In February 2024, a finance employee at British engineering firm Arup joined what appeared to be a routine video call with the company’s CFO and several colleagues. Every face on the screen was real — or so it seemed. Over the course of the call, the employee authorised 15 transfers totalling $25.6 million. Every participant on that call was a deepfake. The real CFO knew nothing about it. (CNN, May 2024)
This was not an isolated event. In early 2025, scammers used AI-cloned audio of Italian Defence Minister Guido Crosetto to call some of Italy’s most prominent business figures — Giorgio Armani, former Inter Milan owner Massimo Moratti, and members of the Beretta family — requesting €1 million transfers to a Hong Kong account, supposedly to free kidnapped journalists. At least one victim complied before authorities froze the funds. (Euronews, February 2025)
That same year, WPP — the world’s largest advertising group — disclosed that attackers created a WhatsApp account using CEO Mark Read’s photo, then staged a Microsoft Teams meeting using AI-generated audio and YouTube footage to impersonate him. The attempt failed only because the targeted executive recognised something was off. (OECD.AI incident report) The corporate exposure that makes executives vulnerable to synthetic impersonation is part of a wider pattern covered in our Corporate Digital Footprint hub.
These are not edge cases. Europol’s 2025 Internet Organised Crime Threat Assessment (IOCTA) identifies AI-generated synthetic media as a growing tool in business fraud, noting that voice deepfakes are now routinely used in business email compromise schemes.
The financial scale is accelerating. Deepfake fraud drained an estimated $1.1 billion from US corporate accounts in 2025 — triple the $360 million recorded the year before. (Keepnet Labs, 2026)
Executives are disproportionately targeted because their voices and faces are publicly available — from earnings calls, conference keynotes, media interviews, and LinkedIn profiles — the same reconnaissance surfaces our Executive Exposure Checklist asks you to audit. That public visibility is exactly what makes impersonation viable.
How Little It Takes
The barrier to creating a convincing voice clone has collapsed.
Research presented at IEEE S&P 2025 by Zhejiang University demonstrated that a single stolen utterance — one sentence — is enough to produce a voice clone that deceives both human listeners and automated voice authentication systems. The attack success rate exceeded 80 per cent. Human listeners performed no better than random guessing when trying to distinguish the clone from the real voice.
Commercial tools have made this accessible. Platforms such as ElevenLabs can produce a functional voice clone from three to ten seconds of clean audio, capturing not just pitch and accent but pacing, emotional tone, and breathing patterns. (Fortune, December 2025)
Video deepfakes require slightly more material — typically several minutes of footage — but that material is increasingly easy to obtain. A single conference keynote or investor presentation provides enough training data. Open-source tools like DeepFaceLab, which claims over 95 per cent market share in deepfake video creation, are freely available and require no specialised expertise.
For context: the Biden robocall deepfake used in the 2024 US primary cost approximately $1 and took under 20 minutes to produce. The Arup attack, which extracted $25.6 million, likely required a comparable investment in time and money.
Deepfake-as-a-service platforms emerged widely in 2025, offering voice cloning, face-swap video, and persona simulation as packaged products with pricing starting from as little as $5. (Cyble, 2025)
Why Detection Is Getting Harder
There is an uncomfortable truth about deepfake detection: it is an arms race, and defenders are losing ground.
Human detection rates for high-quality video deepfakes have fallen to 24.5 per cent. In a 2025 study by iProov, only 0.1 per cent of participants correctly identified all fake and real media samples. Sixty-eight per cent of current deepfakes are classified as “nearly indistinguishable from genuine media.” (Keepnet Labs / iProov, 2026)
AI-powered detection tools face their own limitations. Lab-tested tools show strong performance in controlled conditions, but effectiveness drops 45 to 50 per cent when applied to real-world deepfakes — where lighting, compression, and encoding introduce noise that confounds algorithmic analysis.
Siwei Lyu, a leading deepfake researcher at the University at Buffalo, has stated plainly: “Simply looking harder at pixels will no longer be adequate.” The perceptual gap between synthetic and authentic media continues to narrow, and detection methods that worked in 2023 are already unreliable in 2026. (Fortune, December 2025)
This does not mean detection is useless. It means detection alone is insufficient. Visual artefacts — inconsistent ear geometry, unnatural teeth rendering, lighting mismatches on skin — still catch lower-quality fakes. Audio deepfakes sometimes lack natural breathing patterns or micro-pauses. But relying on these tells is like relying on typos to catch phishing emails: it works until it does not.
The more reliable defences are procedural, not perceptual.
Organisational Defences That Actually Work
The most effective protection against deepfake fraud is not a detection tool. It is a verification protocol that removes the possibility of a single point of failure.
Multi-channel verification. Any request involving financial transactions, credential changes, or sensitive data should be confirmed through at least two independent channels. If a request arrives via video call, verify it through an encrypted messaging app or a callback to a known number. If it arrives by voice, confirm by email. The principle is simple: never trust the channel that delivered the request to also verify it.
Callback protocols. Implement mandatory callback verification for transactions above a defined threshold. The callback must use a pre-registered number — not a number provided during the suspicious interaction. This single measure would have prevented the Arup loss.
Time delays. Many deepfake attacks exploit urgency. Mandatory waiting periods of even 15 to 30 minutes for high-value transactions allow employees to step back, consult colleagues, and verify through alternative channels. The Italy Crosetto attack relied entirely on urgency — the supposed kidnapping demanded immediate action.
Safe words and challenge phrases. Establish pre-agreed verbal authentication codes for senior executives. These are shared only between specific individuals and changed regularly. If an executive cannot produce the correct safe word during a call, the call is treated as unverified regardless of how convincing the voice or video appears.
Role-based access controls. Limit the number of people who can authorise high-value transactions. If a deepfake successfully impersonates a CEO but the finance team requires dual authorisation from two named individuals using separate channels, the attack surface shrinks dramatically.
These measures are not exotic. They are the kind of procedural controls that already exist in banking and military communications. The gap is that 80 per cent of companies currently have no established protocols for handling deepfake-based attacks, and over 50 per cent of business leaders acknowledge their employees have received zero deepfake-specific training. (Keepnet Labs, 2026)
If your organisation lacks a structured protocol for verifying executive communications, a Corporate Audit includes an assessment of your current exposure to impersonation-based attacks.
Talk to an AnalystReducing Your Deepfake Surface
A deepfake is only as good as the source material it is trained on. Reducing the amount of publicly available audio and video of key executives directly reduces the quality and viability of any impersonation attempt.
Audit your public audio and video footprint. Earnings calls, conference recordings, podcast appearances, and media interviews are all training data. Assess what is publicly available and whether it needs to remain so. Archived recordings of events that have passed often serve no business purpose but remain indexed and downloadable.
Review LinkedIn and social media exposure. High-resolution profile photos provide face-swap source material. Video posts and audio clips on LinkedIn provide voice samples. Consider whether the visibility settings match the actual business need.
Establish an executive media policy. Determine which executives should have a public media presence and what the boundaries are. Not every board member needs a publicly available keynote recording. For those who do, consider whether recordings should be gated, watermarked, or time-limited.
Limit live video in unverified contexts. For high-stakes meetings with unfamiliar parties, consider whether video is necessary. A deepfake video call requires real-time rendering — removing the video element forces attackers to rely on voice-only clones, which are easier to verify through challenge-response protocols.
What a Deepfake Risk Assessment Covers
Understanding your exposure requires more than a policy review. A structured deepfake risk assessment examines:
- Voice sample availability: How many seconds or minutes of clean audio are publicly accessible for each key executive? From which sources? How easy are they to download?
- Image corpus analysis: What facial imagery exists across search engines, social platforms, corporate materials, and people-search profiles? Is the quality and variety sufficient for face-swap training?
- Impersonation viability scoring: Based on the available material, how feasible is a convincing real-time impersonation? What is the likely quality threshold an attacker could achieve?
- Verification gap assessment: Do current organisational procedures contain single points of failure that a successful impersonation could exploit?
This is the scope of the AI and Deepfake Impersonation Assessment — an add-on to The Shield, scoped and quoted separately at €900. Based on Shield findings, it maps how easily your voice, image, and identity could be synthetically replicated and where your organisational procedures are most vulnerable.
The Regulatory Direction
Legislators are catching up. The EU AI Act, which enters into force in August 2026, introduces specific transparency obligations for synthetic media under Article 50. Providers of AI systems that generate deepfakes must mark outputs in a machine-readable format as artificially generated. Deployers — anyone who uses an AI system to create a deepfake — must disclose that the content is synthetic.
The European Commission published the first draft of its Code of Practice on Transparency of AI-Generated Content in December 2025, with a final version expected by June 2026. It proposes a common icon that would allow viewers to identify AI-generated content at a glance.
On the technical side, the C2PA (Coalition for Content Provenance and Authenticity) standard provides cryptographic signing that records who created content, with what tool, and what edits were applied. CISA endorsed content credentials in a January 2025 advisory, recommending adoption by government agencies and critical infrastructure operators. Samsung’s Galaxy S25 became the first consumer smartphone to integrate C2PA signing directly into its camera app.
However, C2PA is a provenance standard, not a detection tool. It records the origin of content — it does not detect whether content is fake. A deepfake generated by an AI tool that implements C2PA will carry a valid manifest stating it was created by AI. The value lies in transparency, not authentication. (TrueScreen, 2026)
ENISA’s 2025 Threat Landscape report, based on analysis of 4,875 incidents, identifies the current period as the first in which AI fundamentally reshaped cyber threats, with over 80 per cent of phishing campaigns now using AI-generated or AI-enhanced content.
Regulation will help. But it will not stop an attacker on a fraudulent video call. That requires the procedural controls described above — implemented before the call happens.
What to Do Now
- Assess your exposure. Inventory publicly available audio, video, and imagery of your executive team. Understand what an attacker can work with.
- Implement verification protocols. Multi-channel confirmation, callback procedures, safe words, and mandatory time delays for financial transactions. Document these and train staff to follow them without exception.
- Reduce the attack surface. Remove unnecessary public recordings, tighten social media visibility settings, and establish an executive media policy.
- Test your defences. Run tabletop exercises simulating a deepfake impersonation attempt. Identify where your processes have single points of failure.
- Stay current. This threat evolves quarterly. What worked six months ago may already be insufficient.
If you want to understand how exposed your executive team is to synthetic impersonation, The Shield maps the full personal exposure surface. The AI and Deepfake Impersonation Assessment — available as a Shield add-on at €900 — evaluates how easily your voice, image, and identity could be replicated and what an attacker could do with the result.