Expert Insights: From AI Scams to Check Fraud: Is Your Businesses Prepared for 2026?

Jon Stockton, SVP, Fraud Director, Columbia Bank

Fraud remains a significant concern for small and midsize businesses — from check scams to sophisticated social engineering tactics. With economic pressures and evolving fraud techniques, business owners need practical guidance to mitigate risk. 

In this Q&A, Jon Stockton shares what’s shaping today’s fraud environment, what to expect this year, and how businesses can better protect themselves.

Q: What types of fraud are most common right now?

We’re seeing both long standing and resurgent fraud tactics. Social engineering—including phishing emails and spoofed calls pretending to be your bank—remains widespread because fraudsters exploit human trust and urgency. Check fraud has also surged despite enhanced Postal Service security, with criminals finding ways to steal or duplicate mailed checks.

Digital scams, especially investment scams, have risen sharply. These often begin with random texts or messages, where fraudsters build trust over time before convincing victims to send money via cryptocurrency. Although these schemes may seem far fetched, they’ve led to billions in losses because they’re highly convincing.

Q: Are current economic pressures making people more vulnerable?

Yes. When consumers and businesses experience financial strain—whether from inflation, layoffs, or uncertainty—they may be more tempted by offers that promise quick financial relief. That’s why scams involving job offers, work from home schemes, unrealistic investments, or upfront fees tend to thrive during economic stress. Even experienced professionals can be more susceptible when under pressure.

Q: What are common misconceptions business owners have about fraud?

A major misconception is “that won’t happen to me.” In reality, any business can be targeted. Another misconception is that only owners or executives need to worry about fraud. Employees in accounting, operations or administrative roles are often the first to encounter suspicious emails or payment requests. Internal controls should reflect how people actually work and communicate.

Q: What should businesses be doing now to prepare?

Awareness and training are two of the most effective defenses. Start by identifying your highest risk areas and ensuring controls are in place for each. Foster a culture where employees feel comfortable reporting anything unusual without hesitation. And have a fraud response plan ready—knowing who to contact and what steps to take can significantly reduce damage when an incident occurs.

Also, practice a fraud scenario with your team to ensure best practices will be enacted as expected. For instance, if a team member were to receive an email from a vendor asking to pay an invoice to a new bank and/or account number, will they know to call the known number for the vendor to confirm the request?

Q: What fraud trends do you expect in 2026?

Technology enabled fraud is rising. While many schemes still rely on traditional tactics, fraudsters are increasingly using AI to scale their operations, making scams more convincing and harder to detect.

Deepfakes, advanced phishing, and automated social engineering are likely to become more common. Fraudsters also target situations where large amounts of money move quickly, such as new payment technologies or government programs.

Q: What is your advice for business owners as the year begins?

Don’t wait for fraud to happen before taking action. Assess your vulnerabilities, educate your team and strengthen internal processes. Fraud prevention isn’t just a technology issue — it’s a people and process issue. Being proactive will help you protect your business and respond quickly if something goes wrong.