The barrier to executing sophisticated fraud operations has significantly decreased in recent years. Activities that once required considerable expertise and coordination can now be carried our rapidly and at scale through the use of artificial intelligence (AI).
Risk consultants and intelligence analysts are no longer just fighting human adversaries; they are defending against AI-enabled Tactics, Techniques, and Procedures (TTPs) – behavioural patterns, methods and specific tools used by cyber threat actors to plan and execute attacks.
These modern threat actors leverage TTPs, including Large Language Models (LLMs), to generate highly convincing communications, and generative technologies to replicate corporate assets and digital identities with near-perfect accuracy.
This “industrialisation of social engineering” allows scammers to create fraudulent business entities that appear indistinguishable from legitimate enterprises. For the B2B sector, the implications extend well beyond credential theft. Organisations now face heightened risks to supply chain integrity, counterparty authenticity, and overall institutional trust.
Table of contents
Anatomy of an attack: The 5-step lifecycle
Real-world cases
Key indicators of fraudulent activity
Foundational defensive measures
Limitations of conventional controls
Conclusion: Strengthening business integrity
While the objectives of fraud remain consistent, AI has significantly optimised execution. A typical attack lifecycle now includes:
AI-enabled cloning
Scammers systematically scrape and replicate a target organisation’s digital footprint, including websites, branding, and content structures. The resulting replicas are often indistinguishable from legitimate assets upon quick inspection.
Lookalike domains
Fraudulent domains are registered using minor variations in spelling or alternative domain extensions. These are frequently obscured through WHOIS privacy services.1
Traffic acquisition through manipulation
Rather than relying solely on email, attackers utilise SEO poisoning and paid advertising to position fraudulent sites prominently within search engine results, thereby establishing perceived legitimacy.
Data harvesting and reconnaissance
Beyond payment data, these platforms collect login credentials and organisational information, supporting broader Business Email Compromise (BEC) operations.2
Rapid extraction
The final phase is the rapid exfiltration of capital or sensitive intellectual property, often through automated channels, before the victim realises a breach has occurred.
The following cases, drawn from recent intelligence, demonstrate how these TTPs are being actively deployed across multiple sectors:
Government impersonationThis campaign targeted citizens via SMS messages purporting to relate to traffic fines. The associated websites closely replicated the official governments portal in multiple languages and functionality, enabling the capture of personal data. The system then generated fake fines and captured credit card data through a spoofed transaction interface.
Recruitment fraud
Fraudulent networks posing as legitimate employers conduct accelerated, AI-assisted hiring processes, including staged interviews. Victims are quickly “selected” and required to pay advanced fees for a work permit or administrative costs, while personal identification documents are collected at scale. As well as financial and emotional harm to the job seekers, the companies being impersonated face reputational damage.
Tourism and travel fraud
AI-driven lead generation is used to identify targets who are lured to attend promotional travel events with “free gifts.” After, an often aggressive, high-pressure sales presentation, victims pay for expensive, non-existent travel services. Following payment, these entities cease operations.
Business formation scams
In more severe cases, victims are persuaded to establish legal entities under the pretext of legitimate business activity. These entities are subsequently used for financial crime, while the registered directors, i.e., the victims, retain full liability.
Effective risk assessment requires looking beyond the surface to structural indicators, such as:
Despite increasing sophistication, core security practices remain highly effective and start with individual hygiene and rigorous verification standards:
Standard security controls are generally effective against low-complexity threats, but often insufficient against advanced impersonation campaigns.
At this level, the critical question shifts from interface valuation to entity verification: Does the organisation genuinely exist, and who ultimately controls it?
Diligencia’s online platform – ClarifiedBy – addresses this through:
In an era of AI-accelerated fraud, the principle of "trust but verify" is no longer a viable strategy. Verification must precede engagement, particularly in B2B contexts.
As AI continues to enhance the scale and credibility of impersonation attacks, organisations must adopt a more rigorous approach – grounded in structural verification and informed risk assessment.
Integrating comprehensive due diligence into standard operating procedures is essential to safeguarding both supply chain integrity and organisational reputation.
Verify your next partner, client, supplier or service provider via ClarifiedBy today.
About the author
Anass Bourasse, Data Acquisition Manager
Anass is a member of Diligencia’s data acquisition team, bringing 9 years of experience across business analysis, data engineering, and data acquisition. He specialises in transforming complex data into impactful information.
Diligencia helps customers from around the world to find essential information on organisations registered in Africa and the wider Middle East, drawing on primary sources that are otherwise hard to find. Using our curated data, we enable our clients to effectively manage their compliance obligations, allowing them to continuously monitor their suppliers and counterparty risks in the MEA region.
1. https://who.is/
2. https://www.microsoft.com/en-gb/security/business/security-101/what-is-business-email-compromise-bec