Social engineering has always been the art of exploiting trust. But when you add generative AI to it, you get something different. Attacks that once required a skilled fraudster, hours of research, and a lucky phone call can now be launched at scale with deepfake video, cloned voices, and hyper-personalized emails. All of which reference your real vendors, transactions, and executives.
This is AI social engineering, and it is already inside your payment workflows. This piece breaks down what it is, how it differs from what came before, what it looks like in practice, and what it actually takes to stop it.
What Is Social Engineering in the Context of AI?
Social engineering is the manipulation of human psychology to bypass security controls. This means there’s no need for malware or a system breach. You just need a convincing enough story, delivered to the right person, at the right moment. In the past, training programs, verification procedures, and a healthy dose of employee skepticism were enough to catch most attempts.
Generative AI changed the economics of that entirely. Today, tools like FraudGPT allow attackers to generate vendor emails that match a supplier’s exact writing style, reference open invoices, and mirror the communication style your finance team is familiar with. Voice cloning software can easily replicate an executive’s voice from just a few minutes of publicly available audio. And deepfake video is used in live video calls to impersonate CFOs and senior leadership in real time.
The target is now the person in your AP team with payment authority.
How Does AI Social Engineering Differ from Traditional Social Engineering?
Traditional social engineering was manual, low-volume, and relatively easy to catch. A generic phishing email and an odd payment request that didn’t match how your vendor usually communicates. Moreover, you could train your team to spot the signs, since they are usually there.
AI-powered social engineering operates on an entirely different level:
It Is Personalized at Scale
Today’s fraudsters don’t go about creating mass-blast emails hoping someone clicks. They now tailor the attacks to a specific target, referencing real vendors, transactions, and communication history that are pulled from compromised inboxes or public sources. One attacker can now run dozens of simultaneous campaigns, each one indistinguishable from legitimate business communication.
It Is Multi-Channel by Design
A spoofed vendor email is often followed by a voice call from someone who sounds exactly like your AP contact at that supplier. That call is also followed by a deepfake video conference with the executive who “approved” the request. Each channel reinforces the legitimacy of the last. By the time the payment is requested, it has been corroborated multiple times over.
It Is Patient
Attackers often spend weeks inside a compromised inbox before they act. They do this to learn the rhythm of your payment cycles. Also, to understand the relationships between people, and identify the exact moment when an unusual request will raise the least suspicion (it could be the end of the quarter, during a busy period, or when a key approver is traveling).
It Produces Technically Authorized Payments
This is the defining characteristic of AI-powered social engineering. Also, it remains a major reason why it’s difficult to catch with traditional controls. The payment clears every validation check because the person who approved it genuinely believed it was legitimate. There was no unauthorized access or system breach. Just a human being deceived into doing exactly what the attacker needed.
This is a pattern that plays out more often than most organizations realize, and it looks nothing like the fraud their controls were built to catch. This pattern aligns with the Trustmi 2026 Benchmark Report, which shows that 59% payment fraud attacks use two or more coordinated tactics to bypass finance and security. And of course, attackers always strike within normal business workflows.
Examples of AI Social Engineering
This is where it gets concrete. AI social engineering is happening now across industries, and the attack categories below are the ones appearing most frequently inside B2B payment workflows.
Deepfake Video
Deepfake technology allows attackers to generate a real-time video of a person. This includes replicating their face, voice, and mannerisms, convincingly enough to fool colleagues on a live call.
For instance, in 2024, employees at Arup, a UK-based engineering firm, were convinced to wire $25 million after joining what appeared to be a routine video call with the company’s CFO and several other senior colleagues. Every person on that call was a deepfake. No one in the meeting was who they appeared to be. The wire went through because the request was visually and verbally corroborated by people the employee recognized and trusted.
Phishing
Although it’s one of the oldest social engineering tactics, AI has made phishing almost unrecognizable compared to what it was a few years ago. Where traditional phishing relied on volume, AI-powered phishing is more precise and contextual.
With tools like FraudGPT, attackers generate emails that match a specific vendor’s writing style, reference real invoices that are currently open, use the correct internal terminology, and are timed to arrive when a payment is already expected. These emails bypass standard filters because they contain no malicious links.
In one documented case, attackers explored Microsoft’365’s own billing infrastructure to send phishing emails from legitimate Microsoft domains. Because the emails came from within the Microsoft ecosystem, they bypassed conventional security filters entirely. When targets tried verifying by calling back, they were routed to a fraudulent call center.
Voice Cloning
Voice cloning software can replicate a person’s voice with as little as a few seconds of source audio. Attackers use cloned voices to place calls to AP staff, leaving voicemails or engaging in live conversations that sound exactly like the CFO or a known vendor contact. The request is almost always urgent, confidential, and involves a payment. The employee has no reason to doubt what they are hearing.
Executive Impersonation via Email
Even without deepfakes or voice cloning, AI allows attackers to impersonate executives with a level of precision that was previously impossible at scale. By analyzing an executive’s writing style across emails, social media, and public communications, GenAI tools can produce messages that are virtually indistinguishable from the real thing.
The Trustmi 2025 Socially Engineered Fraud & Risk Report found that 1 in 3 fraud incidents exploited gaps between finance and security teams, contributing to single-attack losses ranging from $500K to over $1M. Those disconnects are exactly what AI-driven social engineering is built to identify and exploit.
How to Catch and Prevent AI Social Engineering Attempts
The uncomfortable truth is that training alone is not enough anymore. You can’t expect your team to out-detect a real-time deepfake or identify an AI-generated email that references their actual vendor relationships. Awareness still matters, but it won’t be the primary control.
Here is what actually gets the job done:
Know the Red Flag Trifecta
Urgency, secrecy, and a payment or banking detail change request. AI-powered attacks combine all three, often across multiple channels, to compress decision-making time and overwhelm judgment. When all three appear together, especially with a request to bypass normal approval steps, that is your sign to slow down.
Treat Out-of-Band Verification as a Starting Point
Callback procedures and bank validation checks were built for a different threat environment. Voice cloning means a live phone call to a known number is no longer a reliable verification method. These controls still have value, but they can’t be the last line of defense. Verification must be structured, documented, and routed through independently stored contact information — not the number included in the suspicious email.
Close the Finance-Security Gap
The Trustmi 2025 report found that siloed teams are dangerous combination with AI-powered soicially engineered fraud. 1 in 3 incidents (or near incidents) were tied to poor communication between finance and security teams. When finance and security operate with separate tools, visibility, and alert streams, attackers move freely in the space between them.
Fight AI with AI
The only scalable defense against AI-generated attacks is AI-powered detection. This includes behavioral analysis across email, vendor communications, and payment flows that surfaces anomalies no human reviewer would catch in time. When a banking detail change request arrives from a known vendor but deviates from established communication patterns, or when an invoice arrives outside that vendor’s typical billing cycle, the right system flags it before it ever becomes a payment.
See How AI Social Engineering Actually Works and How to Stop It
AI social engineering exploits how we are wired to respond to authority, urgency, and trust. Also, generative AI has made it easier than ever to trigger those responses at scale.
Trustmi brought in Dr. Jessica Barker, one of the world’s leading authorities on the psychology of cybersecurity to dig into this. In the webinar, she walks through the specific cognitive biases AI-powered attacks are designed to exploit, why experienced security professionals are not immune, and tips to build an organization that is harder to manipulate.
If you want a practical framework to go alongside it, the Guide to Eliminating Socially Engineered Fraud covers the controls and processes that back it up.
Behavioral AI-powered security
Protection on day one
10-15x ROI
