If your CEO calls asking you to wire money fast, pause. Scammers now clone voices so well that a quick phone call or voicemail can sound exactly like your boss. This isn’t sci‑fi; it’s the new face of Business Email Compromise (BEC), and it’s targeting small and midsize businesses across Columbus and Central Ohio.
What’s happening
- Criminals scrape short clips of a leader’s voice from social media, webinars, or podcasts.
- AI tools clone that voice in minutes.
- They call, text, or drop a voicemail: “I’m in a meeting. Urgent payment needed. Don’t loop in finance.”
- The goal? Rush an employee into sending money, gift cards, or sensitive data.
Why this is exploding now
- Voice cloning apps are cheap and easy to use.
- Remote and hybrid work means more approvals happen over phone and chat.
- SMBs often lack strict verification steps, making them prime targets.
Real-world tactics we’re seeing in Central Ohio
- “Vendor change” scams: A fake CEO approves switching a vendor’s bank account. Next invoice? Paid to the crook.
- “Emergency purchase” calls: Gift cards or crypto “to secure a deal.”
- “Private M&A” messages: Pressure to keep it secret, pushing staff to skip normal checks.
Red flags your team should memorize
- “Don’t tell anyone” or “Handle this quietly.”
- New payment instructions or bank accounts out of the blue.
- Rush language: “We’ll miss the deadline”, “This is on you”, or “I need this in 10 minutes.”
- Requests that move to personal phone, WhatsApp, or Telegram.
What to do if you get hit
- Freeze the transfer immediately; call your bank’s fraud team.
- Report to the FBI’s Internet Crime Complaint Center (IC3) within 24 hours—speed matters.
- Notify your insurer and legal counsel.
- Preserve voicemails, call logs, emails, and chat screenshots.
Make it local: Columbus playbook
- Brief your teams in finance, ops, and front desk.
- Coordinate with your bank’s local fraud contact.
- Check in with the Better Business Bureau of Central Ohio and the Columbus Chamber for current scam alerts.
- Review Ohio data and wire fraud reporting steps from the Ohio Attorney General’s office.
How a Managed Service Provider (MSP) can help right now
- Security awareness training tailored to voice and deepfake scams.
- Email/domain protection and payment workflow hardening.
- MFA and conditional access for accounting tools.
- Incident response runbooks that meet it compliance requirements.
- 24/7 monitoring from a managed service provider that understands cybersecurity for small business.
Bottom line: Voice cloning makes old scams terrifyingly convincing, but simple verification beats even the best fake. Build a culture where “stop and check” is encouraged and celebrated.
Need help hardening your process? Our Columbus team delivers practical IT services for SMBs, from policy setup to hands-on tools and training. If you want a fast assessment of your payment and approval workflows, we’re here. This is cybersecurity for smbs done right; local, accountable, and built for Central Ohio. Contact us.
