How to Protect Your Company From Deepfake Fraud

In 2024, a scammer used deepfake audio and video to impersonate Ferrari CEO Benedetto Vigna and attempted to authorize a wire transfer, reportedly tied to an acquisition. Ferrari never confirmed the amount, which rumors placed in the millions of euros.

The scheme failed when an executive assistant stopped it by asking a security question only the real CEO could answer.

This isn’t sci-fi. Deepfakes have jumped from political misinformation to corporate fraud. Ferrari foiled this one — but other companies haven’t been so lucky.

Executive deepfake attacks are no longer rare outliers. They’re strategic, scalable and surging. If your company hasn’t faced one yet, odds are it’s only a matter of time.

Related: Hackers Targeted a $12 Billion Cybersecurity Company With a Deepfake of Its CEO. Here’s Why Small Details Made It Unsuccessful.

How AI empowers imposters

You need less than three minutes of a CEO’s public video — and under $15 worth of software — to make a convincing deepfake.

With just a short YouTube clip, AI software can recreate a person’s face and voice in real time. No studio. No Hollywood budget. Just a laptop and someone ready to use it.

In Q1  2025, deepfake fraud cost an estimated $200 million globally, according to Resemble AI’s Q1 2025 Deepfake Incident Report. These are not pranks — they’re targeted heists hitting C‑suite wallets.

The biggest liability isn’t technical infrastructure; it’s trust.

Why the C‑suite is a prime target

Executives make easy targets because:

• They share earnings calls, webinars and LinkedIn videos that feed training data

• Their words carry weight — teams obey with little pushback

• They approve big payments fast, often without red flags

In a Deloitte poll from May 2024, 26% of execs said someone had tried a deepfake scam on their financial data in the past year.

Behind the scenes, these attacks often begin with stolen credentials harvested from malware infections. One criminal group develops the malware, another scours leaks for promising targets — company names, exec titles and email patterns.

Multivector engagement follows: text, email, social media chats — building familiarity and trust before a live video or voice deepfake seals the deal. The final stage? A faked order from the top and a wire transfer to nowhere.

Common attack tactics

Voice cloning:

In 2024, the U.S. saw over 845,000 imposter scams, according to data from the Federal Trade Commission. This shows that seconds of audio can make a convincing clone.

Attackers hide by using encrypted chats — WhatsApp or personal phones — to skirt IT controls.

One notable case: In 2021, a UAE bank manager got a call mimicking the regional director’s voice. He wired $35 million to a fraudster.

Live video deepfakes:

AI now enables real-time video impersonation, as nearly happened in the Ferrari case. The attacker created a synthetic video call of CEO Benedetto Vigna that nearly fooled staff.

Staged, multi-channel social engineering:

Attackers often build pretexts over time — fake recruiter emails, LinkedIn chats, calendar invites — before a call.

These tactics echo other scams like counterfeit ads: Criminals duplicate legitimate brand campaigns, then trick users onto fake landing pages to steal data or sell knockoffs. Users blame the real brand, compounding reputational damage.

Multivector trust-building works the same way in executive impersonation: Familiarity opens the door, and AI walks right through it.

Related: The Deepfake Threat is Real. Here Are 3 Ways to Protect Your Business

What if someone deepfakes the C‑suite

Ferrari came close to wiring funds after a live deepfake of their CEO. Only an assistant’s quick challenge about a personal security question stopped it. While no money was lost in this case, the incident raised concerns about how AI-enabled fraud might exploit executive workflows.

Other companies weren’t so lucky. In the UAE case above, a deepfaked phone call and forged documents led to a $35 million loss. Only $400,000 was later traced to U.S. accounts — the rest vanished. Law enforcement never identified the perpetrators.

A 2023 case involved a Beazley-insured company, where a finance director received a deepfaked WhatsApp video of the CEO. Over two weeks, they transferred $6 million to a bogus account in Hong Kong. While insurance helped recover the financial loss, the incident still disrupted operations and exposed critical vulnerabilities.

The shift from passive misinformation to active manipulation changes the game entirely. Deepfake attacks aren’t just threats to reputation or financial survival anymore — they directly undermine trust and operational integrity.

How to protect the C‑suite

• Audit public executive content.

• Limit unnecessary executive exposure in video/audio formats.

• Ask: Does the CFO need to be in every public webinar?

• Enforce multi-factor verification.

• Always verify high-risk requests through secondary channels — not just email or video. Avoid putting full trust in any one medium.

• Adopt AI-powered detection tools.

• Use tools that fight fire with fire by leveraging AI features for AI-generated fake content detection:

  • Photo analysis: Detects AI-generated images by spotting facial irregularities, lighting issues or visual inconsistencies

  • Video analysis: Flags deepfakes by examining unnatural movements, frame glitches and facial syncing errors

  • Voice analysis: Identifies synthetic speech by analyzing tone, cadence and voice pattern mismatches

  • Ad monitoring: Detects deepfake ads featuring AI-generated executive likenesses, fake endorsements or manipulated video/audio clips

  • Impersonation detection: Spots deepfakes by identifying mismatched voice, face or behavior patterns used to mimic real people

  • Fake support line detection: Identifies fraudulent customer service channels — including cloned phone numbers, spoofed websites or AI-run chatbots designed to impersonate real brands

But beware: Criminals use AI too and often move faster. At the moment, criminals are using more advanced AI in their attacks than we are using in our defense systems.

Strategies that are all about preventative technology are likely to fail — attackers will always find ways in. Thorough personnel training is just as crucial as technology is to catch deepfakes and social engineering and to thwart attacks.

Train with realistic simulations:

Use simulated phishing and deepfake drills to test your team. For example, some security platforms now simulate deepfake-based attacks to train employees and flag vulnerabilities to AI-generated content.

Just as we train AI using the best data, the same applies to humans: Gather realistic samples, simulate real deepfake attacks and measure responses.

Develop an incident response playbook:

Create an incident response plan with clear roles and escalation steps. Test it regularly — don’t wait until you need it. Data leaks and AI-powered attacks can’t be fully prevented. But with the right tools and training, you can stop impersonation before it becomes infiltration.

Related: Jack Dorsey Says It Will Soon Be ‘Impossible to Tell’ if Deepfakes Are Real: ‘Like You’re in a Simulation’

Trust is the new attack vector

Deepfake fraud isn’t just clever code; it hits where it hurts — your trust.

When an attacker mimics the CEO’s face or voice, they don’t just wear a mask. They seize the very authority that keeps your company running. In an age where voice and video can be forged in seconds, trust must be earned — and verified — every time.

Don’t just upgrade your firewalls and test your systems. Train your people. Review your public-facing content. A trusted voice can still be a threat — pause and confirm.