You can watch the full roundtable discussion on Zoom here.

This timely roundtable discussion explored a topic that is top of mind for many online retailers: how AI can both help and harm a business’s operations and reputation. Robb Baumann enumerated some of the present and future threats businesses face in this age of Artificial Intelligence tools:

Business invoice swapper: An AI tool can quickly identify messages that mention invoices or include attachments with payment details. A bot will intercept an outbound invoice before it is paid and alter payment details, and then resend the altered email, or forward it to a list of target contacts. If staff members of victimized companies do not thoroughly check invoices that appear familiar, and confirm bank detail changes, the payments can go directly into the bot’s account. This scam can happen in two ways. They can “spoof” an email address, which is relatively easy to catch if you check the email address properties. The scarier method is when they gain access to your email and resend it from your inbox, which is hard to detect. Potentially, this can be combined with a worm, such as the Morris II worm. A hacker could send out emails with a “zero click” attachment to key people in accounting at a company. If someone at the company has downloaded an AI Email organizing tool which reads, summarizes and processes inbound email, the AI Email tool might open the attachment to see what it is about, and expose that persons account. The hacker bot now has access to their inbox where it sits and waits for the user to send a legitimate email with a large invoice. The bot then copies that email, changes the account information on the invoice and resends the email from that users real email with a message something like “sorry, attached wrong file, please use this one.”

Phishing tools: AI can generate flawless phishing emails that copy your company’s communication style, and evade spam filters. If you get an email with an urgent wire transfer request, always verify it.

Morris II worm (zero click attack): Morris II is an emerging security risk. It is a highly effective AI-enhanced malware developed by researchers that is designed to exploit AI assistants, deceiving them into executing malicious commands. This can lead to widespread infection, as the self-replicating worm spreads throughout an interconnected system. As the use of AI-powered email assistants becomes more prevalent, the potential damage that a Morris II attack could do is concerning to many.

Voice replication: Deepfake voice generators can clone an executive’s voice so convincingly that they escape detection 50% of the time or more. This can be especially problematic when companies use voice as a password. Experts advise being wary of urgent financial requests received by phone.

ADA noncompliance lawsuits: There’s a new wave of accessibility lawsuits, with AI as the accelerant. With automated accessibility scanners, violations such as low color contrast and no support for keyboard-only navigation can be detected and complaints generated quickly and inexpensively. In 2025, 70% of accessibility lawsuits in the US targeted e-commerce sites. Consequences of these lawsuits include legal costs, lost revenue, and loss of customer trust.

Nathan Haack offered suggestion on what to do about ensuring ADA compliance:

  • Download the WAVE extension, which will allow you to evaluate web content for accessibility issues.

  • Test each type of page, and fix what you can see.

  • Lighthouse is an open-source, automated tool that can also audit the accessibility of web pages and generate reports

Both are tools that only catch 50% or less of potential accessibility issues. To go deeper, you can pay a remediation company a monthly fee to continually scan your website for accessibility issues. Haack mentioned digital A11Y. He noted that informational sites are at lower risk that e-commerce sites, but still recommended WAVE and Lighthouse testing. Final word: Perfect ADA compliance is undefined, and therefore unachievable.

Other Scams to Watch For:

Duping, or URL hijacking, of websites and “skimming” commissions is something every e-commerce business should be aware of if they using affiliate marketing, Robb Baumann notes. Affiliate marketing is a legitimate practice where individuals earn commissions by promoting a company’s products. The Amazon affiliate marketing program is a widely used affiliate marketing program that allows content creators to create unique trackable links. When a buyer makes a purchase using the affiliate link the content creator receives a commission. “Skimmers” can obtain unearned commissions by setting up a website nearly identical to a legitimate website and give it a name that can be mistaken for the legitimate name (for example, instead of AmericanMeadows.com, they might name it AmericanMeadow.com). They rip off all your website content so the sites look exactly the same then they get an affiliate link from Amazon and “catch” all the customers that accidentally end up on their site instead of yours. They then swap out the affiliate links, which redirects the commission to them when visitors land on the fake websites.

Malicious website cloning can also trick users into buying fake products, or be used for phishing, obtaining user passwords, and breaching accounts. Active monitoring of your domain and content can help to detect these fake websites. Be sure to regularly check for fake browser extensions.

AI Photomatching ability is leading to more photo stock claims. Unauthorized use of images result in demands for payment. This can occur even if the photos are no longer on the website!

Seeing is no longer believing.

  • Fake ids are very easy to create

  • AI romance scams appear across many platforms

  • AI tools can be used to generate fake receipts for expense reports.


    On the positive side

  • AI tools such as Gemini and Chat GPT can have benefits. They can be a leveling tool: Done right, all employees can have a reasonably competent, full-time assistant. The way to think of an AI assistant is as co-intelligence. Cautions: Training is necessary to learn how to detect AI errors. Also, AI style can become repetitive. It’s important to keep your unique “voice.”

  • AI meeting notes can be a time saver. Again, using AI as co-intelligence is key.

  • Chatbots are getting better

  • AI based data extraction and verification can boost efficiency.

  • Natural language coding is best used as a co-agent

List of Fact Check Resource