All insights
SecuritySmall BusinessWatch Out

AI Voice Scams Are Hitting Small Shops Now: A 5-Minute Defence

Jesse Burcsik·June 27, 2026·2 min read

Here's one that's scary precisely because it's cheap to pull off: a scammer clones a familiar voice (your boss, a supplier, a board chair) from a few seconds of public audio, then calls to push through an "urgent" payment or password reset. It used to be a big-company problem. It isn't anymore.

What's happening

The tools to fake a convincing voice went free and easy this year, and the FTC has been warning about voice-cloning scams as they spread. That drops the effort per target low enough that small businesses, clinics, and nonprofits are now worth a scammer's time. The tell isn't the voice. The voice is good. The tell is the pressure: urgency, secrecy, and a change to how money or access normally moves.

The 5-minute defence

  • Set one code word. Anyone authorising a payment or credential change over the phone has to say it. No word, no action. Free, and it beats the fanciest detection tool.
  • Make "I'll call you back" the default. Hang up, dial the number you already have on file, never the one they give you. A real request survives a callback. A scam usually doesn't.
  • Tell the newest person first. Scammers target whoever's least likely to push back. Your part-time bookkeeper needs this more than you do.

The bigger picture

You don't need to out-tech the attackers. You need one boring human habit that AI can't fake its way around. That's the theme for small orgs right now: the cheapest defence is often a rule, not a product. Spend the five minutes this week.

Like this? Let's put it to work.

We help small teams turn ideas like these into working systems, no six-month roadmap required.