Deepfake Fraud: How to Protect Your Business from AI Voice and Video Scams
AI voice and video deepfakes now drive multimillion-dollar business fraud. Here's how the scams work — and the layered verification controls that actually stop them.

In early 2024, a finance employee at the engineering firm Arup joined what looked like a routine video call. The company's chief financial officer was on screen. So were several colleagues. Everyone looked and sounded exactly as they should. Over the course of the meeting, the employee was instructed to process a series of urgent, confidential transfers — and did. Fifteen transactions totalling roughly US$25.6 million left the company in a single day. Every person on that call except the victim was a deepfake. The fraud was only discovered when the employee later checked in with a real executive who knew nothing about the meeting.
The Arup case is no longer an outlier — it is the template. Deepfake-enabled fraud has moved from a novelty to a line item on the corporate risk register, and 2026 is the year it becomes something every business, not just multinationals, has to plan for. This guide explains how these attacks actually work, why they are suddenly so cheap to run, and — most importantly — the concrete controls that stop them.
How big is the deepfake fraud threat?
The numbers have gone vertical. Deepfake-driven fraud losses in the United States reached an estimated US$1.1 billion in 2025 — roughly triple the previous year. Deloitte projects that generative-AI-enabled fraud will grow to US$40 billion by 2027, up from about $12 billion in 2023, a compound annual growth rate near 32%.
What changed is not the ambition of criminals but the price of the tools. A convincing voice clone can now be built from as little as three seconds of audio at around 85% likeness, and the software to do it costs in the low three figures. Material that three years ago required a specialist can today be assembled by anyone with a laptop in an afternoon — and executives leave plenty of raw material lying around in earnings calls, conference talks, podcasts, and webinars.
The result is an attack that is simultaneously high-value and low-effort. That combination is why deepfake fraud is scaling faster than almost any other category of business crime.
How deepfake business scams actually work
Most successful attacks are not a single magic video. They are a social-engineering play in which the deepfake is one component, layered on top of ordinary reconnaissance and phishing. Three patterns dominate.
1. The CEO/CFO voice call (vishing)
An employee in finance or payroll receives a phone call from a cloned executive voice — often preceded by a legitimate-looking email to set the stage. The voice is urgent, authoritative, and asks for a wire, a gift-card purchase, or a change to vendor bank details. Because the voice is right, the usual instinct to double-check evaporates.
2. The live video-conference deepfake
This is the Arup model. The attacker stages a video meeting populated with real-time deepfake avatars of leadership. Seeing multiple trusted faces agree on a request is enormously persuasive — it defeats the "I'll just confirm with someone else" instinct because everyone the victim would confirm with is apparently already in the room.
3. The vendor / invoice hybrid
Here the deepfake impersonates a supplier or partner rather than an internal executive, "confirming" over a call that new payment details are legitimate. It weaponises business-email-compromise (BEC) — a threat companies already know — by adding a voice or face that clears the last hurdle of doubt.
In every version, the deepfake's job is the same: to short-circuit the moment of verification. The defence, therefore, is not to become better at spotting fakes with the naked eye — that battle is already lost — but to build a process where a convincing face or voice is never sufficient on its own to move money or data.
The red flags every employee should know
Deepfake fraud almost always rides on the same psychological levers. Train staff to treat any of these as a hard stop, regardless of who appears to be asking:
- Urgency and time pressure — "This has to happen in the next hour or we lose the deal."
- Secrecy — "Don't discuss this with anyone, it's confidential / regulatory / an acquisition."
- Unusual payment instructions — new beneficiary, changed bank details, an unfamiliar jurisdiction, or an odd payment method.
- A request to bypass the normal approval chain — pressure to skip the usual sign-offs "just this once."
- A channel switch — a request that suddenly moves from email to a call, or from a group chat to a private DM, to isolate the target.
The single most valuable habit you can build is cultural: it is always acceptable to pause and verify a payment request, even from the CEO. An organisation where employees fear a slow response more than they fear a fraud is an organisation optimised to be robbed.
The protection playbook: a layered defence
No single control stops deepfake fraud. What works is defence in depth — several independent layers, so that defeating one still leaves the attacker short. Below is a practical stack, ordered from highest-leverage to supporting.
1. Out-of-band verification for every sensitive request
Any request to move money, change bank details, or release sensitive data must be confirmed through a second, independent channel that the requester did not choose. If the request came by video call, the confirmation is a phone call to a known, pre-stored number — never a number supplied during the suspicious interaction. This one control would have stopped Arup.
2. Pre-agreed challenge phrases and code words
Give executives and finance teams a private challenge/response phrase that is never shared publicly or over the same channel as the request. A cloned voice cannot answer a question only the real person knows. Rotate these periodically.
3. Dual control and thresholds on payments
Remove the single approver. Require two authorised people to release any wire above a defined threshold, with the second approver mandated to perform the out-of-band check. Set hard limits that force additional sign-off as amounts rise. This turns a one-person mistake into a two-person conspiracy — a far higher bar.
4. Shrink the executive attack surface
Voice and face clones are only as good as their training data. Audit how much public audio and video of your key executives exists, and limit unnecessary exposure. You cannot eliminate it, but you can make high-fidelity cloning harder and buy your other controls more room.
5. Detection tooling and biometric liveness
A growing class of tools can join calls and flag synthetic participants in near real time, and identity-verification platforms increasingly combine biometric liveness checks, deepfake detection, and session-risk analysis. Vendors such as Reality Defender, Sensity, and Resemble AI operate in this space. Treat detection as a useful safety net — not the primary defence, since detection and generation are in a permanent arms race.
6. Risk-adaptive identity verification
For customer-facing and remote-onboarding flows, escalate checks in response to live risk signals — device anomalies, session inconsistencies, reused identities — rather than trusting a document or a face at face value.
7. Continuous training and simulated drills
Awareness sessions decay. Run periodic, realistic drills — including simulated deepfake voice or video requests — so staff practise the "pause and verify" response under pressure. The goal is muscle memory, not a slide deck.
8. A rehearsed incident-response plan
Assume one will eventually get through. Have a documented playbook: who to call at the bank to attempt a same-day recall, how to freeze internal approvals, when to notify law enforcement and regulators, and how to preserve evidence. In wire fraud, the first few hours decide whether the money is recoverable.
What the 2026 regulations do — and don't — cover
Regulators are responding. The EU AI Act's transparency provisions (Article 50) require that AI-generated or manipulated media — including deepfakes — be clearly labelled, with obligations phasing in through 2026. A number of US states have passed laws targeting malicious deepfakes, particularly around elections and non-consensual imagery.
But it is essential to understand the limit of this: labelling laws bind legitimate creators, not criminals. A fraudster running a CFO impersonation is already committing serious crimes and will not be adding a disclosure watermark. Compliance with transparency rules is necessary for your own AI use, but it is not a fraud control. The protection of your business rests on the process controls above, not on the expectation that attackers will follow the law.
A 30-day action plan
If you do nothing else, do these five things in the next month:
- Institute a mandatory call-back rule for any change to payment details or any wire above a set threshold, using pre-stored numbers only.
- Introduce dual authorisation on outbound payments and remove every single-approver path.
- Issue challenge phrases to executives and finance staff.
- Run one live drill — send a benign simulated "urgent CEO request" and measure who verifies versus who complies.
- Write and circulate a one-page incident-response card so anyone who suspects fraud knows exactly who to call first.
Frequently asked questions
Can you spot a deepfake by eye anymore?
Increasingly, no. Real-time video and voice fakes have crossed the threshold where casual visual inspection is unreliable. This is precisely why the defence has to be procedural — verification through independent channels — rather than perceptual.
Are small businesses actually targeted?
Yes. The collapse in tooling cost means attackers no longer need a nine-figure target to profit. Small and mid-sized firms are attractive precisely because they often lack dual-control payment processes.
Is detection software enough on its own?
No. Detection is a valuable layer but sits in an arms race with generation. Use it to catch what it can, and rely on process controls — call-backs, dual control, challenge phrases — as the controls that do not degrade when the fakes improve.
The bottom line
Deepfake fraud is not primarily a technology problem you can buy your way out of — it is a verification problem. The attackers' entire strategy is to make a request feel so authentic that no one checks. Every effective defence, from call-back rules to dual control to challenge phrases, does the same thing: it makes a convincing face or voice insufficient, on its own, to cause harm. Build that principle into your payment and data processes now, while it is a policy decision — not after it becomes an incident report.
Sources
- World Economic Forum — Lessons learned from a $25m deepfake attack (Arup)
- U.S. Bank — AI fraud: protecting your business from deepfake calls
- Deloitte Center for Financial Services — Generative AI and fraud loss projections
- European Commission — EU AI Act regulatory framework (Article 50 transparency)
Ready to leverage AI for your business?
Book a free strategy call — no strings attached.


