For years, scam calls followed a familiar pattern: robotic voices, awkward phrasing, poor audio quality, or callers who immediately sounded suspicious.
That is changing quickly.
AI-generated voice technology now allows scammers to sound calm, convincing and completely human. In some cases, they can even imitate the voice of a colleague, family member or senior executive. For businesses and individuals alike, this makes voice scams far more difficult to recognise – and potentially far more dangerous.
An AI voice scam uses artificial intelligence to create realistic speech that sounds like a genuine person. Scammers can use this technology in several ways:
Generating human-like “support” or “bank” calls
Cloning somebody’s voice using audio taken from social media or videos
Creating fake emergency calls designed to pressure victims into acting quickly
Automating scam calls at scale while still sounding believable
The technology itself is not inherently malicious. AI voice tools are increasingly used legitimately for accessibility, customer service and content creation. The problem is that criminals are now using the same technology to make scams far more convincing.
Traditional scam warning signs are becoming less reliable.
Many people still assume scam callers will sound robotic, foreign, hesitant or obviously scripted. Modern AI voice tools can remove many of those clues entirely.
Scammers are also extremely good at creating pressure and urgency. Common tactics include:
Claiming your bank account is under attack
Pretending to be IT support
Asking you to approve a login or share a code
Requesting remote access to your computer
Claiming a family member is in trouble
Posing as a supplier or senior manager requesting payment
The goal is usually the same: to get you to act before you stop and think.
While consumers are often discussed in the media, businesses are also at risk – particularly smaller organisations without formal verification procedures.
We are seeing increasing concern around:
Fake supplier payment requests
Fraudulent “CEO” calls to finance teams
Helpdesk impersonation attempts
Calls designed to steal Microsoft 365 login details
Social engineering attacks targeting remote workers
AI voice technology makes these attacks more believable because the caller may sound confident, natural and familiar.
The good news is that most scams still rely on human reaction rather than technical sophistication. A few sensible habits can dramatically reduce the risk.
If somebody contacts you unexpectedly about:
passwords
payments
bank accounts
remote access
MFA codes
sensitive information
pause before taking any action.
Even if the caller sounds genuine, professional or familiar, verification matters more than appearance.
One of the safest things you can do is end the call and contact the organisation yourself using official contact details.
Do not rely on:
caller ID
phone numbers given during the call
links sent by text or email
numbers suggested by the caller
These can all be spoofed or fabricated.
Businesses should have simple procedures for:
payment approvals
supplier bank detail changes
password resets
remote access requests
urgent financial requests from senior staff
A quick secondary check via Teams, email or a known phone number can prevent a costly mistake.
Cybersecurity awareness is no longer just about suspicious emails. Staff should understand that scam calls can now sound entirely genuine.
Short, practical guidance is often more effective than technical training. People need to know:
what modern scams look like
how pressure tactics work
when to slow down and verify
AI voice technology is improving rapidly, becoming cheaper and more accessible every year. Unfortunately, that means scams will continue evolving too.
The key takeaway is simple: trust processes, not voices.
A caller sounding convincing is no longer proof that they are legitimate.
For smaller businesses, the biggest risk is often assuming they are “too small” to be targeted. In reality, SMEs are frequently seen as easier targets because processes are less formal and staff are used to handling multiple responsibilities quickly.
Simple safeguards – staff awareness, verification procedures and sensible cybersecurity practices – can make a significant difference without creating unnecessary complexity.