Information Security

A Familiar Voice Is No Longer Proof

Deepfake voice and video now approve real wire transfers, and CEO fraud reportedly hits about 400 companies a day. The fix is a control redesign, not software.

By Leon Soliman · 2026-06-25 · 2 min read

Your Controls Still Trust a Voice

Most payment-approval processes were designed around a simple assumption. A familiar voice on the phone, or a recognized face on a video call, was treated as proof that the request was real. For decades that assumption held, because faking either one was hard, slow, and expensive.

That is no longer true. A convincing voice clone can be built from a few seconds of audio your executives have already published in earnings calls, conference talks, and interviews. Real-time video deepfakes now pass through ordinary meeting tools. The control that protected your treasury was never the technology. It was the difficulty of impersonation, and that difficulty is gone.

The Attack Targets Process, Not Software

Executive impersonation now accounts for roughly a quarter of deepfake fraud losses, and the method is consistent. Someone in finance receives an urgent request that appears to come from a senior leader, sometimes during a live call where every face on screen is synthetic. The pressure is authority and time, not a broken firewall.

This is why detection tools alone do not solve it. The weakness is the workflow that lets one person move money on the strength of a recognized voice. In one case a finance employee released 25 million dollars across 15 separate transfers after a single faked video conference. No malware was involved. The process did exactly what it was built to do.

Rebuild Authorization Around Verification

The fix is organizational, and it is unglamorous. Payment authority should never rest on a voice or a face. Any transfer above a set threshold needs confirmation through a separate channel, a second approver who was not on the original call, and a known callback number that the requester never supplies.

None of this requires new software, and that is the point. It requires a written rule that holds under pressure, including when the person on the call sounds exactly like your chief executive. The companies that stay safe will be the ones that decided, in advance, that urgency is not a reason to skip a step.

Frequently asked questions

Can deepfake detection software stop this?

It helps, but it is not the primary control. Detection lags the tools used to create fakes, and it cannot run on every phone call. The reliable defense is a payment process that requires independent, out-of-band verification no matter how convincing the request sounds.

Is this only a risk for large corporations?

No. Mid-sized and family-owned companies are attractive targets precisely because they often have direct, trust-based approval between leaders and finance. A few seconds of an owner's public audio is enough to start, and smaller firms rarely have a formal response plan.

The voice you trust is now the easiest thing to fake. The companies that survive this will not be the ones with the best detection. They will be the ones whose people were allowed to slow down and verify, even when the boss was on the line.

Deepfake CEO Fraud Information Security Payment Fraud Risk Management Mittelstand