Warning: Deepfake CEO and executive video calls authorising fraudulent transfers
Finance staff are being targeted by video calls featuring convincing deepfake impersonations of their CEO or CFO, instructing them to authorise urgent fund transfers.
Incidents involving deepfake video calls targeting company finance and accounts-payable staff have been reported across multiple sectors. In this pattern, an employee receives what appears to be a legitimate video conference call featuring a realistic AI-generated likeness of their chief executive, chief financial officer, or another senior figure, along with possibly other convincing participants.
The 'executive' conveys urgency, confidentiality, and a plausible business reason — a merger, a regulatory payment, or a time-sensitive deal — before directing the employee to transfer funds to a specified account. Social engineering and the authority of the visual and audio deception are designed to suppress the normal approval process.
Organisations should establish out-of-band verification procedures for any payment instruction received via video call, regardless of how convincing the participants look or sound. A quick call to the real executive on a known number before acting can stop a transfer.
What to do
- Treat any video-call payment instruction as unverified until confirmed via a separate channel
- Call the executive back on a known, internal number before authorising any transfer
- Implement dual-authorisation for wire transfers above a set threshold
- Brief finance staff on this technique and make it safe to question urgent instructions
- Report suspected deepfake contact to your IT security team and national fraud service