Finance and human resources departments are facing a sharp rise in AI-powered impersonation fraud, as cybercriminals use deepfake technology to pose as company executives and trick employees into handing over money or sensitive data. Cybercrime experts warn that these 'Boss Scam' attacks increasingly target HR, finance, and procurement teams-departments that control payroll, employee records, and vendor payments.
The fraud typically begins with a phone call, video message, or voice note that mimics a senior leader's tone and appearance. Attackers create a sense of urgency, directing staff to approve payments, change vendor bank details, or release confidential payroll information. For HR professionals, the risk extends to employee records and salary data, which can be weaponised for identity theft or sold on underground forums.
Remote and hybrid work arrangements have made these scams harder to detect. "In traditional office settings, employees could easily verify unusual requests by speaking directly with managers. However, in distributed workplaces, staff members often rely on emails, phone calls, messaging platforms and video conferences for approvals and decision making," said a senior police official. Without physical proximity, a familiar voice or face on a screen is no longer a reliable guarantee of identity.
Cybercrime authorities have urged companies to strengthen verification procedures for high-value transactions and sensitive requests. They recommend safeguards that include multi-person approvals, independent verification through separate communication channels, and mandatory callback procedures before processing payments or sharing confidential information. For HR managers seeking deeper preparation, the AI Learning Path for HR Managers offers training on navigating AI tools and securing workforce data.
As AI tools become more sophisticated and widely available, experts caution that organisations can no longer rely solely on familiar voices or faces to confirm identity. The threat is evolving, and so must the defences.
Why this matters for human resources professionals
HR teams hold the keys to some of the most sensitive information inside any organisation-employee Social Security numbers, bank details, health records, and performance data. A single successful scam can expose that entire storehouse. For HR leaders, the immediate step is to review and tighten approval workflows for any request involving personal data or payroll changes. Resources such as AI for Human Resources provide ongoing guidance on recognising and countering AI-driven threats. The cost of inaction is measured not just in dollars, but in the trust employees place in their company.
Your membership also unlocks:
