Recently, I read an article in Accountants Daily by journalist Emma Partis that genuinely stopped me in my tracks. Not because it was sensational, but because it highlighted a risk that is quietly accelerating while many business owners believe they are more protected than they actually are.
The article, “‘Stop, check, reject’: CommBank urges small business to avoid deepfake scams” (published 15 January 2026), explored new research from Commonwealth Bank into the growing use of AI-powered deepfakes in business scams. After reading it, I felt a strong responsibility to share the key messages with our clients – not to alarm you, but to ensure you are informed, vigilant, and better protected.
At Global Business Camps, we see our role going beyond just putting on events. It’s about helping SMEs safeguard the business you’ve worked so hard to build.
The confidence gap that scammers are exploiting
One of the most concerning findings from the CommBank research was this: small business owners are overconfident in their ability to detect deepfake scams.
On average, business owners surveyed believed they could recognise a deepfake scam – yet when tested, their accuracy was only 42 per cent.
In simple terms, many people think they would spot a scam, but more than half the time, they wouldn’t.
Only around four in ten small business owners were familiar with deepfake scams at all. At the same time, scammers are now using artificial intelligence to convincingly imitate:
- suppliers
- senior executives
- government officials
- even trusted personal contacts
This isn’t theoretical. It’s happening now, and it’s happening at scale.
How AI is changing the nature of fraud
As highlighted in the article, AI has dramatically increased both the sophistication and believability of scams.
According to David Coote, CommBank’s Queensland general manager of small business banking, businesses are now encountering:
- deepfake invoices
- highly realistic fake emails
- voice clones of senior executives
- payment change requests that appear completely legitimate
These scams are particularly dangerous because they target trust and urgency – two things that are part of everyday business operations.
Jon Soldan, CEO of payment fraud prevention firm Eftsure, reinforced this point in commentary referenced by Accountants Daily, noting that vendor and executive impersonation are among the most common tactics used to extract fraudulent payments, especially from accounts payable teams.
Email, as he pointed out, remains a major weak point. It’s widely used, convenient – and inherently insecure.
Why “busy” businesses are most at risk
One line from the article really stood out to me: even the most vigilant business owners can be caught off guard.
In our experience, this is particularly true for growing businesses. When things are moving fast, invoices are flowing, and teams are stretched, it becomes easier for a well-crafted scam to slip through.
The research found that while 41 per cent of small businesses were familiar with deepfake scams, only 55 per cent had verified supplier payment details in the past six months.
That gap between awareness and action is exactly where scammers operate.
‘Stop, check, reject’ – and go one step further
CommBank’s advice to Stop, Check and Reject is a strong foundation:
- Stop if something looks different or feels unusual
- Check payment changes using a verified phone number (not the one in the email)
- Reject anything that doesn’t feel right
From a GBC perspective, I’d encourage you to go one step further and treat this as a governance issue, not just an IT issue.
That means:
- having clear internal payment verification processes
- separating duties where possible
- training staff to question urgency and authority
- documenting how supplier changes are approved
- reviewing controls regularly, not “when something goes wrong”
Awareness is one of your strongest defences
As David Coote rightly said in the article, “The most important thing we can do is talk openly about these risks, because awareness is one of our strongest defences.”
That’s exactly why I’m sharing this with you.
AI is not inherently bad. We use it ourselves. But like any powerful tool, it can be misused – and right now, criminals are using it faster than many businesses are adapting.
A final word from us
At Global Business Camps, we are increasingly having conversations with clients about cyber risk, fraud prevention, and financial controls as part of broader business resilience.
If you’re unsure whether your current processes would stand up to a sophisticated impersonation attempt, that’s not a failure – it’s an opportunity to strengthen them.
If this article has raised questions for you, or you’d like help reviewing your payment controls or risk exposure, please reach out to your GBC. These conversations are far easier to have before a problem occurs.
Looking for solutions?
Click the link below to Register for our 3-day Camp from 1–3 March, 2027 to learn strategies to finally get your business under control.
https://globalbusinesscamps.com.au/camps-events/register-for-the-2027-camp/
Or if you are unsure, book a discovery call with John Tsoulos on (08) 8423 6177 to learn how this fantastic event could be just what you have been looking for.
Source acknowledgement
This article draws on reporting by Emma Partis, journalist at Accountants Daily and Accounting Times, from the article “‘Stop, check, reject’: CommBank urges small business to avoid deepfake scams”, published 15 January 2026. Emma Partis specialises in accounting, business, and financial services reporting.
