Business in times of AI-powered fraud, the collapse of business trust, and how to protect yourself before it’s too late.
A few weeks ago, I received several partnership offers through LinkedIn. One of them came from someone claiming to be a web agency founder. The proposal was professional, the project scope was interesting, and everything looked legitimate — until I asked one simple question.
What followed became one of the more revealing professional experiences I’ve had in recent years. Not because the scam was particularly sophisticated, but because of how easy it almost was to miss.
This article is for every small and mid-size business owner navigating a world where AI has made fraud cheaper, faster, and far more convincing than it used to be.
Governments have largely failed to regulate this space. That means the responsibility falls on us.
How the Business Talks Started
I am fairly active on LinkedIn — using it to engage with clients, fellow professionals, and potential collaborators. On June 8th, 2026, I received an email from an agency seeking a developer partner for one of their clients. The project involved designing and building a website with comprehensive SEO work to follow — for a medical company.
The proposal was structured for agencies rather than solo studios, which made sense at first glance. However, medical companies fall under very specific search engine rules — the YMYL (Your Money or Your Life) category — where Google and other engines apply strict quality standards to content. Generating medical articles with AI, or assigning SEO to someone without deep healthcare expertise, leads to demotions or complete deindexing. I explained this clearly and recommended a specialist from within the medical SEO field, while I could take the design and development. Otherwise I can’t accept the project.
The response was accommodating: “No problem — here is our full listing, see what suits you better.”
A large packet of project listings arrived. I spent two days reviewing everything, shortlisting what matched my capabilities, and preparing to respond with my availability.
Before I did any of that, I did what I always do when working with U.S. and EU-based companies: I verified who I was dealing with.
The Verification That Unraveled Everything
As an EU-registered business with strict compliance obligations, I request basic corporate identification from every partner before proceeding. This is not optional, and it is not personal — it is simply how responsible B2B business operates.
I asked for two things:
- State of incorporation
- State business entity ID (from the Secretary of State registration)
Both are public record. Any legitimately registered business can provide them in thirty seconds.
The response I got back was this:
"The agency is based in Washington, DC and incorporated in North Carolina. While we understand your verification process, most U.S. businesses primarily identify themselves using their EIN for tax purposes, and many business owners are not familiar with their state entity identification number without looking it up. At this stage, we do not feel the need to provide additional corporate registration information. Our business is properly registered and in good standing."Let that sink in. A business that claims to manage over 350 client relationships — a business actively soliciting new partnerships — does not feel the need to provide a publicly available registration number.
I checked the North Carolina business registry under both the agency name and every variation I could find.
Zero results.
At that point I also searched the name of the person who had been corresponding with me: Alexandra Spaulding, listed as Founder and Director.
Alexandra Spaulding is a fictional character. She is the iconic corporate villain from the CBS soap opera Guiding Light — a ruthless business magnate who spent decades manipulating companies and deceiving partners on daytime television.
Someone had built a fake business identity around a soap opera character and used it to solicit work from real professionals. Make it make sense. Why would anyone with half a brain use business villain name to commit business fraud?! Reason why I am writing about this is because in 20 years of my career this is first time I actually laughed so hard on attempt of business fraud. It’s funny.
The Act Falls Apart
I sent a clear, professional response:
"A State Business ID is a matter of public record. Refusing to provide standard, verifiable corporate identification is a major compliance failure. A routine check of the North Carolina registry confirms that no active legal entity exists under this name. As an EU-registered business, I enforce strict legal, compliance, and due diligence standards for all external partners. I do not enter into commercial agreements with unidentifiable or legally dissolved entities. Consider this matter closed."The reply came quickly:
"Sole proprietorship, under my full name. DBA is #####. We have well over 350 businesses in our CRM. No worries at all. Bye!"Notice the shift. In the first response, the agency was incorporated in North Carolina. After being caught with no registry presence, it became a sole proprietorship. These are mutually exclusive legal structures — you cannot be both. The story changed the moment the first version became indefensible.
The “350 businesses” claim appeared — still unverifiable, still impossible to cross-reference, still designed purely to create an impression of credibility. And the conversation ended with “Bye!” — not the closing of a professional who has moved on, but the exit of someone whose script had run out.
Why This Matters for Your Business
If you operate a B2B business — particularly in the EU — your legal exposure does not end at your own door. Working with an unregistered entity can pull your business into a B2C classification, which carries entirely different tax obligations, regulatory requirements, and administrative burdens. For a solo studio or small agency, that distinction can be financially significant.
Beyond the legal dimension, verification is how you confirm whether the person on the other side of the conversation is telling the truth. In this case, a single public records check revealed three contradictions, a fictional identity, and zero verifiable corporate presence.
The cost of that check was about ten minutes.
This incident is not isolated. It is part of a pattern.
The Broader Business Problem: AI and the Erosion of Trust
AI has dramatically lowered the barrier to entry for fraud. Emails that once required fluency, cultural context, and significant time investment can now be produced instantly, in any tone, at any scale. Scammers no longer need to be good writers, patient operators, or knowledgeable about the industries they’re targeting. They need a prompt and a target list.
What concerns me most is not the technology itself — I am a technologist, and I believe deeply in the value of progress. What concerns me is the absence of accountability. AI companies launched products with enormous disruptive potential into an unregulated public market, without meaningful collaboration with governments, without fraud prevention frameworks, and without any mechanism for liability when their tools are used for harm.
The numbers reflect this. Over $40 billion is lost to AI-enabled fraud globally every year. Fintech and enterprise companies lose an average of $600,000 per attack. The response from large organizations has been to purchase AI-powered fraud detection software — a market that, notably, the same AI companies are well positioned to supply.
We are living in a situation where the same industry that introduced the vulnerability is now selling the remedy.
Small and mid-size businesses cannot afford either the losses or the enterprise-grade defenses. What we can afford is knowledge.
Four Things to Train Your Eye to Spot
These are not advanced techniques. They are disciplined habits that take minutes to apply and can save you from significant damage.
- Always request formal identification.
Every business relationship should begin with mutual verification. If you are verifiable, expect the same in return. A registered business entity number, VAT number, or equivalent is public information. - Investigate names, claims, and websites independently.
Client lists, partner counts, and portfolio pages can all be fabricated with AI (in my case Alexandra used Claude to build herself a website and proposals). Look up the company in official registries. Search the founder’s name independently. A legitimate business of any meaningful size leaves a verifiable trail. - Watch for formatting inconsistencies in email responses.
When scammers operate at scale, they frequently paste AI-generated text into emails without adjusting for style. If your correspondence has been in one font or size and a response suddenly shifts — in typeface, color, or spacing — you are likely reading an AI-generated reply, copy-pasted without review. This is a significant tell. - Pay attention to how conversations end.
Professionals who decline to continue a business conversation do so professionally. Dismissive, abrupt, or oddly casual language at the close of a serious exchange — “No worries. Bye!” — is a behavioral signature. It appears when someone has dropped out of their script and is no longer performing the role they constructed.
What Was the Endgame?
Looking back at the full exchange, my best assessment is this: the goal was never the project.
The most likely objective was to get me onto a video call. Once there, the scammer would have what they actually came for — a live recording of my face, combined with whatever business information could be extracted through casual conversation: company name, registration details, banking institution…
With a face scan and a credible business profile, modern AI tools can generate convincing deepfake video, fabricate identity documents, and impersonate a person in further fraud operations — against banks, clients, or partner businesses. In more targeted attacks, this data is used to access business accounts directly, particularly where video-based identity verification is part of the security layer. This is where we are folks, criminals are trying to scan your face.
This is not a theoretical threat. Video call identity harvesting is an active and growing fraud method, and it disproportionately targets freelancers, studio owners, and small agencies — professionals who regularly take calls with new contacts as part of normal business development.
This is one of the reasons I do not engage in video meetings until a future partner or client is fully verified and confirmed. And when I do take video calls with new contacts, I deliberately use a low-resolution camera setup. If someone on the other side attempts to capture my likeness, they will not get a clean enough image to produce a usable deepfake. It is a small, simple adjustment that costs nothing and quietly removes a significant risk.
The sophistication of the setup in this case — a structured proposal, a full project listing, a two-day review period — was designed to build enough investment and rapport that a video call would feel like a natural next step, not a risk.
Verification ended it before we got there.
A Final Note
We are entering a period where trust in professional communication is under systemic pressure. Not because people are inherently dishonest, but because the tools to impersonate credibility have become widely available and essentially cost-free.
Governments will eventually move. Regulation will come. But it will arrive late, and in the meantime, the burden of protection falls on each of us individually.
The good news is that the fundamentals of due diligence have not changed. Ask for identification. Verify independently. Watch for inconsistency. Trust the process.
Alexandra Spaulding — the fictional one — spent decades on television building an empire through deception. The version that reached out to me lasted about three emails.
That is what verification is for.
This article was written to help small and mid-size business owners recognize and respond to AI-assisted fraud. If it was useful to you, share it with someone who might need it.
