and who ultimately controls it?
Diligencia’s online platform – ClarifiedBy – addresses this through:
- Entity verification
Verification that an entity does exist through official corporate registries, and confirmation of registered addresses and jurisdiction of incorporation. - Operational verification
Confirmation of the legal form and business activities through official records. - Ultimate beneficial ownership (UBO) analysis
Identification of the individuals or entities behind corporate structures, and the jurisdictions involved in the ownership chain.
- Compliance screening
Screening to determine whether an individual or organisation appears on global sanctions lists or is referenced in adverse media.
Conclusion: Strengthening business integrity
In an era of AI-accelerated fraud, the principle of "trust but verify" is no longer a viable strategy. Verification must precede engagement, particularly in B2B contexts.
As AI continues to enhance the scale and credibility of impersonation attacks, organisations must adopt a more rigorous approach – grounded in structural verification and informed risk assessment.
Integrating comprehensive due diligence into standard operating procedures is essential to safeguarding both supply chain integrity and organisational reputation.
Verify your next partner, client, supplier or service provider via ClarifiedBy today.
About the author
Anass Bourasse, Data Acquisition Manager
Anass is a member of Diligencia’s data acquisition team, bringing 9 years of experience across business analysis, data engineering, and data acquisition. He specialises in transforming complex data into impactful information.
Diligencia helps customers from around the world to find essential information on organisations registered in Africa and the wider Middle East, drawing on primary sources that are otherwise hard to find. Using our curated data, we enable our clients to effectively manage their compliance obligations, allowing them to continuously monitor their suppliers and counterparty risks in the MEA region.
Footnotes:
1. https://who.is/
2. https://www.microsoft.com/en-gb/security/business/security-101/what-is-business-email-compromise-bec