The Rise of AI-Driven Cybercrime: What New Zealand Businesses Need to Know
Would you trust a call from your CFO? Cybercriminals are betting on it.
A familiar voice, a clear request, and an urgent payment to process—everything seems legitimate. But what if that voice wasn’t real? You approve the transaction, only to discover later that the call wasn’t from your CFO at all—it was a deepfake.
This might sound like science fiction, but it’s a reality businesses are already facing. In one famous case, a British design company ARUP fell victim to cybercriminals who used deepfake technology to impersonate the CFO on zoom. The criminals had stolen the CFO’s profile, studied his mannerisms, and used AI to create a realistic fake video. The elaborate scam unfolded over months, culminating in a fraudulent $25 million payment authorised by unsuspecting employees.
While this may seem like a high-stakes, international incident, it raises the question: how much of a risk is this for New Zealand businesses?
What Does This Mean for New Zealand Businesses?
To get a clearer picture, we spoke with Think Concept’s Senior Consultant Etienne de Villiers. According to Etienne, while deepfake scams on this scale are still rare, they represent just one facet of how artificial intelligence (AI) is transforming cybercrime.
“For smaller businesses in New Zealand, it’s not so much the multimillion-dollar deepfake scams we need to worry about—it’s more about the rise in AI-enhanced phishing and payment fraud,” says Etienne. “These scams are becoming more sophisticated and harder to spot. They often rely on urgency, tricking people into making mistakes before they have time to think.”
The Rise of Hyper-Personalised Threats
One of the most significant ways AI is impacting cybercrime is through phishing. By analysing publicly available data on platforms like LinkedIn or company websites, AI can craft emails that appear highly personalised. These emails mimic internal communications, often referencing real transactions or company details.
Etienne notes, “The days of poorly written phishing emails are behind us. AI is now generating messages that look professional and sound like they’re coming from someone you trust. It’s incredibly convincing.”
This hyper-personalisation, combined with tactics like urgency and emotional manipulation, is what makes AI-driven phishing so effective.
Deepfakes: A Growing Threat
Deepfake technology, while still resource-intensive, is advancing quickly. “It’s like a long game for cybercriminals,” Etienne explains. “They can study key decision-makers, collect voice samples, video footage, and over time, create fakes that even experts struggle to detect.”
While these attacks are typically targeted at larger organisations with high-value assets, they highlight how AI can amplify traditional scams. Even small businesses are vulnerable to simpler tactics that mimic this level of sophistication.
How to Protect Your Business
So, how can New Zealand businesses stay ahead of these evolving threats? Etienne emphasises that while AI-powered scams may seem daunting, the solutions often come down to strong protocols, employee awareness, and layered defences.
1. Reinforce Payment Protocols
Etienne suggests that businesses rethink how financial transactions are approved.
“Just like we’ve advised multi-factor authentication (MFA) for logging into accounts, you need MFA for payment processes,” he says. This can include:
Requiring two people to authorise payments above a certain amount.
Introducing a mandatory waiting period for urgent or same-day payments.
Using secret codewords or callbacks to confirm sensitive transactions.
“Ultimately, it’s about adding friction to prevent mistakes. These simple steps make it much harder for cybercriminals to succeed.”
2. Adopt Multi-Layered Security
To combat AI-driven cybercrime, a layered approach is essential:
Advanced email filters to detect and block phishing emails.
Endpoint protection tools to neutralise malware and ransomware threats.
Regular software updates to patch vulnerabilities before they can be exploited.
3. Educate and Empower Employees
Since many cyberattacks exploit human error, employee awareness is key. Regular training should focus on:
Recognising phishing attempts, including AI-enhanced scams.
Following cybersecurity best practices, such as using strong passwords and multi-factor authentication.
Questioning urgent or unusual requests, especially involving financial transactions.
“Cybersecurity isn’t just about technology—it’s about culture,” Etienne adds. “If your team understands the risks and knows what to look for, that’s half the battle won.”
4. Develop a Cybersecurity Governance Policy
A strong governance policy is the foundation of any cybersecurity strategy. Etienne recommends that businesses:
Establish clear protocols for handling financial transactions and detecting fraud.
Regularly review and update policies to address emerging threats.
Work with cybersecurity specialists to ensure all vulnerabilities are covered.
5. Leverage AI for Defence
Just as attackers are using AI, businesses can use it to strengthen their defences. A Security Operations Centre (SOC) combines AI-powered tools with expert oversight to:
Detect unusual patterns, such as unexpected logins or payment requests.
Monitor the dark web for stolen credentials.
Respond to threats in real time, minimising damage and downtime.
The Future of Cybersecurity
AI-driven cybercrime is here to stay, and it’s only going to become more sophisticated. However, businesses don’t need to face these challenges alone.
Etienne’s advice is clear: “Make it as difficult as possible for cybercriminals to succeed. Whether it’s locking down your online presence, strengthening payment protocols, or training your staff, the key is to create barriers at every level.”
At Think Concepts, we specialise in helping New Zealand businesses protect themselves with advanced cybersecurity solutions. Whether you’re looking to implement stronger protocols or invest in an SOC, we’re here to help.
Contact us today to learn how we can safeguard your business from the growing risks of AI-driven cybercrime.
