Tag: Risk Management and Investigations

AI and fraud: What recent headlines mean for businesses

Posted on by Caitlin Duncan

Artificial intelligence (AI) promises efficiency, automation and transformative insights across industries. But alongside these benefits, fraudsters are increasingly leveraging AI’s power to craft highly convincing scams that can deceive individuals and businesses alike.

From deepfake impersonations of executives to AI generated phishing campaigns, recent headlines show that AI enabled fraud is no longer a distant threat, it’s an immediate and evolving challenge that organisations must understand and address.

AI as a catalyst for sophisticated fraud

Generative AI technologies, including large language models (LLMs), voice cloning and video synthesis, have dramatically lowered the barriers to creating realistic fraudulent content. While these tools are designed to enhance productivity, they also enable attackers to generate convincing illusions of legitimacy at scale. For example:

  • Deepfakes, AI generated video and voice impersonations, are now being used to pose as real people in business contexts, tricking victims into authorising sensitive actions or financial transfers.
  • AI assisted phishing and social engineering campaigns craft personalised messages that improve scam success rates.
  • Synthetic identities and fabricated documents are increasingly used in loan and account takeover fraud.

Several UK specific developments highlight how AI is shaping modern fraud threats:

Sharp increase in AI related fraud targeting UK businesses: A 2025 report from Experian found that over a third (35%) of UK businesses reported being targeted by AI related fraud, up significantly from the previous year. Techniques such as deepfakes, voice cloning, and synthetic identities are becoming more common in fraud attempts reported across sectors from retail banks to digital first retailers.

Identity fraud driven by AI tools: Data from Cifas shows that identity fraud cases have reached record levels, with criminals using AI enhanced methods to create fake identities and bypass verification systems. The National Fraud Database recorded more than 118,000 identity fraud cases in early 2025, with synthetic profiles and fabricated credentials playing a major role.

UK firms hit by large‑scale deepfake scams: British engineering giant Arup revealed that a deepfake video call led to a £20 million fraudulent transfer, where an employee was tricked into believing they were speaking to senior colleagues. This incident illustrates how convincingly AI can mimic voices and faces to bypass human checks.

Deepfakes used to exploit public trust: Trusted UK figures and brands are also being misused in scams. Deepfake videos featuring familiar TV doctors and public figures have been circulated on social media to promote bogus health products and investment schemes, eroding trust and confusing consumers.

Widespread consumer targeting: Research from TransUnion shows that a large majority of UK consumers (around 70%) have received scam messages appearing to come from trusted sources – with many believing these attempts involved AI generated voices or images – and impersonated brands like Royal Mail and Evri topping the list.

What these trends mean for UK businesses

Taken together, these developments send a clear message: AI enabled fraud is rapidly evolving, and UK businesses are increasingly in the crosshairs. This has several implications:

The scale and sophistication are growing

AI doesn’t just automate fraud, it enhances believability. Fraud attempts now leverage hyper realistic visuals, voices and messages that can pass manual scrutiny and bypass traditional rule-based fraud detection systems.

Human trust is a vulnerability

Deepfakes exploit human instincts: employees and customers often assume that talking to what appears to be a senior executive on video, or receiving a trusted brand’s message on social media, means the communication is legitimate. These trust shortcuts can now be weaponised at scale.

Traditional controls are less effective alone

Legacy approaches that rely on static rules, such as simple two factor authentication or manual identity checks, are less effective against synthetic identities and AI generated spoofing techniques. Modern fraud requires modern defences.

Practical steps UK businesses can take

To respond to the rise of AI enabled fraud, organisations should consider a multi-layered approach:

Detection

  • Adopt AI powered monitoring tools that analyse behavioural and contextual anomalies rather than purely signature-based detection.
  • Use Realtime analytics to flag unusual access patterns, transaction anomalies or communications inconsistencies.

Prevention

  • Educate staff on the nature of AI enabled scams, including examples of deepfake calls and advanced phishing.
  • Implement multifactor authentication, transaction thresholds and redundant verification for high-risk actions.

Response planning

  • Build incident response playbooks that anticipate AI enabled deception scenarios.
  • Establish clear escalation paths for suspected fraud, including legal and compliance involvement.

Strategic resilience

  • Periodically reassess fraud risk models to incorporate new threat vectors.
  • Collaborate with external specialists where needed to test controls and simulate advanced attack scenarios.

Staying ahead of AI-enabled fraud

AI is transforming both the opportunities and risks faced by businesses. As recent headlines make clear, fraudsters are rapidly embracing generative AI to make scams more believable, scalable and profitable. However, the same technological forces that enable this evolution also empower defenders: advanced detection tools, analytics and enhanced verification frameworks can help organisations stay ahead of these threats.

By monitoring emerging trends, investing in adaptive controls and educating teams, companies can turn awareness into action and safeguard themselves in an age of increasingly sophisticated deception.

ESA Risk investigations and enhanced due diligence

The illusion of legitimacy has never been easier to fake or more dangerous to ignore. Deepfake directors and AI-generated documents are not science fiction, they’re happening now.

If you’re unsure whether a document or company is real, or if you need help investigating a suspicious entity, our team is here to help.

For further details of these services or to instruct us on a matter, contact our Client Services team at advice@esarisk.com, on +44 (0)343 515 8686, or via our contact form.

How enhanced due diligence protects your business

Posted on by Caitlin Duncan

In a competitive global market, businesses increasingly face threats from financial crime, regulatory breaches, and reputational damage. Standard checks may tell you who a customer or partner is, but they rarely reveal the deeper risk profile, historical concerns or behaviours that could adversely affect your organisation.

Enhanced due diligence fills that gap. It is a more detailed form of investigation designed to uncover issues that could expose a business to financial loss, compliance penalties or reputational harm. enhanced due diligence supports better decision making by providing a complete picture of risk, enabling organisations to act with confidence and clarity.

What Is enhanced due diligence?

Enhanced due diligence goes well beyond basic identity verification or simple checks. It’s a detailed risk assessment process that helps you understand not just who you’re dealing with, but what risks they may pose – including legal, compliance, financial and reputational factors.

enhanced due diligence is especially valuable when your standard Know Your Customer (KYC), Anti-Money Laundering (AML) or compliance processes need to be strengthened, or when you encounter complex risk scenarios that warrant a more investigative approach. At ESA Risk, this means combining open-source intelligence, data analysis and expert human investigation to produce intelligence that informs and protects your organisation.

The following are key areas where enhanced due diligence provides deeper insight:

  • Complex ownership structures: Clarifying who truly controls a company or business arrangement.
  • Legal and regulatory history: Examining past litigation, regulatory interventions or sanctions exposure.
  • Financial anomalies: Identifying signs of fraud, money laundering or financial irregularity.
  • Reputational factors: Reviewing public record, adverse media or lifestyle discrepancies.

When enhanced due diligence is critical

Enhanced due diligence should be considered whenever a transaction, relationship or customer profile suggests a heightened level of risk that could negatively impact your business. Standard due diligence alone is often insufficient in these scenarios, as it may miss subtle indicators of risk or fail to assess the full scope of potential problems.

Enhanced due diligence is particularly important when dealing with:

  • Mergers and Acquisitions (M&A): Before committing to major transactions, you must understand risks that could affect valuation, compliance or integration.
  • Lending and financing decisions: Assessing borrowers and investment partners beyond surface level credit data.
  • Insolvency and corporate recovery: Tracing assets and uncovering possible misconduct, fraud or concealed liabilities.
  • Cross-border transactions: Managing differences in regulatory regimes, sanctions or challenge jurisdictions.
  • High value clients or sensitive contracts: Verifying credibility and legitimacy where business or reputational stakes are high.

Key risks addressed by enhanced due diligence

Enhanced due diligence is designed to uncover risk factors that standard checks would normally overlook. These risks can expose a business to legal action, regulatory fines, reputational damage or significant financial loss if not identified and addressed early.

A mature enhanced due diligence process looks at indicators such as:

  • Money laundering concerns and unusual financial activity.
  • Links to criminal activity, whether direct or indirect.
  • Insolvency issues that may indicate financial instability or distress.
  • Regulatory intervention or history of sanctions.
  • Suspected fraud or dubious investment behaviour.
  • Disqualified or problematic management histories.
  • Tax evasion, financial irregularity or multiple identities.
  • Political exposure or high-risk networks.
  • Litigation involvement or inconsistent income/lifestyle patterns.
  • Potential connections to illegal or terrorist financing.

Benefits of enhanced due diligence for Businesses

Conducting enhanced due diligence delivers benefits that extend far beyond merely avoiding risk. The process equips businesses with insights that inform strategic decisions while strengthening risk management frameworks. By understanding the true risk profile of clients, partners or counterparties, organisations can operate with greater confidence and resilience.

Key advantages include:

  • Protecting financial interests through early identification of damaging risk indicators.
  • Supporting regulatory compliance by meeting and exceeding AML, KYC and counter‑terrorist financing expectations.
  • Providing actionable intelligence that enhances decision making and strategic planning.
  • Safeguarding reputation by avoiding associations with individuals or entities with negative histories.
  • Reducing legal exposure by building a defensible audit trail of risk assessment.

How ESA Risk delivers enhanced due diligence

The value of enhanced due diligence lies not only in identifying risks but in delivering intelligence that you can act upon. At ESA Risk, we combine data driven research, deep web analytics and expert investigative resources to provide meaningful insights tailored to your needs. Our process includes:

  • An experienced investigative team capable of interpreting complex data and contextualising risk.
  • Advanced intelligence gathering using open-source and machine assisted tools.
  • Global research capability to assess risk across jurisdictions and corporate structures.
  • Clear, concise reporting that summarises findings in a decision ready format.

Through this approach, ESA Risk provides a scalable, flexible enhanced due diligence service designed to evolve with changes in your business, regulatory landscape and customer behaviours.

Enhanced due diligence is an indispensable part of modern risk management. By going deeper than standard checks, enhanced due diligence provides the context and confidence your business needs to protect its financial interests, its reputation and its people.

Protect your business, reputation and investments with ESA Risk

Whether you’re onboarding a new partner, evaluating an investment or assessing customer risk, enhanced due diligence is a vital part of any effective risk strategy. To learn how ESA Risk can help safeguard your business and provide actionable intelligence, contact our Client Services team today at advice@esarisk.com, on +44 (0)343 515 8686 or via our contact form

The new face of corporate fraud

Posted on by Caitlin Duncan

The digital transformation of business has unlocked unprecedented efficiencies, but it has also opened the door to sophisticated new forms of fraud.

Among the most concerning developments are the emergence of synthetic identities, deepfake corporate officers, and AI-generated document forgeries. Deceptions that are increasingly difficult to detect with traditional due diligence methods.

These developments are not theoretical. Investigations in jurisdictions around the world are now revealing how generative AI is being actively used to fabricate corporate actors, forge documents, and move illicit funds through legitimate-looking entities.

The rise of deepfake directors and synthetic ID fraud

In the past, fraudulent incorporations often relied on stolen or recycled identity documents. Today, malicious actors can use generative AI to fabricate entire identities, complete with hyper-realistic facial images, counterfeit passports, social media profiles, and digital footprints.

With minimal oversight in many corporate registries, these synthetic individuals are slipping through the cracks.

This creates a critical challenge for compliance teams and investigators: how do you verify an individual who doesn’t exist?

AI-powered document forgery

Just as deepfake technology enables false identities, AI tools are now being used to forge documents, from invoices and contracts to bank statements and audit letters, with alarming realism.

Where traditional fraud requires basic Photoshop skills or rudimentary manipulation, generative AI tools can now:

  • Recreate logos, watermarks, and signatures with high fidelity.
  • Mimic writing styles, layout consistency, and document metadata.
  • Generate false invoice histories that align with legitimate-looking supply chains.

These fake documents are often used to:

  • Support fraudulent loan or trade finance applications.
  • Validate fictitious revenue in accounting fraud schemes.
  • Obscure money laundering transactions via fake vendor invoices.

According to Experian’s UK Fraud and FinCrime Report 2025, 35% of UK businesses were targeted by AI-related fraud in Q1 2025 – up from 23% in the same period last year, a surge fuelled by increasingly sophisticated techniques, including deepfakes, identity theft, voice cloning, and synthetic identities.

Warning signs and red flags

While synthetic IDs and AI-generated documents are hard to detect, several forensic red flags can help:

For synthetic directors:

  • Inconsistent or missing public records of the individual.
  • Digital photos that lack EXIF metadata or show visual signs of AI rendering (e.g., asymmetrical eyes, blurred backgrounds).
  • No verifiable employment or education history.
  • Repetition of similar director names or details across unrelated entities.

For AI-generated documents:

  • Uniform pixel patterns under magnification (suggesting image-based generation).
  • Metadata inconsistencies or overwritten PDF/XMP fields.
  • Signatures that appear identical across multiple documents.
  • Too-perfect formatting or terminology mimicking templated contracts.

How to protect against AI-driven corporate fraud

As AI-driven corporate fraud evolves, businesses and investigators must adapt. Here are several actionable steps:

Enhance KYC/onboarding protocols: Introduce biometric verification, reverse-image search, and cross-referencing of director identities with reliable databases.

Deploy AI against AI: Use AI-based document forensic tools that detect synthetic generation patterns, inconsistencies in text generation, or cloned signatures.

Audit high-risk entities: Conduct periodic deep dives into entities showing abnormal transaction patterns, limited physical presence, or rapid incorporation behaviour.

Work with experts: Partner with investigative firms skilled in digital forensics and open-source intelligence (OSINT) to proactively identify emerging threats.

ESA Risk investigations and due diligence

The illusion of legitimacy has never been easier to fake, or more dangerous to ignore. Deepfake directors and AI-generated documents are not science fiction, they’re happening now.

If you’re unsure whether a document or company is real, or if you need help investigating a suspicious entity, our team is here to help.

For further details of these services or to instruct us on a matter, contact us at advice@esarisk.com, on +44 (0)343 515 8686, or via our contact form.

Deep dive for the answers you need
TAKE A DEEP DIVE
Or contact us on +44 (0)343 515 8686 or at advice@esarisk.com.

Deep dive for the
answers you need

Lawyers, accountants, advisors, investors, senior
management. You name them, we help them find the answers
they need. Ready to discover how we can help you?

Take a deep dive
Continue browsing