Monday, June 8, 2026

The Useful Daily

AI news that actually helps your business

Home📰 Security
Scammers Found AI Before You Did. Visa's New Report Shows What They're Doing With It.

Scammers Found AI Before You Did. Visa's New Report Shows What They're Doing With It.

Visa detected $1 billion in scam transactions in the second half of 2025 alone. Social engineering powered by AI is now the top form of payment fraud. What does that mean for a small business owner? It means the threat isn't a hacker breaking into your system - it's someone tricking your employee into handing over access.

By Terry Blake · June 8, 2026 · 4 min read

There's a version of a scam story that feels far away. Some hackers in a warehouse overseas, sophisticated software, Fortune 500 targets. Nothing to do with the coffee shop you own or the HVAC company you run.

Visa's Spring 2026 Biannual Threats Report is not that story.

The card network detected $1 billion in scam transactions in the second half of 2025 alone. Scams - not data breaches, not card theft, not software exploits - are now "the single largest category of consumer payment fraud," according to Visa's own press release.

And the reason they've grown so fast is simple: AI.

What AI Scams Actually Look Like

The word "AI scam" might conjure some complicated image. The reality is much more familiar.

The fake invoice. You receive an email that looks exactly like one from a vendor you actually use. The logo is right. The email format is right. The only difference is the payment instructions, which now route to an account the scammer controls. AI makes these nearly indistinguishable from real vendor communication because it can generate fluent, professional text in seconds - and tailor it specifically to your business and your vendor relationships.

The fake emergency. Someone calls your office claiming to be your bank, your accountant, or a government agency. They know your name, your business name, maybe the last four digits of your account. They create urgency - your account is compromised, you owe a penalty, there's been suspicious activity. AI-generated voice can now mimic people you know with a small sample of audio.

The fake employee. A new hire receives an email from what appears to be the owner or a manager, asking them to move funds or share login credentials. The email is convincing, personalized, and comes during a busy moment. This is called a "business email compromise" - and it's the attack vector growing fastest.

Visa's chief risk officer Paul Fabara put it plainly: "Criminals are increasingly targeting people rather than technology, using deception, urgency and AI-enabled tools to exploit trust."

Why Small Businesses Are an Easier Target

Big companies have fraud teams. They have two-factor approvals for any wire over a certain threshold. They run regular phishing simulations so employees know what suspicious emails look like.

Most small businesses don't.

That doesn't mean you're defenseless - it just means the gap between what you're probably doing and what you should be doing is larger.

One person doing everything is a single point of failure. If you're the owner, the accountant, and the one who approves vendor payments, and someone tricks you - there's no second person to catch it.

Urgency is the attack. The reason AI scams work is that they create pressure. Your bank account is frozen. You owe the IRS by 5 PM. A vendor threatens to cancel your order unless you wire immediately. Slow down. Every legitimate urgent request will survive a 10-minute verification call.

A Few Things That Actually Help

Visa's report is clear that slow manual review processes are losing to AI-assisted attack cycles. You can't outpace every threat - but you can eliminate the easiest entry points.

Verify payment changes by phone, not email. If a vendor sends an email saying their banking details have changed, call them back on a number you already have - not one provided in the email. This single habit stops most payment redirect fraud.

Set a "pause and confirm" rule for any new payment over $X. Pick a threshold that makes sense for your business. Anything above it requires a verbal confirmation from a second person before it goes out. $500. $1,000. Whatever fits your operation.

Check your business accounts daily. The sooner you catch an unauthorized transaction, the more you can recover. Waiting until monthly statement review means losses can pile up for weeks.

Be suspicious of urgency. Legitimate banks don't demand you act within the hour. Legitimate vendors don't threaten to cancel contracts via email with no warning. If pressure is being applied to make you skip your normal process, that's the signal.

Global ransomware attacks jumped 26% from 2024 to 2025, according to Visa's report. AI-enabled financial scams grew 19.6% last year, with losses hitting $14.3 billion globally according to separate data from Nasdaq's Verafin unit.

The technology the scammers are using is getting better. The good news is that the defenses don't have to be complicated. They just have to actually exist.

Visa's full Spring 2026 Biannual Threats Report is available at investor.visa.com.

Terry Blake covers practical business tools and technology for small business owners at The Useful Daily.

Terry Blake owns a landscaping company in Charlotte with 15 employees. He was the last person to try AI. Now he writes about what actually works for people who aren't tech-savvy.

Are you overpaying for AI tools?

Most small businesses waste $150+/month on tools they don't need. Find out in 2 minutes.

Take the Free AI Audit →

Liked this? There's more where that came from.

Every Sunday we send the week's best AI tips for your business. Free. No spam. Ever.

← Back to all stories