How does a deepfake CEO or executive impersonation fraud work?
Deepfake CEO fraud uses AI-generated audio or video of an executive to instruct a finance employee to make an urgent wire transfer, bypassing the normal verification that would catch a text-only request.
Last reviewed: 10 June 2026
Explanation
Classic CEO fraud — an email or call impersonating a senior executive to authorise an urgent payment — predates AI. What AI voice and video synthesis adds is the ability to replicate the executive's actual voice convincingly enough that employees feel confident they are receiving a legitimate instruction in real time rather than reviewing a suspicious email.
A typical attack begins with reconnaissance: the attacker studies the target company's structure, identifies the finance employee with payment authority, and collects audio of the CEO from earnings calls, conference videos, or social media. A voice model is generated and used to call the finance employee, frequently with the real executive's number spoofed on caller ID. The instruction is urgent, confidential, and requests an international wire transfer.
Video call variants have also been reported in which a fraudster joins an online meeting appearing as an executive — using a pre-recorded or synthesised video feed — alongside real colleagues, making the request seem part of an official meeting. The employee, seeing a familiar face and hearing a familiar voice, confirms the transfer.
The fraud is particularly effective against organisations that have normalised remote working and video communication. Controls that prevent it are procedural rather than technological: all payment authorisations above a threshold require multi-party sign-off and a mandatory callback through an established internal channel — not a number provided during the suspicious call.
Common red flags
- An executive contacts you directly asking for urgent, confidential payment outside normal process
- The request bypasses the usual authorisation chain or accounting system
- You are told not to discuss the transfer with colleagues until it is complete
- The voice sounds like someone you know but the request is out of character
- The call number matches the executive but the conversation feels scripted or slightly off
- A video caller's lip movements or facial expressions seem slightly delayed or unnatural
What to do now
- Hang up and call the executive through an independently verified internal number
- Require multi-person approval for all transfers above a set threshold, regardless of who requests them
- Contact your bank immediately if a fraudulent transfer has been sent
- Report to your national cybercrime unit
- Review and tighten internal payment authorisation policies
- Train finance staff specifically on voice and video deepfake fraud scenarios
Frequently asked questions
Can I detect a deepfake voice on a phone call?
Real-time detection is difficult for untrained individuals. Procedural verification — calling back through a known number — is the reliable defence, not attempting to detect the technology itself.
Is video deepfake convincing enough to fool employees?
Increasingly yes, particularly for brief interactions like a one-minute meeting appearance. Quality varies widely, and subtle artefacts still exist, but procedural controls are more reliable than visual detection.
What is the difference between CEO fraud and BEC?
CEO fraud specifically involves impersonating a senior leader to request payments. BEC is broader and includes any business email compromise, such as supplier impersonation or invoice redirection.