FBI Warns of Surge in AI-Enhanced Business Email Compromise Targeting Cloud Platforms
The FBI issues an updated advisory warning that business email compromise attacks have evolved to exploit AI-generated voice and text impersonation alongside compromised Microsoft 365 and Google Workspace accounts, with losses exceeding $6 billion annually.
The FBI has issued an updated advisory warning that business email compromise (BEC) attacks have evolved significantly in 2025-2026, incorporating AI-generated voice and text impersonation alongside compromised cloud email accounts to steal billions of dollars from organizations worldwide.
The AI Enhancement
Traditional BEC attacks relied on email spoofing or compromised accounts to impersonate executives and request fraudulent wire transfers. The updated advisory describes a new generation of attacks that combine email compromise with AI-generated voice calls that convincingly impersonate the victim's colleagues, managers, or business partners. In documented cases, attackers used AI voice cloning to call accounting departments and confirm fraudulent wire transfer requests that arrived by email — creating a two-channel social engineering attack that bypasses the "call to confirm" verification step that many organizations have implemented as a BEC defense.
Cloud Platform Targeting
The advisory highlights Microsoft 365 and Google Workspace as primary targets, noting that attackers are increasingly using stolen or phished credentials to access cloud email accounts directly rather than spoofing email addresses. This approach is harder to detect because the fraudulent emails come from legitimate internal accounts and pass all authentication checks (SPF, DKIM, DMARC). The FBI reports that attackers often maintain access to compromised accounts for weeks, studying communication patterns and financial processes before executing the fraud.
Scale of Losses
The FBI's Internet Crime Complaint Center (IC3) reports that BEC losses exceeded $6 billion in 2025, making it the most financially damaging category of cybercrime — exceeding ransomware, which attracted more media attention but caused lower total losses. The advisory recommends organizations implement hardware-based multi-factor authentication for all email accounts, establish out-of-band verification procedures for financial transactions that cannot be bypassed by AI voice impersonation, and train employees to recognize the signs of AI-generated voice and text.
Related Articles
Cloudflare 2026 Threat Report: 230 Billion Daily Blocked Threats and the Rise of Credential Attacks
Cloudflare has published its inaugural annual threat report revealing the company blocks over 230 billion threats daily across 20% of global web traffic. DDoS attacks doubled year-over-year to 47.1 million incidents, with the largest reaching a record 31.4 Tbps, while bots now account for 94% of all login attempts.
HashiCorp Patches Consul Arbitrary File Read Vulnerability in Kubernetes Auth
HashiCorp has released emergency patches for Consul to address CVE-2026-2808, a medium-severity vulnerability allowing arbitrary file reads when Kubernetes authentication is enabled. The fix also adds HTTP server timeouts to prevent Slowloris denial-of-service attacks against Consul agent endpoints.
Let's Encrypt Now Issues Six-Day Certificates and IP Address Certificates via Certbot
Let's Encrypt and the EFF have announced support for six-day (160-hour) certificates and IP address certificates through Certbot 5.3 and 5.4. The ultra-short-lived certificates reduce the impact window of compromised keys by design, while IP address certificates enable HTTPS for services identified by address rather than hostname.