What is a deepfake CEO scam?

Key takeaways

• Deepfake CEO scams pair an AI-cloned voice (and increasingly video) of the executive with a pretexted urgent wire-transfer request to finance staff.
• The attack exploits the social and organizational structure that makes finance teams responsive to executive requests, not technical weakness.
• The Arup case (early 2024, $25M loss) demonstrated the upper limit; mid-market manufacturer events at smaller scale continue throughout 2024-2026.
• Defense is workflow design: a wire-transfer process that the CEO cannot override by voice or video, regardless of how convincing the request appears.
• ARG tests deepfake-CEO resilience during audits as part of the broader voice cloning fraud and vishing simulation.

How does a deepfake CEO scam unfold from setup to payout?

The attack follows a six-step pattern. Each step uses standard tradecraft; the AI components have lowered the cost without changing the structure.

1. Target selection. The attacker picks a manufacturer with visible payment volume and publicly available executive audio. Mid-market companies in the $10M to $500M revenue range fit the profile: large enough that a six-figure wire is routine, small enough that the verification workflow may be informal.

2. Reconnaissance. Public information gathered: executive bios, recent press releases, conference appearances, podcast guests, SEC filings, M&A activity, vendor relationships, conference travel. The reconnaissance feeds both the pretext design and the voice cloning audio collection. See What is OSINT (open-source intelligence)?.

3. Voice cloning. Public audio of the CEO is processed through a commercial or open-source cloning service. The clone is good enough for live conversation. Where video deepfakes are in scope, a similar process produces real-time video synthesis from photos and short video clips. See What is voice cloning fraud?.

4. Pretext construction. The pretext fits a current visible business event: a known acquisition discussion, a press release about an investment, a conference where the CEO is publicly scheduled. The pretext is calibrated to produce time pressure and to make the CFO or controller want to be helpful to the CEO.

5. Delivery. The attacker calls (or video-calls) the target with the cloned voice and pretexted scenario. Sometimes preceded or followed by a coordinated BEC email that reinforces the request. The cloned executive asks for an urgent wire transfer to a specified account.

6. Payout. The wire goes out. The funds move through one or more mule accounts within hours. Recovery probability drops sharply after 48 to 72 hours.

The attack is procedurally similar to traditional BEC plus vishing. The change is that the voice on the line is technically indistinguishable from the real CEO's voice. The recipient's instinct to verify by "well, that sounded like them" is no longer protective.

The role of LinkedIn, podcasts, and earnings calls in attacker preparation

Attacker preparation runs across three categories of public information.

Identity and relationships (primarily LinkedIn). Who the executives are, who reports to whom, who handles wire transfers, who handles vendor changes. The reporting structure tells the attacker who to call (the CFO or controller) and who to impersonate (the CEO or board chair). New finance hires (visible by short tenure on LinkedIn) are particularly attractive targets because their verification habits are not yet formed.

Voice and visual reference (primarily podcasts, earnings calls, conferences). Hours of audio and video that produce high-quality cloning. A CEO who is a regular industry podcast guest has 10+ hours of public audio. Earnings calls add more. Conference talks add video. Marketing video clips add both audio and visual reference.

Business context (primarily press, SEC filings, conference programs). What is happening at the company right now. An acquisition discussion, an investor meeting, a regulatory event, a customer escalation. The pretext fits the visible business context so the recipient does not question why this specific request is happening now.

The three categories together produce the attacker's complete picture: who to call, what voice to use, what to ask, and what context makes the ask credible. None of the categories require non-public information. The defender's footprint reduction (see What is digital footprint analysis?) can lower exposure but cannot eliminate it.

Why deepfake CEO scams target finance and AP teams specifically

Three structural reasons make finance and AP the dominant target.

1. Wire transfer authority. Finance and AP teams have the authority and the operational means to move money. A successful pretext drives an actual financial outcome.
2. Workflow tuned for responsiveness to executive requests. The CFO or controller is expected to respond quickly to CEO requests. The expectation is what attackers exploit; refusing to act on a CEO request feels insubordinate, even when verification is appropriate.
3. Time pressure is routine. Real wire transfers do happen on urgent timelines (closing deadlines, vendor commitments, customer requirements). The attacker's manufactured urgency fits the operational pattern; the finance team does not always distinguish manufactured urgency from real urgency.

The attack is not random; it is structurally aimed at the role that has both the means and the disposition to comply.

Defending against the attack means changing the role's disposition, not the role's authority. The CFO can still execute wire transfers; the workflow now requires verification regardless of who is asking and how urgent the request is.

Examples of deepfake CEO incidents and what they cost

The public record:

• Arup engineering firm (January 2024). Hong Kong finance employee duped into a series of wire transfers totaling $25M after a video conference call with what appeared to be the CFO and other colleagues. All participants except the victim were deepfakes. Loss: $25M, mostly unrecoverable. Lessons: video deepfakes are operationally viable; multi-person deepfake calls add conviction; even sophisticated employees can be fooled.
• UK energy CEO impersonation (March 2019). Early case. UK-based energy firm executive received cloned-voice call from "parent company CEO" requesting urgent $243K wire. Loss: $243K. Demonstrated voice cloning's corporate application years before broader awareness.
• WPP CEO targeted (2024). Attempted deepfake video call against a senior WPP executive. The attempt failed because the request did not match normal communication patterns and the executive followed up through a verified channel. Demonstrated that workflow controls produce protection.
• Ferrari executive targeted (2024). Cloned CEO voice used in vishing attempt against a senior executive. Recipient asked a verification question the cloned voice could not answer; the attempt failed. Demonstrated the value of pre-authorized challenge questions.
• Multiple mid-market manufacturer events (2024-2026). Steady cadence of deepfake-CEO scams at mid-market manufacturers. Most do not make public news; aggregate losses are material. Patterns include voice-only calls (lower production cost, still effective), voice plus video (higher cost, higher success), and voice plus reinforcing email.

The pattern across documented cases: where verification habits held, the attack failed; where they did not, large losses occurred. The differentiator is not the technology but the procedure.

How to design a wire-transfer process the CEO cannot override by voice

The defense is a wire-transfer workflow that does not depend on who is asking. Five design principles:

1. Two-person, out-of-band approval above threshold. Wires above a defined dollar amount ($10k to $25k is typical for mid-market) require approval from a second person via a different channel from the request. The CEO's voice on the phone does not satisfy the second approval.
2. Callback verification to a directory-sourced number. For any new payee, new bank account, or unusual request, the AP team ends the interaction and calls back the requester at a directory-sourced number. Numbers from caller-ID, email signatures, or supplied during the call do not count.
3. Pre-authorized challenge questions for high-risk roles. Executive-to-finance interactions include questions only the real person would know. The questions reference internal context not available publicly.
4. Workflow in the ERP, not in email or phone. Wire approval happens in the ERP system. Email requests are not actionable; phone requests are not actionable. The system of record is the only authorization path.
5. Removed social cost of refusing executive requests. The organization commits in writing: no employee is penalized for refusing to act on an unverified request from anyone, including the CEO. The commitment is reinforced by leadership in practice.

The design works because none of the controls depend on the recipient detecting the deepfake. The CFO can hear the CEO's voice clearly and still refuse to act without verification, because the procedure does not allow voice alone to authorize the action.

A manufacturer that implements this workflow eliminates the deepfake CEO scam as an attack class. The attacker may still try; the workflow blunts the attempt before it reaches payout.

Best practices for executive-impersonation defense

Beyond the wire-transfer workflow:

1. Apply the workflow to all impersonation surfaces, not just wires. Vendor changes, payroll changes, password resets, badge issuance. Any high-impact action driven by an executive request runs through the same verification discipline.
2. Communicate the workflow upward. Executives know the workflow exists, support it publicly, do not request exceptions for their own requests. The CEO who asks the CFO to "just process this without the callback" undermines the entire defense.
3. Continuous adaptive simulation. Quarterly or more frequent voice-cloning simulation against the finance team (with prior authorization). The simulation keeps the verification habit reflexive.
4. Insurance alignment. The SEF endorsement covers the loss scenario; the policy's required procedures match the workflow. Mismatch produces claim denials.
5. Footprint reduction for high-risk executives. Cut high-volume public audio for CEOs at smaller manufacturers by a factor where feasible. The reduction does not eliminate the threat but raises the attacker's cost.
6. Multi-channel pretext awareness. Train finance team to recognize multi-channel pretexts: an email arrives, a call follows. The pattern is the signal; both channels can be cloned.
7. Document and review every executive-impersonation attempt. Every successful or attempted deepfake call (real or simulated) gets logged. The log informs ongoing program improvement and supports insurance documentation.

Deepfake CEO scam FAQs

Are deepfake video calls realistic enough to fool finance teams?

Yes, as of 2024-2026. The Arup case (early 2024) demonstrated that multi-person video deepfake calls can produce $25M wire transfers. The technology continues to improve. Video adds another layer of conviction over voice-only; the visual match further suppresses verification.

Does cyber insurance pay out for deepfake CEO scams?

Sometimes, depending on policy. Most deepfake-driven losses route through the social engineering fraud endorsement on cyber or crime policies. Coverage usually requires that the organization followed defined verification procedures; losses where the procedure was not followed are routinely denied. Confirm with the broker before an incident occurs. See What is social engineering fraud (SEF) coverage?.

How are deepfake CEO scams different from BEC?

BEC operates primarily through email; the attacker impersonates an executive in writing. Deepfake CEO scams add voice or video impersonation, often paired with the BEC email. The voice or video adds a verification step the recipient thinks they have performed but actually has not. See What is business email compromise (BEC)?.

Should we ban single-approver wire transfers entirely?

Above a defined threshold, yes. The threshold should reflect the organization's operational reality and risk tolerance. For most mid-market manufacturers, $10k to $25k is a reasonable threshold above which two-person approval is required. Below the threshold, single-approver workflow continues with documented callback verification.

How ARG tests deepfake-CEO resilience during audits

ARG tests deepfake-CEO resilience as part of the continuous engagement at clients who authorize voice-cloning simulation. The work is led by James Wall on infrastructure ARG controls, with executive sponsor authorization required before any voice-cloning testing begins.

The testing covers:

• Wire-transfer workflow validation. Simulated wire requests through email and voice channels, targeting finance and AP staff. The simulation measures whether the workflow catches the request before payout.
• Pretext rotation. Multiple pretext families rotated across rounds: known travel window, acquisition discussion, vendor pressure, regulatory deadline. The workforce does not see the same pretext twice.
• Multi-channel coordination. Some simulations pair an email lure with a voice follow-up; some run voice-only; some run voice plus a confirming text. The variety matches real-world attacker tradecraft.
• Help-desk MFA-reset variant. Voice cloning targeted at IT help desk rather than finance, testing the password-reset workflow.
• Pre-authorized challenge question testing. Where the client has implemented challenge questions, the simulation confirms whether the workforce uses them under pressure.

Findings consolidate into the monthly operational packet. Each round produces specific evidence: who refused the request, who escalated to verification, who would have processed the wire absent the workflow. The trend over rounds shows whether the workforce's verification habit is strengthening.

The output supports insurance underwriting renewal (carriers increasingly ask for evidence of deepfake-resilience testing) and CMMC compliance for the Awareness and Training family.

For founding clients who authorize voice-cloning simulation, deepfake-CEO testing is part of the monthly retainer alongside the other social-engineering channels.

Apply as a founding client or see how the engagement works for the full delivery cycle.