Organization and team
CEO fraud in the age of voice cloning
Wire fraud no longer needs to copy an email. It copies your voice, and soon your face on a video call. Why detection is a dead end, and which procedure actually stops a payment.
Last reviewed:
A fraudulent transfer rarely begins with a breach. It begins with a call that everyone finds normal.
CEO fraud is nothing new. A fake executive, an urgent transfer, an accountant who acts before thinking: fraudsters have been exploiting this scheme for years. What has changed is that they no longer need to imitate a signature or an email style. They imitate the voice. And on a video call, the face.
Most companies respond by asking their teams to listen more carefully. That is the wrong answer, and it is costly.
What the known cases tell us
First documented case, 2019. The director of a British subsidiary takes a call from his boss, the CEO of the German parent company. The voice is right: the accent, the rhythm, down to the cadence of a German speaking English. He is asked to wire 220,000 euros to a Hungarian supplier, quickly. He complies. The voice was synthetic, trained on publicly available recordings of the executive. The money passed through Hungary, then Mexico, and never came back. The detail that matters: the victim recognisedAI synthesis of a human voice from an audio sample, producing convincing fake recordings. the voice. He was not tricked by an approximate clone. He heard his boss.
2024, Hong Kong. An employee at engineering firm Arup receives an email that puzzles him: a confidential transaction, signed by the CFO. He suspects a trapSocial engineering attack pushing targets to disclose credentials or execute code., good instinct. To reassure him, he is invited to a video conference. The CFO is there on screen, surrounded by colleagues he recognises. All are fake. DeepfakesAI-generated synthetic media (image, video, voice) imitating a real person. built from public images. The video call swept away, in a few minutes, the suspicion the email had raised. Fifteen transfers later, the company had lost 25 million dollars. The fraud was only discovered by reconciling with headquarters.
July 2024. A Ferrari executive receives messages, then a call from CEO Benedetto Vigna. The voice holds up, the Southern accent is there, the tone is pressing, the matter confidential. The executive doubts and asks a simple question: the title of the book Vigna had just recommended to him. Silence on the line. The fraudster hangs up. No tool detected anything. A question only the real Vigna could answer was enough.
Why detection will not save you
The temptation is to treat synthetic voice the way spam was treated: spot the weak signals, deploy tools that analyse audio grain, train teams to catch the artefact. This response reassures because it resembles something familiar. It does not work.
Clones are already too good for the ear. The 2019 executive heard his boss’s accent and vocal melody, and wired the money anyway. A detection tool ages in reverse: every advance by the generators makes it a little blinder, and those advances outpace your software procurement cycles. You would be running a losing race.
Worse, training people to “recognise a deepfake” produces the opposite of the intended effect. You create employees who are falsely confident, convinced they would spot the fake. Those are the easiest to deceive.
What actually stops a payment
The defence is not about perception. It is about procedure, and it costs almost nothing.
A payment instruction is never validated on the strength of the channel through which it arrives. Someone calls, writes, leaves a voice message: the request is called back on a number already on file, from the internal directory, never the number that just contacted you or the one provided in the message. If the person cannot be reached on their usual number, the request waits.
Above a threshold, a transfer requires two independent validations, by two people, on two channels. This rule tolerates no exception, least of all urgency, least of all confidentiality.
Urgency and secrecy are not circumstances. They are the fraudster’s two tools.
He needs you to act fast and alone. A procedure that dissolves the moment someone says “it’s urgent and this stays between us” is not a procedure, it is a courtesy.
Add a verification question agreed in advance, offline, between the people who authorise payments. Not a password stored in a file. A question whose answer exists nowhere. That is what saved Ferrari.
If you are in charge
You are the raw material. Your conference talks, your podcasts, your earnings presentations, your LinkedIn videos: hours of clean audio to train a clone of your voice. You cannot, and should not, stop being visible. That is not the problem to solve.
The problem is that in many organisations “it came from the boss” is still enough to release a payment. As long as that is true, your public exposure is a direct vulnerability. The only decision that matters, and you are the only one who can impose it on finance, is to make your voice insufficient. So that no one authorises anything solely on the grounds that it sounded like you. The day your voice no longer counts as a signature, you can speak in public as much as you like.
Angle de lecture
The same mechanism targets you in your private life: a call from “your bank”, or from a relative in distress whose voice was cloned from a story posted online. The defence is identical. You hang up and call back on the official number, the one on the back of your card, the one already in your phone. Agree with your household on a word that no one else knows, to ask in case of doubt. You can also report attempts to Action Fraud (UK: actionfraud.police.uk) or the FBI Internet Crime Complaint Center (US: ic3.gov).
Your role is not to buy a deepfake detector. It is to write the payment procedure, set the dual-validation threshold, and train the finance team not to recognise a voice, but to apply the known-channel callback without hesitation, including when the CEO himself is impatient on the line. Put it to the test with a simulation. You will quickly see who caves under pressure.
Your voice is already out there, in the clear, everywhere. Protecting it is a losing cause. Make it useless as an authorisation method: no payment on your word alone, whatever the channel, whatever the urgency. That is a rule you must demand, and one you follow first.
What to put in place
- N1 Executives' and financial partners' numbers are stored in advance. You call those numbers back, never the one that just called.
- N1 Any payment above a written threshold requires two independent validations, on two channels.
- N1 A verification question is agreed offline between the people who authorise payments.
- N2 The procedure explicitly forbids exceptions for reasons of urgency or confidentiality.
- N3 A simulation exercise is run at least once a year, including the executive.
Sources
- MIT Sloan, on the 2019 case and voice cloning (opens in a new tab)
- Sophos, first known case of cloned voice (2019) (opens in a new tab)
- CNN, the Arup case (25.6 M$, Hong Kong) (opens in a new tab)
- Fortune, the Arup case (opens in a new tab)
- Fortune, the foiled Ferrari attempt (opens in a new tab)
- MIT Sloan Management Review, how Ferrari foiled the deepfake (opens in a new tab)