Deepfake and CEO Fraud: How to Defend Your Company Against AI Voice Scams
9 min read · AstraLoop Studio
It's an ordinary morning. The head of administration at a manufacturing SME near Bergamo, Italy, picks up the phone. On the other end is the voice of the CFO. She knows it well, she's worked alongside him for years: the tone, the cadence, the way he clips his sentences. The "CFO" explains there's a confidential deal underway, an urgent payment to a new supplier that has to close before lunch, and asks her to process a wire transfer right away. She does. The result: €28,000 transferred to an account controlled by scammers. The CFO had never made that call. His voice had been cloned by AI.
This isn't an isolated case, and it isn't a headline exaggeration. In Italy, fraud attempts based on audio deepfakes (so-called vishing, or voice phishing) have grown by more than 300% compared to 2023. The technology needed to clone a convincing voice is now cheap, accessible, and needs only a few seconds of audio: a LinkedIn video, a podcast, an old interview, a voice note. If you run a business or manage its finances, this is the scam you should worry about most in 2026. Why? Because it doesn't attack your firewalls. It attacks your people.

What "CEO fraud" is, and why deepfakes make it lethal
CEO fraud (also known as Business Email Compromise, BEC) has been around for years. The classic scheme is simple: a scammer impersonates an executive and, leaning on authority and urgency, convinces someone in finance to send a payment to a fraudulent account. Until recently the attack travelled by email, from a spoofed sender or a domain that looked almost identical to the real one (say, company-Itd.com instead of companyltd.com).
The voice deepfake changes the rules for one precise reason: it dismantles psychological defenses. A suspicious email can be re-read, checked, forwarded to a colleague. A phone call where you recognize your boss's voice triggers an automatic reflex of trust and compliance instead. The moment you hear that familiar tone, your brain stops asking the right questions. That bias is exactly what the scammer is banking on.
The ingredients of a cloned-voice vishing attack are almost always the same, and spotting them is the first line of defense:
- Authority: the caller (or writer) outranks you. CEO, CFO, owner, partner.
- Manufactured urgency: "it has to happen now", "within the hour", "before the bank closes". The goal is to stop you from thinking it through.
- Confidentiality: "don't mention this to anyone else", "this is a confidential matter". It isolates you and blocks cross-checking.
- A changed channel or account: a new IBAN, a supplier you've never heard of, a request that bypasses your usual procedures.
When three or four of these signals show up together, you're not looking at a legitimate request. You're being manipulated. And the fact that the voice sounds right doesn't change that conclusion — it's precisely the bait.
How voice cloning actually works
Understanding the mechanism helps strip away the sense of magic. Modern voice-synthesis models (voice cloning) learn a voice's characteristics — timbre, intonation, rhythm, accent — from an audio sample. The most advanced systems today produce a convincing result from under a minute of recording, and in some cases just a few seconds.
Where do those seconds come from? Anywhere you've ever put your voice in public:
- Corporate videos, webinars, interviews posted on YouTube or LinkedIn
- Podcasts or social media livestreams
- WhatsApp voice notes that got forwarded or intercepted
- An initial phone call where the scammer gets you talking (maybe posing as a survey) purely to record you
Once a voice is cloned, the attacker can make it say almost anything, in real time or close to it. In the more sophisticated versions, the audio deepfake is paired with phone number spoofing (the executive's real number shows up on the display) and with information gathered in advance: supplier names, typical amounts, ongoing projects. The result is a call that gets past every instinctive check. This kind of attack belongs to the broader category of AI-powered threats we cover in our guide to cybersecurity audits for SMEs.
The defense, then, can't be a purely technical one. There's still no reliable tool that flags a synthetic voice for you in real time on a call. The defense is procedural and organizational: building barriers that don't rely on recognizing a voice.

The verification steps that stop the scam
The good news is that cloned-voice vishing is neutralized with simple, near-zero-cost countermeasures that any company can adopt starting tomorrow. There's one guiding principle: no payment goes out based on a single request received over a single channel, no matter how convincing the voice sounds.
1. The secondary-channel rule (callback)
Any request for an urgent payment, an IBAN change, or an off-procedure operation must be verified by calling the person back on a number you already have on file, not the one the call came from. If the "CFO" phones asking for a wire transfer, hang up and call him back on the mobile number in your contacts. If it's really him, he'll confirm in ten seconds. If it's a deepfake, the attack stops right there.
2. An internal passphrase
Agree on a security word or phrase with your key staff, shared only in person and never written in an email or chat message. To authorize a sensitive operation by phone, the caller has to provide it. An AI that has cloned the owner's voice doesn't know the passphrase agreed on verbally in a meeting.
3. Dual sign-off on payments
No wire transfer above a certain threshold (you set it: €2,000, €5,000, €10,000) goes out on one person's authorization alone. A second approver, on a different channel, has to sign off too. It's the same logic as a two-key system: it dramatically raises the bar for the attacker, who would need to deceive two people at the same time.
4. The employee's "right to doubt"
This is the most underrated point, and also the most important one. Many scams succeed because an employee had a doubt but didn't dare question the boss. State explicitly, in writing, that no one will ever be reprimanded for slowing down a payment in order to verify it, even when the request turns out to have been genuine and urgent. Removing hierarchical pressure is the decisive psychological countermeasure.
5. Targeted training, not generic training
Simulations make the difference. Explaining what a deepfake is in words is one thing; letting the team hear an example of a cloned voice and seeing how convincing it is is another. Awareness is built through direct experience, not an internal memo. It's worth folding this topic into your broader AI training for employees: the same team that uses AI productively needs to know how AI is being used against them.
Here's the countermeasure checklist in one table:
| Warning sign | Countermeasure |
|---|---|
| Urgent payment request | Callback to a known number already on file |
| Supplier's IBAN changes | Written verification plus a call to the supplier's historic contact |
| "Confidential, don't tell anyone" operation | Cross-check with a second approver |
| An authoritative voice on the phone | Internal passphrase agreed verbally in advance |
| Large amount | Mandatory dual sign-off above threshold |
Want to know if your company is exposed to this kind of fraud, and whether your procedures would hold up? Request a risk assessment: we'll look together at payments, training, and insurance coverage.
The link to GDPR, NIS2, and leadership liability
Defending against vishing isn't just about the money lost. It has regulatory implications that, in 2026, land squarely on the shoulders of company leadership.
The NIS2 Directive (transposed into Italian law via Legislative Decree 138/2024) brings baseline measures to their operational deadline during 2026 and, something often overlooked, shifts cybersecurity accountability directly onto CEOs and boards: it's no longer something that can be fully delegated to IT. If your company falls within scope, training staff against social engineering isn't optional — it's part of your risk-management obligations. To check whether it applies to you, we've laid out the scope in our deep dive on whether NIS2 applies to your company and the 2026 deadlines to put on your calendar.
On the data-protection side, a successful attack often also triggers a data breach. If the scammers accessed personal data (of customers, employees, or suppliers) to build the deception, or if the incident exposed such data, obligations toward the Italian Data Protection Authority kick in. It pays to know in advance what to do, because the 72-hour notification deadline leaves no room to improvise.
The AI Act (EU Regulation 2024/1689) also enters its most consequential operational phase on August 2, 2026, with oversight in Italy handled by the ACN. Deepfakes are explicitly addressed in the regulation, in the form of transparency obligations for synthetic content. But on the offensive side, protection is still on you: the law penalizes whoever produces deceptive deepfakes — it doesn't hand you back the €28,000 if you fell for one.
Cyber insurance: the last safety net, if it actually covers AI fraud
Procedural countermeasures cut the risk drastically, but not to zero. That's why interest in cyber insurance is growing — and here's a detail many discover too late: not every policy covers CEO fraud and social engineering. Several standard "cyber" policies reimburse damage from a technical attack (ransomware, system breach) but exclude losses where an employee voluntarily authorized the transfer, because technically no system was breached.
If you're weighing a policy, ask your broker to confirm these points explicitly:
- Whether there's a specific Social Engineering Fraud / CEO fraud extension (often sold as a dedicated add-on).
- Whether damage from audio and video deepfakes is covered, spelled out in writing in the terms.
- The minimum security requirements the insurer demands (callback procedures, dual sign-off, training): without them, the policy may not pay out.
This is where security audits and insurability meet. Today, insurers ask for proof of active baseline controls before issuing or renewing a cyber policy at reasonable terms. A well-executed audit doesn't just protect you — it makes your company insurable and lowers your premium. If you want to frame the full cost of the risk, from direct damage to the value of prevention, our analysis on the real cost of a data breach for an SME has the numbers.
A risk that's growing, not a one-off scare
The context data leaves no room for complacency. The 2026 Clusit Report places Italy at around 10% of incidents worldwide, with SMEs making up the majority of targets and a significant rise in severe attacks. AI-powered vishing is the sharpest edge of that trend, because it scales effortlessly: cloning a voice costs almost nothing, and the same "kit" lets a scammer target dozens of companies.
The effective defense isn't buying yet another piece of software. It's rethinking how your organization authorizes payments and handles sensitive requests, training people to be skeptical by procedure rather than by instinct, and making sure your insurance coverage actually speaks the language of AI-driven fraud. These are low-cost interventions with an enormous payoff: that €28,000 the Italian SME lost would have funded years of training and controls.
Frequently asked questions
How many seconds of audio does it take to clone a voice?
The most advanced voice-cloning systems today produce a convincing result from under a minute of recording, and in some cases just a few seconds are enough. Typical sources are LinkedIn videos, podcasts, interviews, or voice notes. That's exactly why you can't rely on recognizing a voice as your only defense.
How can I tell if I'm talking to a cloned voice on the phone?
Don't trust your ear: the latest synthetic voices are extremely hard to distinguish. Rely on procedure instead: hang up and call the person back on a number already in your contacts, ask for the agreed internal passphrase, or push the operation to written verification. An attacker can't get past a callback to a known number.
Does my insurance policy cover deepfake CEO fraud?
Not automatically. Many standard cyber policies exclude social engineering, because the transfer was voluntarily authorized by an employee and no system was actually breached. Check with your broker whether there's a specific 'Social Engineering Fraud' or 'CEO fraud' extension and whether damage from deepfakes is explicitly covered.
Does NIS2 require me to train employees against vishing?
If your company falls within NIS2 scope (Legislative Decree 138/2024), training and managing social-engineering risk are part of your obligations, and accountability falls directly on the CEO and board, not just IT. Check the scope of application to see whether it applies to you.
What's the most effective, zero-cost countermeasure?
The secondary-channel rule: no urgent payment or IBAN change goes out without verification on a number already on file, different from the one the call came from. Combined with dual sign-off above a threshold and the employee's 'right to doubt', it neutralizes almost every vishing attempt.
What should I do immediately if I've already sent a fraudulent transfer?
Act within minutes: contact your bank immediately to attempt a recall of the transfer, file a police report, and assess whether the incident counts as a data breach that must be reported to the Data Protection Authority within 72 hours. The faster you act, the better your odds of stopping the transfer.
Talk to us: we'll review your payment-verification procedures and tell you exactly where to tighten up, so your company becomes hard to scam (and easy to insure).