On-Site Magazine

AI and social engineering fraud worrying Canadian companies

By Adam Freill   

Construction Leadership

KPMG in Canada survey finds more than nine in 10 Canadian companies victimized by fraud fear that AI-generated deepfakes will accelerate risks.


The rising popularity and frequency of AI-generated deepfake scams is keeping Canadian business leaders up at night. KPMG in Canada research indicates that nearly all organizations that have been defrauded are concerned that these new technologies could further increase the risk of fraud.

In a survey of 300 Canadian organizations victimized by fraud, 95 per cent of leaders said they are very concerned that the threat of deepfakes has increased the risk of fraud at their companies, with 91 per cent worried that generative AI will give criminals more opportunities to launch corporate misinformation and disinformation campaigns using deepfakes.

Top five most common fraud schemes. (CNW Group/KPMG LLP)

Nearly one third of organizations that have experienced external fraud have been the target of misinformation or disinformation campaigns (where outsiders spread false or misleading information on social media).

“Because fraud is rarely reported to the police, we wanted to speak to business owners and C-suite leaders across Canada to get a deeper understanding of how the evolving fraud landscape of new technology, a shifting economy, geopolitical tensions and remote work was giving perpetrators the opportunity, motivation and rationalization to commit fraud,” said Enzo Carlucci, national forensic leader at KPMG in Canada. “Respondents overwhelmingly told us the fraud landscape is becoming more complex.”


Almost 90 per cent of respondents saying that they had to “scramble or react quickly” to implement a robust fraud detection and prevention program due to a fraud incident, and more than 40 per cent admitted to currently experiencing a form of internal fraud, such as embezzlement, data or personally identifiable information (PII) theft, environmental, social and governance (ESG) fraud, or procurement fraud.

“As fraudsters are becoming increasingly sophisticated in their attack methods, it’s more and more challenging to deter criminals,” he says. “Organizations need to find new ways to strengthen their anti-fraud programs and stay one step ahead of scammers, or else they could be facing increased financial, legal, regulatory and reputational risks.”

Half of the companies included in the survey reported that their company lost between on and five per cent of their profits to fraud in the past 12 months.

“It’s not unusual for fraud to increase during a recession or times of economic uncertainty when people face financial difficulties, so the current environment could be driving some individuals to resort to committing fraud at work as an act of desperation,” stated Carlucci. “In the current economic environment, many companies are struggling to stay profitable, so any profits that are lost to fraud is too much.”

The most common types of external fraud schemes involve the use of manufactured or falsified information, often created or aided using technology. The top three scams reported by respondents include: payment fraud, where criminals use false or stolen payment information to make a purchase; misinformation or disinformation campaigns, such as malvertising or malicious advertising and deceptive editing (deepfakes) or missing content; and account takeover or synthetic identity (ID) fraud, where fraudsters use fake personas to gain access to accounts.

The most common types of internal fraud that respondents reported were: embezzlement; exaggerating, distorting, or embellishing environmental, social and governance (ESG) data; and theft of personally identifiable information (PII) or using PII to commit fraud.

The respondents said their company learned of the fraud primarily through internal audits, management reviews, whistleblowers and proactive monitoring.

The research finds that 77 per cent of companies have a fraud detection program. However, only about four in 10 call it “extremely effective.” When it comes to prevention, just over half say they have a fraud prevention program in place. Almost half say that they are actively using emerging technologies, such as AI, advanced data analytics, generative AI, automation and biometric verification to mitigate the risk of fraud.

“It’s encouraging to see organizations starting to use technology to deter fraud, but not enough of them are,” says Marilyn Abate, a partner in KPMG’s Forensic and Financial Crimes practice. “Companies need to use AI to fight AI. These tools are fast-becoming essentials in the fraud toolkit to prevent fraudsters from gaining the upper hand. But if you don’t perform regular fraud risk assessments to identify external and internal risks and vulnerabilities, you will always be at a disadvantage.”




Stories continue below