Criminals are using AI to clone voices and create fake videos. CEO fraud is more dangerous than ever. Here's what you need to know to protect your business.
In early 2025, the CFO of a European company received a video call from his CEO. The CEO urgently requested a large transfer, confidential, fast. The CFO completed the transfer. The problem: the CEO was fake. It was a deepfake generated by AI. The damage: over 400,000 euros.
This is no longer science fiction. It is happening now, including at SMEs in the Netherlands.
Deepfake fraud is a form of scam in which criminals use AI to clone voices, copy faces in real-time video calls, and generate personalised phishing messages that sound as if they come from someone inside your organisation.
The technology is cheap and accessible. Tools that cost thousands of euros a year ago are now freely available.
The criminal gathers information: who is the CEO, who is the CFO, what tone do they use in communication? LinkedIn, YouTube, and the company website are more than enough.
A voice copy is made from publicly available audio. For video, photos or video clips from social media or the company site are used.
The CFO receives a message, phone call, or even a video call from the CEO. There is time pressure: 'This needs to be arranged today, I am in a meeting.'
The employee, convinced of the authenticity, completes the transfer or shares sensitive login credentials.
Large companies have security teams, strict processes, and multiple approval layers. SMEs often do not have that luxury. A single employee can authorise a payment, there are fewer checks, and personal relationships are closer, making people more trusting.
No transfer above a certain amount without a second verification step via a different channel. Did the CEO call via WhatsApp? Call back on the fixed number.
One alert employee can stop an attack. Make sure everyone knows how deepfake fraud works and that time pressure is a red flag, not a reason to act quickly.
MFA makes stealing login credentials via phishing far less effective. Enable it for all business accounts: email, Microsoft 365, accounting software.
How much audio and video of your director is available online? Consider which recordings are public and whether that is necessary.
What do you do if you think you have been attacked? Who do you call? How quickly can you have a payment blocked? Make sure this is established in advance.
AI makes life easier, for you, but also for criminals. Deepfake fraud is not a future threat; it is today's reality. The businesses that take this seriously and adapt their processes are the ones that will not be left with a large damage bill.
Want to know how vulnerable your business is and what you can do? Zarioh helps SMEs improve their digital resilience, from policy to technical measures. Schedule a conversation and we will go through it together.
