Corporate fraud: how AI is transforming attacks on SMEs and mid-market companies

Analyses

5 minutes

20 April 2026

Most frauds that work today no longer rely on a technical flaw, but on perfectly normal behavior within the company. Fraud is not a new phenomenon. However, its methods have evolved profoundly. 

Digitalization of processes, hyperconnectivity, dematerialization of exchanges... and above all, the democratization of artificial intelligence tools now accessible to everyone: fraud is entering a new era, more realistic, more contextual and more difficult to detect. In this context, SMEs and ETIs are on the front line. 

Not for lack of vigilance, but because fraud now infiltrates their daily practices: short circuits, reactivity, operational trust. What are the new forms of fraud? What are the concrete impacts for organizations? And above all, how to avoid blind spots between fraud insurance and cyber security?

An increase in fraud in a mature digital environment

For a long time, fraud relied on visible signals: inconsistencies, errors, unusual requests. This framework has become ineffective. Today, fraudsters are able to:

  • faithfully imitate human behaviors (writing style, tone, communication habits),
  • adapt to the specific context of the company (current project, financial closing, usual interlocutors),
  • industrialize attempts, without losing credibility.

On payment methods, the stakes are massive: in France, the annual amount of fraud has been stable since 2022 just below 1.2 billion euros, of which 32% are related to manipulation fraud (social engineering), totaling 382 million euros in 2024 (Banque de France). While the overall rate may seem limited in terms of flows, the impact is critical for the affected company: a single fraudulent transfer can be enough to trigger a cash flow crisis and multidimensional crisis management.

An image of cyber crime happening

AI, accelerator of social engineering

Artificial intelligence does not create fraud. It multiplies its efficiency. It allows for the production of messages:

  • linguistically impeccable,
  • credible over time,
  • highly contextualized.

The generated contents seamlessly integrate into the company's life: short messages, familiar tone, accurate references, coherent urgency. Authorities also observe this increase in malicious uses: ANSSI qualifies the cybercriminal ecosystem as one of the major threats to the national ecosystem, emphasizing the need to anticipate organized and opportunistic attackers.

Modern fraud no longer relies on error, but on credibility.

New forms of fraud encountered by SMEs and mid-sized companies

  • Highly credible written messages

    Perfect imitation of the style of a leader or partner, references to real cases.

  • Fraud to the president "new generation"

    Contextualized payment orders, without visible anomalies, increased hierarchical pressure.

  • Telephone and oral frauds

    Calls claiming to be from a leader, a supplier, or a banking partner are difficult to challenge "on the spot".

  • Fake suppliers very structured

    Exchanges spread over time, coherent documents, processes reconstructed from start to finish (quotes, invoices, reminders, change of bank details).

Aggravated consequences for the company

These new forms of fraud are particularly dangerous because they combine several aggravating factors:

  • a later detection, when the whole process seemed to comply with usual practices;
  • often higher amounts, linked to urgent, exceptional or repeated transfers;
  • a perceived claim experience as an internal failure, when it is actually an organizational and systemic risk;
  • a complex crisis management, involving financial, operational, managerial, and legal issues simultaneously.

On payment methods, the Observatory for the Security of Payment Means confirms the increasing role of fraud through manipulation (social engineering), now a significant factor in the observed amounts.

Accurately classify the fraud to activate the correct insurance.

The sophistication of the operating mode is not enough to determine the mobilizable guarantee. What matters is the technical scenario.

  • Fraud without intrusion into the information system
    Human manipulation only, without demonstrated compromise of the IS.
    It usually falls under fraud insurance.
    Examples: fake transfer order validated by a collaborator, identity theft without hacking.
  • Fraud with intrusion into the information system
    Email compromise, credential theft, fraudulent access, diversion after intrusion.
    Fraud becomes the consequence of a cyber incident, falling under cyber police.

The use of AI or advanced scenarios does not, in itself, change the insurance qualification. The key remains: intrusion or absence of intrusion.

Cyber plan

Insurance and prevention in the era of "increased" frauds.

An effective approach is based on a combination of prevention + risk transfer:

1. Structuring a coherent cover:

  • Fraud / Criminality Insurance
  • Cyber Insurance

2. Strengthen procedures without hindering activity.

  • Double validation outside of known channels,
  • Specific rules during sensitive periods (closing, holidays, changes in bank account numbers),
  • Targeted awareness of exposed functions,
  • Traceability of decisions.

3. Put insurance back in its proper place: Insurance is a last resort; it comes into play when controls have been bypassed... provided that the scenario is correctly qualified.

Cible attaque

Real situations: understanding the mechanisms behind modern fraud.

The message received by the employee perfectly followed the internal communication codes: same tone, same signature, same structure as usual exchanges. It referred to a very real file, currently being processed, using the same vocabulary as internally. No formal element (spelling, apparent sender, layout) allowed to identify an anomaly. 
Classic detection reflexes (mistakes, approximations, "strange" addresses) are no longer sufficient. Fraud now inserts itself into the normal practices of the company, without any visible break.

The request came at a sensitive time: financial closing, activity overload, contractual deadlines to meet. The amount requested was consistent with usual operations and the justification was perfectly credible from a business standpoint. The pressure was more on meeting the deadline than on the amount itself. Operational tension periods weaken validation processes. Fraud exploits moments where urgency outweighs caution.

The message precisely imitated the writing habits of the leader: short sentences, direct style, vocabulary familiar to the teams concerned. The emphasis on confidentiality and speed made any questioning delicate, especially since the request seemed to fit into a realistic strategic context. 
Hierarchy and the culture of "doing things quickly" become fraud levers. This is not an individual failure, but an organizational risk.

The fraudulent supplier had a credible website, well-developed commercial documents, and the ability to respond precisely to technical and operational questions. The exchanges were ongoing, with quotes, invoices, and follow-ups, giving the illusion of an established business relationship. Fraud is no longer necessarily a "one-time hit". It can become a constructed process, difficult to distinguish from a legitimate supplier relationship.

Fraud was only identified after several days, during a subsequent bank audit. In hindsight, the transaction appeared to be in line with internal practices and was validated according to existing procedures, which delayed any immediate response. The more credible the fraud, the later it is detected, greatly reducing the chances of recovering the funds.
 

The company believed it was covered by its cyber insurance. However, the analysis of the claim showed that there had been no intrusion into the information system, with the fraud relying solely on human manipulation. 
A misclassification of the risk can lead to a complete lack of compensation, despite a mistaken perception of adequate coverage.

Anticipating fraud, a governance choice

Corporate fraud has changed in nature. More credible, more contextual, more difficult to detect, it particularly exposes SMEs and ETIs. The issue is no longer just about whether the company is exposed, but how it is protected, and with what guarantees are truly mobilizable. Our support consists of:

  • analyze real fraud scenarios,
  • precisely qualify risks to avoid blind spots between fraud and cyber,
  • structure readable and coherent programs,
  • support companies before, during, and after the incident.

In a context where the sophistication of fraud is advancing faster than organizational reflexes, insurance clarity becomes a lever of financial protection in its own right. Being prepared for it is a governance choice.

Evaluate your fraud scenarios and clarify your fraud/cyber insurance program.

Get in touch by leaving a message below and we'll get back to you as soon as possible. Alternatively call us on: 01 55 32 72 00

Are you a:
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Linked articles